Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/4eUyGcSx9isgGd2OoudEPMH8W5I.roa
File:                     4eUyGcSx9isgGd2OoudEPMH8W5I.roa (raw, json)
Hash identifier:          /1nMToACR/MVgMHMLx+MvGKsQZb9qTzwbq4wZeiG/wk=
Subject key identifier:   E1:E5:32:19:C4:B1:F6:2B:20:19:DD:8E:A2:E7:44:3C:C1:FC:5B:92
Certificate issuer:       /CN=9f5d5b7f792644ff7072a43acc9c865194be4adc
Certificate serial:       018CC49391A47AD014E8A39F5E948D4B0CB9
Authority key identifier: 9F:5D:5B:7F:79:26:44:FF:70:72:A4:3A:CC:9C:86:51:94:BE:4A:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n11bf3kmRP9wcqQ6zJyGUZS-Stw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/4eUyGcSx9isgGd2OoudEPMH8W5I.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34766
IP address blocks:        185.138.56.0/22 maxlen: 22
                          2a07:a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/n11bf3kmRP9wcqQ6zJyGUZS-Stw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/n11bf3kmRP9wcqQ6zJyGUZS-Stw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n11bf3kmRP9wcqQ6zJyGUZS-Stw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:91:a4:7a:d0:14:e8:a3:9f:5e:94:8d:4b:0c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f5d5b7f792644ff7072a43acc9c865194be4adc
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1e53219c4b1f62b2019dd8ea2e7443cc1fc5b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:79:d4:cf:21:4b:bf:5a:72:37:34:77:6e:c6:
                    5f:d3:e9:8e:4b:fd:80:75:0b:83:21:40:4a:e8:a7:
                    7e:00:c7:86:67:77:3c:63:26:ee:5d:dd:2e:2f:bb:
                    9e:4d:4c:00:81:c2:94:09:02:46:38:09:e7:7c:a8:
                    ff:7d:b4:30:e5:5f:99:ab:82:90:96:b4:d8:f7:a4:
                    a0:bd:5c:87:ee:6e:a0:a9:a0:e9:45:64:26:64:a7:
                    c5:b9:30:27:94:8d:ad:db:81:13:3c:d5:72:a8:47:
                    7a:05:60:76:24:e3:3e:ba:06:94:11:de:12:48:20:
                    89:c6:b9:54:c6:3a:64:b3:5d:12:f7:c0:9c:97:10:
                    43:8c:5e:dc:ec:9a:79:a7:90:51:cb:f2:40:f8:51:
                    b0:bb:fb:11:b7:f9:d3:79:1d:6a:05:b6:bc:00:61:
                    d2:b3:57:a3:97:c0:b1:7d:6a:47:78:04:0a:c0:3c:
                    dd:f0:37:cf:2d:36:ca:ee:9e:4d:a0:5d:b8:2c:08:
                    ca:74:e6:cb:cb:ce:5e:7d:ff:da:7f:3b:29:2a:b2:
                    c1:b2:02:ff:ed:c1:56:68:a7:e5:f5:da:1f:19:bc:
                    15:b6:46:00:17:9e:45:ef:33:25:fa:53:ff:d5:6e:
                    73:56:3a:04:d0:e0:a1:41:a8:16:23:be:95:f2:5f:
                    14:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E5:32:19:C4:B1:F6:2B:20:19:DD:8E:A2:E7:44:3C:C1:FC:5B:92
            X509v3 Authority Key Identifier:
                keyid:9F:5D:5B:7F:79:26:44:FF:70:72:A4:3A:CC:9C:86:51:94:BE:4A:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n11bf3kmRP9wcqQ6zJyGUZS-Stw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/4eUyGcSx9isgGd2OoudEPMH8W5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4a7901-85d8-43ea-adb2-799910c1545f/1/n11bf3kmRP9wcqQ6zJyGUZS-Stw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.56.0/22
                IPv6:
                  2a07:a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:bb:98:0f:e2:1d:a9:27:1f:53:e1:86:04:bf:c5:58:f2:36:
         92:4c:49:a4:86:50:11:17:95:22:db:e0:d2:9a:8c:86:3f:d8:
         21:e7:69:43:6e:82:2e:f4:d6:23:39:38:95:99:f3:65:84:e6:
         77:28:22:e3:f2:2e:d7:12:d4:2f:b4:d2:c4:cb:c9:bd:51:66:
         eb:60:00:c9:20:2d:08:bb:29:18:3c:2a:e3:a0:51:89:e6:33:
         d9:4b:71:fa:18:61:cd:a9:95:09:97:56:79:f1:68:4d:8a:88:
         4c:a4:09:ef:d7:4b:d3:ed:b9:c7:f4:0b:de:5f:74:06:29:b1:
         6b:82:18:6f:4c:90:5c:d5:3f:f9:d1:ec:00:a0:7b:00:bf:20:
         74:99:9b:6a:b9:6d:33:92:be:fd:03:dd:88:c2:2d:fa:d5:d7:
         b6:c9:65:64:5d:b8:12:7c:b3:27:15:7f:00:ff:cf:0c:c1:d0:
         53:04:75:79:15:e5:ca:67:7f:70:09:c5:6b:2e:4c:f0:98:a1:
         b7:43:3f:02:62:37:bc:46:17:9e:5a:46:58:d2:e2:b2:e4:df:
         02:a4:57:96:c7:4d:59:62:ac:d0:41:18:3e:00:da:6e:0c:c8:
         50:13:ca:df:1d:02:c2:4a:17:4a:57:21:b2:ae:09:c1:9e:15:
         7e:5d:17:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk5GketAU6KOfXpSNSwy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNWQ1YjdmNzkyNjQ0ZmY3MDcyYTQzYWNjOWM4NjUxOTRi
ZTRhZGMwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWU1MzIxOWM0YjFmNjJiMjAxOWRkOGVhMmU3NDQzY2MxZmM1YjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnnUzyFLv1pyNzR3bsZf0+mOS/2A
dQuDIUBK6Kd+AMeGZ3c8YybuXd0uL7ueTUwAgcKUCQJGOAnnfKj/fbQw5V+Zq4KQ
lrTY96SgvVyH7m6gqaDpRWQmZKfFuTAnlI2t24ETPNVyqEd6BWB2JOM+ugaUEd4S
SCCJxrlUxjpks10S98CclxBDjF7c7Jp5p5BRy/JA+FGwu/sRt/nTeR1qBba8AGHS
s1ejl8CxfWpHeAQKwDzd8DfPLTbK7p5NoF24LAjKdObLy85eff/afzspKrLBsgL/
7cFWaKfl9dofGbwVtkYAF55F7zMl+lP/1W5zVjoE0OChQagWI76V8l8UJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOHlMhnEsfYrIBndjqLnRDzB/FuSMB8GA1UdIwQY
MBaAFJ9dW395JkT/cHKkOsychlGUvkrcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjExYmYza21SUDl3Y3FRNnpKeUdVWlMtU3R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80YTc5MDEtODVkOC00M2VhLWFkYjIt
Nzk5OTEwYzE1NDVmLzEvNGVVeUdjU3g5aXNnR2QyT291ZEVQTUg4VzVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80YTc5MDEtODVkOC00M2VhLWFkYjItNzk5OTEwYzE1NDVm
LzEvbjExYmYza21SUDl3Y3FRNnpKeUdVWlMtU3R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYo4MA0E
AgACMAcDBQMqBwqAMA0GCSqGSIb3DQEBCwUAA4IBAQBju5gP4h2pJx9T4YYEv8VY
8jaSTEmkhlARF5Ui2+DSmoyGP9gh52lDboIu9NYjOTiVmfNlhOZ3KCLj8i7XEtQv
tNLEy8m9UWbrYADJIC0IuykYPCrjoFGJ5jPZS3H6GGHNqZUJl1Z58WhNiohMpAnv
10vT7bnH9AveX3QGKbFrghhvTJBc1T/50ewAoHsAvyB0mZtquW0zkr79A92Iwi36
1de2yWVkXbgSfLMnFX8A/88MwdBTBHV5FeXKZ39wCcVrLkzwmKG3Qz8CYje8Rhee
WkZY0uKy5N8CpFeWx01ZYqzQQRg+ANpuDMhQE8rfHQLCShdKVyGyrgnBnhV+XRfU
-----END CERTIFICATE-----