Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/DRwIjZhWrPHDPt8icjUNIQEjKWc.roa
File:                     DRwIjZhWrPHDPt8icjUNIQEjKWc.roa (raw, json)
Hash identifier:          noCX+dYYncis7Gt7O0/GOKW0fjy4eLxLfOxQPSMlU/Q=
Subject key identifier:   0D:1C:08:8D:98:56:AC:F1:C3:3E:DF:22:72:35:0D:21:01:23:29:67
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       018DBBBB2A85EE7C2B783DA0C15CDDAC1F82
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/DRwIjZhWrPHDPt8icjUNIQEjKWc.roa
Signing time:             Sun 18 Feb 2024 10:20:21 +0000
ROA not before:           Sun 18 Feb 2024 10:20:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14576
IP address blocks:        91.242.228.0/24 maxlen: 24
                          94.154.127.0/24 maxlen: 24
                          146.19.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bb:bb:2a:85:ee:7c:2b:78:3d:a0:c1:5c:dd:ac:1f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Feb 18 10:20:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d1c088d9856acf1c33edf2272350d2101232967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2c:33:44:57:18:f9:5a:d2:82:5d:04:ea:a2:
                    20:fa:17:03:62:e4:9e:a5:95:96:f0:38:87:f9:56:
                    95:8c:f0:7c:0f:1d:62:78:dd:b8:39:b5:aa:6e:e0:
                    d6:35:22:b4:64:b5:e6:c3:88:96:e7:56:c7:1c:b3:
                    70:e5:ad:0f:c7:05:71:88:06:d8:9c:a8:0e:62:90:
                    c1:60:d7:f1:d9:09:c4:65:9c:05:10:d3:92:7e:af:
                    12:03:6a:3a:e0:33:bc:13:1d:9a:d8:d8:54:f1:1e:
                    64:36:f1:46:90:27:38:02:cc:09:c3:88:29:07:b5:
                    55:f9:07:cf:b6:a5:98:dc:3f:fa:52:f8:fb:1a:c5:
                    37:b5:4b:94:6a:a2:ba:d9:db:20:a4:c9:04:ad:5f:
                    0e:64:e6:66:72:84:d0:89:d8:0f:ed:93:82:b3:e4:
                    75:96:07:40:74:86:e1:06:65:9d:59:ed:34:a6:aa:
                    29:bf:87:5a:4a:94:2c:60:fa:37:da:41:46:17:70:
                    1f:0c:71:37:af:24:ab:1a:50:69:20:62:71:26:7b:
                    f8:a9:d7:ff:63:94:97:f7:95:a6:2d:ee:65:07:e3:
                    4c:02:a0:b5:3b:ba:e4:5f:f3:d8:02:3a:f7:f7:53:
                    2a:3f:11:60:96:75:38:3d:3d:64:c0:10:c9:e2:87:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1C:08:8D:98:56:AC:F1:C3:3E:DF:22:72:35:0D:21:01:23:29:67
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/DRwIjZhWrPHDPt8icjUNIQEjKWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.228.0/24
                  94.154.127.0/24
                  146.19.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:2e:58:6c:00:01:28:cf:7c:76:cf:88:26:17:fe:c7:89:71:
         6d:f3:ae:71:f2:65:35:8d:2f:f6:42:c3:8f:4a:ea:f3:16:2e:
         1d:27:dc:fd:9c:15:f9:68:08:9c:bd:1c:ca:67:6e:50:44:b1:
         fb:da:6c:6a:d1:1a:f2:b0:29:52:74:d0:7b:74:91:59:a8:fc:
         75:1d:83:06:fc:c9:b3:da:6a:90:92:48:4e:1e:9d:d8:d9:ce:
         97:85:0d:a3:e8:f7:9d:97:b7:e5:89:22:24:e5:79:62:90:57:
         9c:b9:2f:7a:3d:1e:a1:a3:a6:fa:12:1c:e4:b6:ca:6e:c9:4a:
         e5:5d:1c:c6:09:00:8b:dd:c9:2e:bf:2e:ea:7b:b1:7b:4b:dd:
         2d:60:8f:c4:d3:36:78:9e:e5:6d:af:77:23:ee:87:61:32:03:
         c0:06:a6:af:15:96:a3:e2:25:68:a2:77:a1:e5:59:2a:24:e3:
         79:30:7c:a8:14:ac:23:b1:4a:1e:1f:b8:3a:64:3b:3d:1b:06:
         6d:db:9c:ba:9c:0b:58:08:57:f3:8d:23:de:f2:b2:9d:e2:5b:
         d9:40:d2:dc:9d:4a:a0:50:43:a0:08:dc:78:a0:fb:55:c5:12:
         9d:37:37:ff:da:71:22:d9:6f:40:5b:b4:9f:9f:99:cf:c2:95:
         1e:3c:46:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY27uyqF7nwreD2gwVzdrB+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwMjE4MTAyMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFjMDg4ZDk4NTZhY2YxYzMzZWRmMjI3MjM1MGQyMTAxMjMyOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmywzRFcY+VrSgl0E6qIg+hcDYuSe
pZWW8DiH+VaVjPB8Dx1ieN24ObWqbuDWNSK0ZLXmw4iW51bHHLNw5a0PxwVxiAbY
nKgOYpDBYNfx2QnEZZwFENOSfq8SA2o64DO8Ex2a2NhU8R5kNvFGkCc4AswJw4gp
B7VV+QfPtqWY3D/6Uvj7GsU3tUuUaqK62dsgpMkErV8OZOZmcoTQidgP7ZOCs+R1
lgdAdIbhBmWdWe00pqopv4daSpQsYPo32kFGF3AfDHE3rySrGlBpIGJxJnv4qdf/
Y5SX95WmLe5lB+NMAqC1O7rkX/PYAjr391MqPxFglnU4PT1kwBDJ4odTjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA0cCI2YVqzxwz7fInI1DSEBIylnMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvRFJ3SWpaaFdyUEhEUHQ4aWNqVU5JUUVqS1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW/LkAwQA
Xpp/AwQAkhOMMA0GCSqGSIb3DQEBCwUAA4IBAQApLlhsAAEoz3x2z4gmF/7HiXFt
865x8mU1jS/2QsOPSurzFi4dJ9z9nBX5aAicvRzKZ25QRLH72mxq0RrysClSdNB7
dJFZqPx1HYMG/Mmz2mqQkkhOHp3Y2c6XhQ2j6Pedl7fliSIk5XlikFecuS96PR6h
o6b6EhzktspuyUrlXRzGCQCL3ckuvy7qe7F7S90tYI/E0zZ4nuVtr3cj7odhMgPA
BqavFZaj4iVooneh5VkqJON5MHyoFKwjsUoeH7g6ZDs9GwZt25y6nAtYCFfzjSPe
8rKd4lvZQNLcnUqgUEOgCNx4oPtVxRKdNzf/2nEi2W9AW7Sfn5nPwpUePEZy
-----END CERTIFICATE-----