Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4kwxaAOqnEHIuZQFRPC6_8gSKKE.roa
File:                     4kwxaAOqnEHIuZQFRPC6_8gSKKE.roa (raw, json)
Hash identifier:          99snrJD/G2ltRGqQ+/55Rj4A63J+M56MMYDzsjhmZGE=
Subject key identifier:   E2:4C:31:68:03:AA:9C:41:C8:B9:94:05:44:F0:BA:FF:C8:12:28:A1
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCDA9E7F5CFCCBE97F99684C689BF1
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4kwxaAOqnEHIuZQFRPC6_8gSKKE.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206185
IP address blocks:        194.126.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:da:9e:7f:5c:fc:cb:e9:7f:99:68:4c:68:9b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e24c316803aa9c41c8b9940544f0baffc81228a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:69:b1:7a:b5:bc:53:58:77:20:56:02:5a:6e:
                    63:d6:aa:bf:57:d3:66:65:a6:9f:65:01:9b:89:2b:
                    f5:97:aa:8c:85:c4:c4:ab:74:3c:32:d8:b7:f4:d1:
                    47:10:c3:1f:ea:7b:54:64:30:eb:60:03:2a:d1:8f:
                    a6:d8:97:b0:3e:04:e5:19:53:03:93:9f:21:52:85:
                    a1:4a:31:af:ec:5f:6d:03:0f:b8:a8:ad:d9:a9:0f:
                    88:b1:0d:8c:bc:b8:b3:9e:68:ca:dd:75:45:23:87:
                    fe:7a:1d:19:30:97:1c:b2:45:91:ba:c0:4d:76:13:
                    90:ff:5e:ea:f1:f9:7a:16:dd:1c:b4:d0:e8:6e:d2:
                    ce:e2:ae:6e:cd:6c:a0:8d:cb:10:83:c8:a7:a0:7b:
                    fb:e0:36:f4:ad:6a:3f:bf:8b:42:cc:d4:29:89:e7:
                    cf:9e:93:07:30:c8:a1:c6:1f:db:fe:fe:2d:70:b3:
                    8e:31:0c:0e:0a:cf:5d:2f:4d:6c:87:41:eb:74:76:
                    1a:85:7f:1f:a1:68:9a:9a:b2:ec:a6:d2:05:15:04:
                    26:b7:b3:f3:c5:d1:50:45:fe:64:62:a5:a2:41:de:
                    90:74:24:67:0b:24:e4:df:d2:1f:51:25:00:2b:2c:
                    6f:23:df:d8:1b:98:1e:f7:1c:cb:4d:20:bf:ee:a2:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4C:31:68:03:AA:9C:41:C8:B9:94:05:44:F0:BA:FF:C8:12:28:A1
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4kwxaAOqnEHIuZQFRPC6_8gSKKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:ad:ee:e3:c4:3e:cd:a6:92:1b:f0:50:53:be:af:35:d4:e0:
         93:ff:d9:f5:ab:50:97:70:f1:c4:df:7d:dd:9c:86:29:07:50:
         ea:ae:28:bc:15:35:36:79:47:37:b2:5c:ac:44:81:8b:b7:3d:
         d0:48:87:fb:b5:3f:b7:cd:aa:70:2e:ec:00:e9:2d:4c:17:c0:
         bb:ce:b5:20:4b:f1:ee:44:b9:06:9d:2b:0b:c6:e5:af:7c:c7:
         32:59:a6:d7:53:95:11:47:26:22:15:ec:6d:56:77:f3:28:71:
         66:58:63:a8:5b:5c:31:2b:55:3c:a8:b1:be:a7:e0:8c:62:38:
         69:a1:a0:4c:6d:d5:42:fd:3b:92:3a:6a:1b:c2:53:73:ac:44:
         8f:8a:45:73:5e:f9:da:d0:d8:53:9e:e3:6c:99:59:33:3f:77:
         a9:45:cb:e6:84:f1:80:94:a5:c2:86:7b:d8:3e:be:29:99:fb:
         63:e1:60:af:10:fd:f2:a0:3b:fd:75:23:59:a2:fe:fd:c2:cc:
         46:be:4b:07:1c:ed:45:bf:b7:31:c5:f3:97:71:4e:f2:a6:5a:
         82:72:5d:42:7b:e4:d0:a9:bb:86:87:fa:2b:52:c8:bc:54:cc:
         88:a5:bb:1d:a2:3a:89:73:85:cc:48:28:5a:35:97:83:39:bf:
         46:6b:b3:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Nqef1z8y+l/mWhMaJvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjRjMzE2ODAzYWE5YzQxYzhiOTk0MDU0NGYwYmFmZmM4MTIyOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2mxerW8U1h3IFYCWm5j1qq/V9Nm
ZaafZQGbiSv1l6qMhcTEq3Q8Mti39NFHEMMf6ntUZDDrYAMq0Y+m2JewPgTlGVMD
k58hUoWhSjGv7F9tAw+4qK3ZqQ+IsQ2MvLiznmjK3XVFI4f+eh0ZMJccskWRusBN
dhOQ/17q8fl6Ft0ctNDobtLO4q5uzWygjcsQg8inoHv74Db0rWo/v4tCzNQpiefP
npMHMMihxh/b/v4tcLOOMQwOCs9dL01sh0HrdHYahX8foWiamrLsptIFFQQmt7Pz
xdFQRf5kYqWiQd6QdCRnCyTk39IfUSUAKyxvI9/YG5ge9xzLTSC/7qLohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJMMWgDqpxByLmUBUTwuv/IEiihMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvNGt3eGFBT3FuRUhJdVpRRlJQQzZfOGdTS0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn6kMA0G
CSqGSIb3DQEBCwUAA4IBAQB9re7jxD7NppIb8FBTvq811OCT/9n1q1CXcPHE333d
nIYpB1Dqrii8FTU2eUc3slysRIGLtz3QSIf7tT+3zapwLuwA6S1MF8C7zrUgS/Hu
RLkGnSsLxuWvfMcyWabXU5URRyYiFextVnfzKHFmWGOoW1wxK1U8qLG+p+CMYjhp
oaBMbdVC/TuSOmobwlNzrESPikVzXvna0NhTnuNsmVkzP3epRcvmhPGAlKXChnvY
Pr4pmftj4WCvEP3yoDv9dSNZov79wsxGvksHHO1Fv7cxxfOXcU7yplqCcl1Ce+TQ
qbuGh/orUsi8VMyIpbsdojqJc4XMSChaNZeDOb9Ga7OK
-----END CERTIFICATE-----