Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/DYRo5UxpUtRoBr5siZIGMHmDOmk.roa
File:                     DYRo5UxpUtRoBr5siZIGMHmDOmk.roa (raw, json)
Hash identifier:          CNeg8TW20mVMGXVcVuZCa6OMSEOFftuPH5JmAwDqWJM=
Subject key identifier:   0D:84:68:E5:4C:69:52:D4:68:06:BE:6C:89:92:06:30:79:83:3A:69
Certificate issuer:       /CN=8e0a391aaeb8fc7c833f8257d7a9e74a55b33afe
Certificate serial:       01942143C92C3103B30CF6BDF98362E9C394
Authority key identifier: 8E:0A:39:1A:AE:B8:FC:7C:83:3F:82:57:D7:A9:E7:4A:55:B3:3A:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgo5Gq64_HyDP4JX16nnSlWzOv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/DYRo5UxpUtRoBr5siZIGMHmDOmk.roa
Signing time:             Wed 01 Jan 2025 09:47:58 +0000
ROA not before:           Wed 01 Jan 2025 09:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394434
IP address blocks:        185.187.132.0/23 maxlen: 24
                          185.187.134.0/23 maxlen: 24
                          2a0b:a580::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/jgo5Gq64_HyDP4JX16nnSlWzOv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/jgo5Gq64_HyDP4JX16nnSlWzOv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgo5Gq64_HyDP4JX16nnSlWzOv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c9:2c:31:03:b3:0c:f6:bd:f9:83:62:e9:c3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e0a391aaeb8fc7c833f8257d7a9e74a55b33afe
        Validity
            Not Before: Jan  1 09:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d8468e54c6952d46806be6c8992063079833a69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5b:ac:ee:45:17:f3:3a:77:e2:c6:ab:a3:c1:
                    12:df:c6:ee:58:59:ce:d6:54:79:ca:a5:76:d9:11:
                    57:7a:26:90:e4:7f:cd:0a:29:18:c2:55:47:5f:5e:
                    ad:26:8f:83:51:e4:a2:bc:75:91:aa:cc:f9:3f:ef:
                    31:1a:ba:34:0a:8f:e4:0b:89:84:f1:07:77:04:5b:
                    c1:2f:d7:4d:c2:5a:e9:12:a7:a2:73:60:62:5a:4b:
                    8a:2e:9e:e1:da:21:ff:ec:7a:1c:b1:d1:e2:36:e6:
                    1a:7c:f0:0c:d3:1e:1a:45:b0:2d:79:5a:ec:7d:5d:
                    1e:05:16:67:ed:eb:1d:92:06:fe:68:81:9d:9a:a3:
                    3f:6d:19:75:e2:43:9b:ab:71:46:29:3a:6b:65:86:
                    2d:ed:bb:88:14:70:ad:8c:f8:be:09:fb:8a:d2:ca:
                    0c:cf:5f:7d:74:fd:2b:a2:54:28:23:b5:a1:d2:1e:
                    d2:21:de:dc:bd:82:c4:0f:70:50:e6:d4:c2:8d:92:
                    c8:b0:10:29:94:6b:60:ca:00:fe:89:d6:69:7c:7b:
                    f6:b7:80:45:08:65:76:c9:50:d4:b7:64:df:51:39:
                    3e:2e:e8:3d:8b:10:39:d6:e5:f5:4c:bd:cc:4f:a6:
                    2d:2a:78:59:50:ab:74:1b:63:21:c7:53:14:ed:10:
                    5b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:84:68:E5:4C:69:52:D4:68:06:BE:6C:89:92:06:30:79:83:3A:69
            X509v3 Authority Key Identifier:
                keyid:8E:0A:39:1A:AE:B8:FC:7C:83:3F:82:57:D7:A9:E7:4A:55:B3:3A:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgo5Gq64_HyDP4JX16nnSlWzOv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/DYRo5UxpUtRoBr5siZIGMHmDOmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f26501-6718-42bc-91df-edb43e1d4ee0/1/jgo5Gq64_HyDP4JX16nnSlWzOv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.132.0/22
                IPv6:
                  2a0b:a580::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:63:ae:7a:f0:19:a4:ec:5d:4e:5e:0e:0c:9b:6b:1b:74:6a:
         4f:4a:ab:46:1b:a1:2e:c7:db:94:5f:3f:8d:f9:aa:f5:92:3a:
         cc:b4:8d:c3:05:5a:57:de:fd:a3:23:ed:8e:6a:c1:60:55:dc:
         45:41:bb:b2:5a:fd:1e:fb:6a:66:9c:29:13:bd:0a:c9:ce:ff:
         a8:c3:29:4a:b0:01:22:fd:70:bd:2b:63:5c:5b:f4:46:ce:a8:
         86:2c:c1:36:54:92:c6:91:9d:20:0f:68:b9:46:d5:00:4c:ea:
         57:d3:ea:95:b2:56:ea:a0:ab:09:03:c3:a3:8b:85:99:cf:33:
         67:c3:ab:b9:dd:6e:0f:12:c9:b0:d8:9e:89:b9:0d:08:05:a4:
         08:27:c0:30:84:9b:e5:d0:f6:da:f3:03:e7:78:29:23:2d:48:
         31:08:87:38:a4:c8:b6:7e:9a:15:ec:fb:bd:06:8f:71:ac:4c:
         b8:a6:03:99:24:86:6a:7a:75:db:f2:2f:e3:cf:60:d1:4f:f0:
         55:8d:b1:91:bd:03:f5:19:8f:27:00:ff:7b:ef:69:6d:f5:b6:
         b1:ed:5e:39:f7:f6:50:86:bd:87:72:36:fa:3b:70:8c:55:32:
         f1:13:67:83:07:53:d2:b1:10:87:a3:fe:4b:6f:32:68:59:85:
         79:4a:24:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ8ksMQOzDPa9+YNi6cOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMGEzOTFhYWViOGZjN2M4MzNmODI1N2Q3YTllNzRhNTVi
MzNhZmUwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg0NjhlNTRjNjk1MmQ0NjgwNmJlNmM4OTkyMDYzMDc5ODMzYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1us7kUX8zp34saro8ES38buWFnO
1lR5yqV22RFXeiaQ5H/NCikYwlVHX16tJo+DUeSivHWRqsz5P+8xGro0Co/kC4mE
8Qd3BFvBL9dNwlrpEqeic2BiWkuKLp7h2iH/7HocsdHiNuYafPAM0x4aRbAteVrs
fV0eBRZn7esdkgb+aIGdmqM/bRl14kObq3FGKTprZYYt7buIFHCtjPi+CfuK0soM
z199dP0rolQoI7Wh0h7SId7cvYLED3BQ5tTCjZLIsBAplGtgygD+idZpfHv2t4BF
CGV2yVDUt2TfUTk+Lug9ixA51uX1TL3MT6YtKnhZUKt0G2Mhx1MU7RBbMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA2EaOVMaVLUaAa+bImSBjB5gzppMB8GA1UdIwQY
MBaAFI4KORquuPx8gz+CV9ep50pVszr+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamdvNUdxNjRfSHlEUDRKWDE2bm5TbFd6T3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mMjY1MDEtNjcxOC00MmJjLTkxZGYt
ZWRiNDNlMWQ0ZWUwLzEvRFlSbzVVeHBVdFJvQnI1c2laSUdNSG1ET21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mMjY1MDEtNjcxOC00MmJjLTkxZGYtZWRiNDNlMWQ0ZWUw
LzEvamdvNUdxNjRfSHlEUDRKWDE2bm5TbFd6T3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubuEMA0E
AgACMAcDBQMqC6WAMA0GCSqGSIb3DQEBCwUAA4IBAQCAY6568Bmk7F1OXg4Mm2sb
dGpPSqtGG6Eux9uUXz+N+ar1kjrMtI3DBVpX3v2jI+2OasFgVdxFQbuyWv0e+2pm
nCkTvQrJzv+owylKsAEi/XC9K2NcW/RGzqiGLME2VJLGkZ0gD2i5RtUATOpX0+qV
slbqoKsJA8Oji4WZzzNnw6u53W4PEsmw2J6JuQ0IBaQIJ8AwhJvl0Pba8wPneCkj
LUgxCIc4pMi2fpoV7Pu9Bo9xrEy4pgOZJIZqenXb8i/jz2DRT/BVjbGRvQP1GY8n
AP9772lt9bax7V459/ZQhr2Hcjb6O3CMVTLxE2eDB1PSsRCHo/5LbzJoWYV5SiSw
-----END CERTIFICATE-----