Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Cf8_Rfmwa4iJHb4E3LUBNp7SM2Q.roa
File:                     Cf8_Rfmwa4iJHb4E3LUBNp7SM2Q.roa (raw, json)
Hash identifier:          y+v1/CaKl1KQ5ODEfPAvpbgkxctFCEEzzcty/W/hLac=
Subject key identifier:   09:FF:3F:45:F9:B0:6B:88:89:1D:BE:04:DC:B5:01:36:9E:D2:33:64
Certificate issuer:       /CN=4eae6f524eed0f73c849b0643827b80e37c46c71
Certificate serial:       018CC7933244CE623814737E3700FECE74AE
Authority key identifier: 4E:AE:6F:52:4E:ED:0F:73:C8:49:B0:64:38:27:B8:0E:37:C4:6C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq5vUk7tD3PISbBkOCe4DjfEbHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Cf8_Rfmwa4iJHb4E3LUBNp7SM2Q.roa
Signing time:             Tue 02 Jan 2024 00:29:21 +0000
ROA not before:           Tue 02 Jan 2024 00:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201401
IP address blocks:        185.168.200.0/22 maxlen: 22
                          2a0a:1d00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Tq5vUk7tD3PISbBkOCe4DjfEbHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Tq5vUk7tD3PISbBkOCe4DjfEbHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq5vUk7tD3PISbBkOCe4DjfEbHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:32:44:ce:62:38:14:73:7e:37:00:fe:ce:74:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eae6f524eed0f73c849b0643827b80e37c46c71
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09ff3f45f9b06b88891dbe04dcb501369ed23364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:af:07:ae:8b:63:7d:b8:9f:8b:dc:a1:36:40:
                    bf:a1:01:46:dd:1d:b7:ab:27:13:0e:82:8f:a0:c4:
                    c4:a7:a1:fd:50:fb:19:92:c3:88:77:1d:8a:a8:90:
                    44:bc:34:f8:81:71:ad:69:bb:ac:cb:67:60:cb:d2:
                    ba:b4:f2:03:f1:1b:29:b9:c0:77:eb:19:21:e3:6d:
                    20:9a:2e:1d:66:f7:65:49:1b:5c:92:d5:fe:b6:28:
                    ae:ca:ef:88:a2:22:5b:55:8e:cd:92:12:f0:31:75:
                    1c:d0:f4:12:b7:dd:26:5a:ab:52:de:0e:1b:0f:61:
                    c0:11:3d:f6:ce:36:09:bb:7b:97:b1:b3:af:38:d6:
                    86:a9:b5:09:56:46:0f:c1:f5:82:2d:dd:43:2c:90:
                    7e:36:43:55:38:4c:53:ad:28:d8:fd:a8:88:4d:65:
                    14:78:74:fa:b5:88:36:6b:14:61:24:a8:1c:ed:bf:
                    c5:70:6f:3c:bb:d4:89:d7:e4:83:80:38:f2:3e:ef:
                    cd:ac:0b:df:6e:1a:3e:57:e6:fa:9f:56:e0:74:81:
                    06:a7:1c:be:65:9c:66:ed:ba:75:18:96:30:d9:57:
                    c9:f9:ed:a1:b1:61:88:19:2d:88:4f:44:34:fe:ce:
                    be:ce:bd:66:58:9d:35:b7:5d:81:86:bc:7a:be:f4:
                    d6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FF:3F:45:F9:B0:6B:88:89:1D:BE:04:DC:B5:01:36:9E:D2:33:64
            X509v3 Authority Key Identifier:
                keyid:4E:AE:6F:52:4E:ED:0F:73:C8:49:B0:64:38:27:B8:0E:37:C4:6C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq5vUk7tD3PISbBkOCe4DjfEbHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Cf8_Rfmwa4iJHb4E3LUBNp7SM2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ed384e-9949-4cc0-8a37-3bb2cd80a2c9/1/Tq5vUk7tD3PISbBkOCe4DjfEbHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.200.0/22
                IPv6:
                  2a0a:1d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:5f:d9:40:ea:1a:01:bc:be:30:55:90:49:d1:44:fa:9e:8a:
         58:25:3d:63:12:e3:8b:f7:34:d4:0c:1a:a8:82:18:9a:da:0c:
         2b:f9:a0:25:e9:82:fc:6e:8e:19:de:20:7c:7c:8c:3b:41:16:
         93:58:48:59:47:b4:8e:99:8b:52:29:c0:67:d3:26:aa:83:b1:
         6c:4d:42:dd:46:c7:94:18:b7:ee:96:16:8d:ee:c8:e4:ff:39:
         92:5c:c4:8f:5f:43:e1:59:69:b8:13:2f:d1:f6:f0:bd:10:91:
         81:28:c9:35:2c:84:09:40:e4:4a:94:d2:89:41:d5:af:8d:1e:
         7c:c7:9f:09:22:58:95:c0:b3:36:1e:ec:0b:6a:04:e9:c2:b4:
         45:63:af:39:e2:89:66:bb:63:4e:1e:70:e7:3d:b7:36:7f:9a:
         35:9d:38:20:9d:fa:20:fb:9f:60:15:2d:98:27:e4:d5:22:f8:
         74:1f:3b:fe:09:11:28:f3:7f:2f:88:b3:5c:80:19:07:90:97:
         57:d6:67:e9:49:ae:ce:c5:6e:2e:9e:c4:33:ff:9d:af:95:84:
         83:bc:3d:5f:bf:7f:db:33:24:9f:8f:06:e9:95:56:22:79:6a:
         a9:66:b3:f5:a0:09:83:64:8a:8c:3a:68:64:7d:61:9d:05:b1:
         fc:c8:0b:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHkzJEzmI4FHN+NwD+znSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWU2ZjUyNGVlZDBmNzNjODQ5YjA2NDM4MjdiODBlMzdj
NDZjNzEwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWZmM2Y0NWY5YjA2Yjg4ODkxZGJlMDRkY2I1MDEzNjllZDIzMzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxK8Hrotjfbifi9yhNkC/oQFG3R23
qycTDoKPoMTEp6H9UPsZksOIdx2KqJBEvDT4gXGtabusy2dgy9K6tPID8RspucB3
6xkh420gmi4dZvdlSRtcktX+tiiuyu+IoiJbVY7NkhLwMXUc0PQSt90mWqtS3g4b
D2HAET32zjYJu3uXsbOvONaGqbUJVkYPwfWCLd1DLJB+NkNVOExTrSjY/aiITWUU
eHT6tYg2axRhJKgc7b/FcG88u9SJ1+SDgDjyPu/NrAvfbho+V+b6n1bgdIEGpxy+
ZZxm7bp1GJYw2VfJ+e2hsWGIGS2IT0Q0/s6+zr1mWJ01t12Bhrx6vvTW3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAn/P0X5sGuIiR2+BNy1ATae0jNkMB8GA1UdIwQY
MBaAFE6ub1JO7Q9zyEmwZDgnuA43xGxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE1dlVrN3REM1BJU2JCa09DZTREamZFYkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lZDM4NGUtOTk0OS00Y2MwLThhMzct
M2JiMmNkODBhMmM5LzEvQ2Y4X1JmbXdhNGlKSGI0RTNMVUJOcDdTTTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lZDM4NGUtOTk0OS00Y2MwLThhMzctM2JiMmNkODBhMmM5
LzEvVHE1dlVrN3REM1BJU2JCa09DZTREamZFYkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuajIMA0E
AgACMAcDBQAqCh0AMA0GCSqGSIb3DQEBCwUAA4IBAQCqX9lA6hoBvL4wVZBJ0UT6
nopYJT1jEuOL9zTUDBqoghia2gwr+aAl6YL8bo4Z3iB8fIw7QRaTWEhZR7SOmYtS
KcBn0yaqg7FsTULdRseUGLfulhaN7sjk/zmSXMSPX0PhWWm4Ey/R9vC9EJGBKMk1
LIQJQORKlNKJQdWvjR58x58JIliVwLM2HuwLagTpwrRFY6854olmu2NOHnDnPbc2
f5o1nTggnfog+59gFS2YJ+TVIvh0Hzv+CREo838viLNcgBkHkJdX1mfpSa7OxW4u
nsQz/52vlYSDvD1fv3/bMySfjwbplVYieWqpZrP1oAmDZIqMOmhkfWGdBbH8yAsJ
-----END CERTIFICATE-----