Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4RwI6WevS4urCzFA_HngsIiBAFY.roa
File:                     4RwI6WevS4urCzFA_HngsIiBAFY.roa (raw, json)
Hash identifier:          vNotvFH5G7Xz5m1qc9HZ3myajKrSS0KGi8ZKpAHoNio=
Subject key identifier:   E1:1C:08:E9:67:AF:4B:8B:AB:0B:31:40:FC:79:E0:B0:88:81:00:56
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCD9AD08488D38D17B2B3DD4D257AF
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4RwI6WevS4urCzFA_HngsIiBAFY.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62081
IP address blocks:        185.165.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:ad:08:48:8d:38:d1:7b:2b:3d:d4:d2:57:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e11c08e967af4b8bab0b3140fc79e0b088810056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2a:4d:11:fa:39:25:04:a6:cc:65:ff:a2:95:
                    25:60:85:2e:ac:cf:fe:10:84:88:5a:7a:a8:f2:99:
                    47:e7:e8:b4:54:39:ce:4e:ee:87:00:1c:d0:6c:dc:
                    89:12:51:51:ae:4c:2d:42:5f:ba:8c:14:3c:68:21:
                    c8:aa:dd:5d:d7:0d:a2:8d:99:b3:1e:be:fe:21:e7:
                    af:17:92:ed:1e:c7:98:57:15:6f:88:af:8d:b4:14:
                    a6:ab:e4:f9:93:5e:4e:df:89:da:52:a8:f2:07:63:
                    1d:63:c4:ce:0e:56:68:21:68:aa:07:dd:39:89:1d:
                    a1:50:ea:c9:cb:03:28:4d:f9:19:33:93:41:64:3c:
                    2f:fc:cf:33:88:6c:8f:de:5a:84:35:b0:8e:fd:21:
                    f2:9c:8e:f3:5d:8d:51:a7:f5:c6:37:d3:aa:d9:c4:
                    3e:48:12:57:8c:11:1e:b3:e4:d1:9b:bc:37:16:4b:
                    74:33:c7:c2:b0:50:6a:da:7e:4b:75:5b:b6:4b:19:
                    a0:d5:ba:cc:b4:fd:db:26:b7:b2:95:27:7c:dc:bb:
                    6a:f8:e8:8d:42:d1:89:7a:c3:02:eb:9f:86:e5:9b:
                    ee:f5:8d:a3:5e:cb:e0:d5:15:43:0c:ad:9f:50:75:
                    b4:8a:17:05:d0:e5:2d:97:70:65:69:ad:9c:fa:76:
                    d9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1C:08:E9:67:AF:4B:8B:AB:0B:31:40:FC:79:E0:B0:88:81:00:56
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4RwI6WevS4urCzFA_HngsIiBAFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:4a:da:8e:5b:36:78:44:e1:9f:00:31:d1:2a:e7:ff:60:f0:
         a7:4a:30:0e:05:fc:16:fc:26:d9:25:75:dd:35:c4:de:25:3b:
         e4:c7:9b:4f:98:58:7a:49:4c:ac:55:b8:07:a1:f0:6e:dd:6b:
         89:57:6b:cd:04:f5:62:46:b3:5a:e9:0e:55:c8:cd:8a:8e:d1:
         46:7b:f1:07:22:7c:ef:ab:54:b9:99:64:bf:ad:23:89:94:70:
         86:d9:83:15:75:b7:1d:99:f9:24:47:be:65:84:de:0c:59:97:
         86:20:7b:91:7a:61:18:fa:c8:7d:17:21:d2:5e:29:d6:1a:85:
         d3:9d:07:51:a9:ee:3f:f1:70:72:f1:32:6d:79:01:b5:fb:11:
         74:b5:36:76:df:f2:0c:e3:a1:4b:c7:e2:88:d4:4a:bf:60:41:
         d7:fe:44:5f:22:68:39:4b:ac:23:d1:a5:43:b4:42:e4:03:d8:
         54:79:4f:a5:89:3b:8a:6c:80:f4:40:53:03:1d:7f:b6:8b:dd:
         4b:8a:84:b5:db:2f:62:ae:c9:19:81:54:27:b4:6a:64:68:8c:
         c1:5a:0b:ee:e6:9c:39:0e:09:18:9f:db:88:b1:3b:98:69:5e:
         9c:71:7b:c7:55:be:f9:5c:26:5c:c1:69:87:ff:af:63:bf:04:
         07:e7:db:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NmtCEiNONF7Kz3U0levMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTFjMDhlOTY3YWY0YjhiYWIwYjMxNDBmYzc5ZTBiMDg4ODEwMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSpNEfo5JQSmzGX/opUlYIUurM/+
EISIWnqo8plH5+i0VDnOTu6HABzQbNyJElFRrkwtQl+6jBQ8aCHIqt1d1w2ijZmz
Hr7+IeevF5LtHseYVxVviK+NtBSmq+T5k15O34naUqjyB2MdY8TODlZoIWiqB905
iR2hUOrJywMoTfkZM5NBZDwv/M8ziGyP3lqENbCO/SHynI7zXY1Rp/XGN9Oq2cQ+
SBJXjBEes+TRm7w3Fkt0M8fCsFBq2n5LdVu2Sxmg1brMtP3bJreylSd83Ltq+OiN
QtGJesMC65+G5Zvu9Y2jXsvg1RVDDK2fUHW0ihcF0OUtl3Blaa2c+nbZswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEcCOlnr0uLqwsxQPx54LCIgQBWMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvNFJ3STZXZXZTNHVyQ3pGQV9IbmdzSWlCQUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaWVMA0G
CSqGSIb3DQEBCwUAA4IBAQCEStqOWzZ4ROGfADHRKuf/YPCnSjAOBfwW/CbZJXXd
NcTeJTvkx5tPmFh6SUysVbgHofBu3WuJV2vNBPViRrNa6Q5VyM2KjtFGe/EHInzv
q1S5mWS/rSOJlHCG2YMVdbcdmfkkR75lhN4MWZeGIHuRemEY+sh9FyHSXinWGoXT
nQdRqe4/8XBy8TJteQG1+xF0tTZ23/IM46FLx+KI1Eq/YEHX/kRfImg5S6wj0aVD
tELkA9hUeU+liTuKbID0QFMDHX+2i91LioS12y9irskZgVQntGpkaIzBWgvu5pw5
DgkYn9uIsTuYaV6ccXvHVb75XCZcwWmH/69jvwQH59vk
-----END CERTIFICATE-----