Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/BRrVkQDAHqSsV33Q-TZyhLkAGQw.roa
File:                     BRrVkQDAHqSsV33Q-TZyhLkAGQw.roa (raw, json)
Hash identifier:          krkQ6wfsbveFzQzORMNdcVAQz8A1BXZOKr6M02yGyHE=
Subject key identifier:   05:1A:D5:91:00:C0:1E:A4:AC:57:7D:D0:F9:36:72:84:B9:00:19:0C
Certificate issuer:       /CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
Certificate serial:       018CC8013B8A3E23814BEC24838F57D732F9
Authority key identifier: 4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/BRrVkQDAHqSsV33Q-TZyhLkAGQw.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209400
IP address blocks:        94.199.208.0/22 maxlen: 22
                          185.38.40.0/22 maxlen: 22
                          37.228.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3b:8a:3e:23:81:4b:ec:24:83:8f:57:d7:32:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=051ad59100c01ea4ac577dd0f9367284b900190c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d4:60:d3:3a:40:f8:0c:8e:85:be:8c:9a:56:
                    98:28:4b:d1:20:83:e9:0f:7a:ea:e5:5e:cf:f2:85:
                    a9:31:ff:1f:36:86:51:60:bf:41:36:b7:2a:12:24:
                    b3:c7:d7:90:c0:43:89:a4:1f:2e:b7:4f:42:30:36:
                    a5:3f:bc:e2:6a:d8:63:b1:89:bf:fe:08:01:18:bd:
                    1a:0a:81:05:6d:d5:80:5f:d6:48:4e:e5:12:96:24:
                    8d:3f:32:1e:21:89:e8:e6:aa:2f:85:19:64:d9:f5:
                    d0:b8:d5:33:97:0c:35:96:43:0e:55:46:5c:bc:2d:
                    9a:24:89:37:5a:16:00:b2:3f:6a:c8:57:06:a6:94:
                    74:c8:c4:d0:dc:33:5f:83:b5:70:b2:64:03:c0:2c:
                    7b:36:37:16:b6:fb:77:ce:80:78:45:d9:43:d4:fe:
                    de:e1:aa:36:3a:f1:24:32:d3:65:3c:5b:94:1b:99:
                    ea:a4:a4:3f:1e:a6:8b:ca:86:34:25:ee:5b:ca:fd:
                    b5:2b:59:dd:0a:cf:8e:4c:5c:62:3f:d8:31:ef:0e:
                    27:7e:bc:1d:8f:bc:bc:23:ff:c3:11:5e:2f:16:61:
                    44:a6:a3:3a:fa:46:7d:cb:01:f3:df:eb:07:24:2d:
                    50:07:45:7b:09:34:58:9d:c0:da:da:5f:27:74:01:
                    a3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1A:D5:91:00:C0:1E:A4:AC:57:7D:D0:F9:36:72:84:B9:00:19:0C
            X509v3 Authority Key Identifier:
                keyid:4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/BRrVkQDAHqSsV33Q-TZyhLkAGQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.228.140.0/22
                  94.199.208.0/22
                  185.38.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:7b:7e:a7:c2:0b:4b:cb:cb:79:fb:dc:a2:61:42:e2:40:49:
         50:82:e6:24:ad:b7:a6:27:87:e6:dd:13:b0:69:9a:52:33:40:
         de:9d:df:24:ee:48:cb:dd:78:9a:cf:6f:77:3d:da:65:6b:2b:
         88:9d:99:25:19:65:8d:6e:be:a4:22:34:7e:68:b9:34:fb:12:
         0c:3a:88:10:b7:cb:52:b2:18:67:2f:39:24:c4:6c:71:ee:99:
         ba:14:f9:9c:e0:27:3d:9e:e6:d0:a5:3a:8f:59:a0:a9:46:7c:
         ec:67:56:79:c3:12:8e:6e:8f:ca:97:c0:fc:17:74:47:a1:b9:
         70:d5:b0:09:a4:71:70:72:42:6b:d8:9b:19:0e:b2:0d:ca:f8:
         a8:7f:57:46:90:ab:b2:e3:4a:41:94:b9:6f:d4:c4:d1:11:7f:
         1b:14:8b:ec:ef:94:01:61:cc:17:d9:65:7e:2c:a8:df:9c:4e:
         a4:ec:aa:6a:eb:73:05:ba:f5:91:10:cf:30:6c:a4:38:7f:71:
         7e:9e:a4:df:b8:88:59:27:f9:6b:51:64:58:39:8f:0d:f7:53:
         4a:ee:47:11:15:e2:f3:61:73:a7:fb:24:94:e6:00:67:f3:a7:
         f3:c0:5f:4a:14:9a:c8:86:b0:6a:40:5b:06:b4:59:e3:25:19:
         02:80:91:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIATuKPiOBS+wkg49X1zL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWJmMzNiMGIzODA4ODhmZTFlM2I4MGVkYTQ4YjE3ODFi
Yjc3MDkwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFhZDU5MTAwYzAxZWE0YWM1NzdkZDBmOTM2NzI4NGI5MDAxOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdRg0zpA+AyOhb6MmlaYKEvRIIPp
D3rq5V7P8oWpMf8fNoZRYL9BNrcqEiSzx9eQwEOJpB8ut09CMDalP7ziathjsYm/
/ggBGL0aCoEFbdWAX9ZITuUSliSNPzIeIYno5qovhRlk2fXQuNUzlww1lkMOVUZc
vC2aJIk3WhYAsj9qyFcGppR0yMTQ3DNfg7VwsmQDwCx7NjcWtvt3zoB4RdlD1P7e
4ao2OvEkMtNlPFuUG5nqpKQ/HqaLyoY0Je5byv21K1ndCs+OTFxiP9gx7w4nfrwd
j7y8I//DEV4vFmFEpqM6+kZ9ywHz3+sHJC1QB0V7CTRYncDa2l8ndAGjaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAUa1ZEAwB6krFd90Pk2coS5ABkMMB8GA1UdIwQY
MBaAFEyr8zsLOAiI/h47gO2kixeBu3cJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUt
NDFhZTVmNGE1MDU1LzEvQlJyVmtRREFIcVNzVjMzUS1UWnloTGtBR1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUtNDFhZTVmNGE1MDU1
LzEvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJeSMAwQC
XsfQAwQCuSYoMA0GCSqGSIb3DQEBCwUAA4IBAQB0e36nwgtLy8t5+9yiYULiQElQ
guYkrbemJ4fm3ROwaZpSM0Dend8k7kjL3Xiaz293PdplayuInZklGWWNbr6kIjR+
aLk0+xIMOogQt8tSshhnLzkkxGxx7pm6FPmc4Cc9nubQpTqPWaCpRnzsZ1Z5wxKO
bo/Kl8D8F3RHoblw1bAJpHFwckJr2JsZDrINyviof1dGkKuy40pBlLlv1MTREX8b
FIvs75QBYcwX2WV+LKjfnE6k7Kpq63MFuvWREM8wbKQ4f3F+nqTfuIhZJ/lrUWRY
OY8N91NK7kcRFeLzYXOn+ySU5gBn86fzwF9KFJrIhrBqQFsGtFnjJRkCgJF1
-----END CERTIFICATE-----