Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/eJA4S3M-Eu3utqy7aQmLjDC30so.roa
File:                     eJA4S3M-Eu3utqy7aQmLjDC30so.roa (raw, json)
Hash identifier:          9Khpvq41ZeWXteLjodzxK1FMSKMwtk+OJXcqwe5gUVI=
Subject key identifier:   78:90:38:4B:73:3E:12:ED:EE:B6:AC:BB:69:09:8B:8C:30:B7:D2:CA
Certificate issuer:       /CN=70bb5e54f2748ecb5d8698d379339cc15f32b893
Certificate serial:       018CC56E5D8AD19E85004E168F04C8093958
Authority key identifier: 70:BB:5E:54:F2:74:8E:CB:5D:86:98:D3:79:33:9C:C1:5F:32:B8:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLteVPJ0jstdhpjTeTOcwV8yuJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/eJA4S3M-Eu3utqy7aQmLjDC30so.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210182
IP address blocks:        185.250.112.0/24 maxlen: 24
                          185.250.112.0/22 maxlen: 22
                          185.250.114.0/24 maxlen: 24
                          185.250.113.0/24 maxlen: 24
                          185.250.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/cLteVPJ0jstdhpjTeTOcwV8yuJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/cLteVPJ0jstdhpjTeTOcwV8yuJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLteVPJ0jstdhpjTeTOcwV8yuJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 02:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5d:8a:d1:9e:85:00:4e:16:8f:04:c8:09:39:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bb5e54f2748ecb5d8698d379339cc15f32b893
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7890384b733e12edeeb6acbb69098b8c30b7d2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:34:07:fb:e7:d6:67:76:a3:75:8c:c6:fe:
                    0c:9f:ce:a3:a5:1f:16:06:ba:c5:5f:1c:93:a7:c2:
                    ad:01:f6:7f:3b:c0:fd:e9:80:03:0d:17:20:0e:25:
                    62:22:91:f9:90:89:02:78:e1:33:ae:39:4f:fb:da:
                    9a:59:d5:cd:be:51:79:8f:82:97:16:fc:dd:c6:c5:
                    ea:e5:1d:ae:c9:9a:4e:14:43:9a:ff:bc:08:1c:6a:
                    e8:52:23:ef:2b:d8:de:f9:2b:a8:22:29:53:ae:48:
                    14:5f:a7:58:2e:a2:d6:64:c0:96:3d:71:81:51:16:
                    1c:0d:e6:10:21:21:44:51:a0:5e:50:49:a1:32:ce:
                    c1:5b:3f:8a:42:37:8b:63:89:61:d5:e1:09:43:76:
                    84:06:b1:cd:ca:5d:bc:9e:62:b4:d6:8a:97:cf:3e:
                    f2:0f:94:e9:31:5e:1b:2a:52:1f:d0:39:7e:e4:22:
                    46:2a:f8:cb:62:4a:d8:b5:fc:f1:e5:55:80:16:1c:
                    1b:de:dd:8e:57:8c:52:03:30:26:72:c9:a6:88:44:
                    87:84:64:8c:60:30:02:0f:99:77:20:fe:7a:e5:c1:
                    00:2b:f3:b6:0a:ca:f6:2a:f5:5a:67:0f:07:c6:9e:
                    62:6e:9c:8b:fd:66:a0:9f:33:3a:ea:3a:fa:fb:9f:
                    26:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:90:38:4B:73:3E:12:ED:EE:B6:AC:BB:69:09:8B:8C:30:B7:D2:CA
            X509v3 Authority Key Identifier:
                keyid:70:BB:5E:54:F2:74:8E:CB:5D:86:98:D3:79:33:9C:C1:5F:32:B8:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLteVPJ0jstdhpjTeTOcwV8yuJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/eJA4S3M-Eu3utqy7aQmLjDC30so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/dc3246-c85a-46df-8c30-48cee26c55bb/1/cLteVPJ0jstdhpjTeTOcwV8yuJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:e4:8d:a3:df:3e:8f:76:87:17:ed:9c:32:18:af:ea:a5:bd:
         20:aa:bb:0c:cc:fb:ad:e5:87:74:ce:92:32:e3:5f:e6:7d:d3:
         0f:4d:fe:bb:1b:14:d7:56:d4:36:1a:99:a5:a1:a5:cb:f4:44:
         08:6a:98:70:6a:2e:95:33:97:17:e4:37:33:44:bb:2e:fa:7c:
         e6:5a:ac:8b:fa:35:59:5b:e7:50:37:2e:ec:29:88:26:7e:e8:
         52:b2:d5:0b:37:53:95:dc:2b:35:32:fa:c8:d2:95:cc:be:64:
         54:a2:27:c7:e9:b9:7d:e0:8f:6d:3e:cb:28:cd:c0:86:2c:62:
         1c:55:41:6e:94:14:a4:79:84:8a:d9:9a:1f:68:77:6c:0c:7b:
         2c:d1:32:99:6d:f4:4d:9f:20:41:6b:c9:76:6c:a4:ff:7e:13:
         ad:d3:1e:89:7c:c7:6c:4b:25:b2:ec:a6:02:a0:e7:c1:91:4a:
         d0:6e:35:71:c9:c9:08:d8:af:19:94:ac:9e:f8:bf:6f:b6:5b:
         15:10:71:c0:7e:2e:6d:96:6a:89:b1:15:09:43:6d:eb:92:5a:
         e8:1c:9e:9d:57:a4:ca:78:2c:50:b0:91:34:21:30:bc:e0:26:
         85:b9:7e:8c:78:34:dc:d3:3b:66:a4:07:e4:d6:24:a7:2c:b8:
         ff:f9:b2:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl2K0Z6FAE4WjwTICTlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmI1ZTU0ZjI3NDhlY2I1ZDg2OThkMzc5MzM5Y2MxNWYz
MmI4OTMwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODkwMzg0YjczM2UxMmVkZWViNmFjYmI2OTA5OGI4YzMwYjdkMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumI0B/vn1md2o3WMxv4Mn86jpR8W
BrrFXxyTp8KtAfZ/O8D96YADDRcgDiViIpH5kIkCeOEzrjlP+9qaWdXNvlF5j4KX
FvzdxsXq5R2uyZpOFEOa/7wIHGroUiPvK9je+SuoIilTrkgUX6dYLqLWZMCWPXGB
URYcDeYQISFEUaBeUEmhMs7BWz+KQjeLY4lh1eEJQ3aEBrHNyl28nmK01oqXzz7y
D5TpMV4bKlIf0Dl+5CJGKvjLYkrYtfzx5VWAFhwb3t2OV4xSAzAmcsmmiESHhGSM
YDACD5l3IP565cEAK/O2Csr2KvVaZw8Hxp5ibpyL/WagnzM66jr6+58maQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiQOEtzPhLt7rasu2kJi4wwt9LKMB8GA1UdIwQY
MBaAFHC7XlTydI7LXYaY03kznMFfMriTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0x0ZVZQSjBqc3RkaHBqVGVUT2N3Vjh5dUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9kYzMyNDYtYzg1YS00NmRmLThjMzAt
NDhjZWUyNmM1NWJiLzEvZUpBNFMzTS1FdTN1dHF5N2FRbUxqREMzMHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9kYzMyNDYtYzg1YS00NmRmLThjMzAtNDhjZWUyNmM1NWJi
LzEvY0x0ZVZQSjBqc3RkaHBqVGVUT2N3Vjh5dUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufpwMA0G
CSqGSIb3DQEBCwUAA4IBAQBj5I2j3z6PdocX7ZwyGK/qpb0gqrsMzPut5Yd0zpIy
41/mfdMPTf67GxTXVtQ2GpmloaXL9EQIaphwai6VM5cX5DczRLsu+nzmWqyL+jVZ
W+dQNy7sKYgmfuhSstULN1OV3Cs1MvrI0pXMvmRUoifH6bl94I9tPssozcCGLGIc
VUFulBSkeYSK2ZofaHdsDHss0TKZbfRNnyBBa8l2bKT/fhOt0x6JfMdsSyWy7KYC
oOfBkUrQbjVxyckI2K8ZlKye+L9vtlsVEHHAfi5tlmqJsRUJQ23rklroHJ6dV6TK
eCxQsJE0ITC84CaFuX6MeDTc0ztmpAfk1iSnLLj/+bJy
-----END CERTIFICATE-----