Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/os1oVGu7Yis1A8RJX0upO3kYUGk.roa
File:                     os1oVGu7Yis1A8RJX0upO3kYUGk.roa (raw, json)
Hash identifier:          3AqF+pYOqjIBarG8HhG61WL/5eDyCbpue7v5kZFz1Sc=
Subject key identifier:   A2:CD:68:54:6B:BB:62:2B:35:03:C4:49:5F:4B:A9:3B:79:18:50:69
Certificate issuer:       /CN=89554780db25b243c0a2d361979b130a7f13c60d
Certificate serial:       018FCB34368A13D0EF3A7E2DAE612C82844F
Authority key identifier: 89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/os1oVGu7Yis1A8RJX0upO3kYUGk.roa
Signing time:             Thu 30 May 2024 20:32:27 +0000
ROA not before:           Thu 30 May 2024 20:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39700
IP address blocks:        185.75.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cb:34:36:8a:13:d0:ef:3a:7e:2d:ae:61:2c:82:84:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89554780db25b243c0a2d361979b130a7f13c60d
        Validity
            Not Before: May 30 20:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2cd68546bbb622b3503c4495f4ba93b79185069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c3:d5:9d:26:bf:85:d7:c8:d0:2e:90:86:da:
                    b9:24:6f:09:85:db:65:c8:26:2b:31:32:c9:5c:6f:
                    39:49:44:90:4a:09:03:93:9d:e7:86:fd:90:1b:23:
                    66:1a:b4:f6:62:85:8c:aa:34:c5:4c:7c:e9:5b:21:
                    a8:50:3a:19:a3:25:35:49:06:36:0b:cb:e2:2e:ac:
                    f4:45:33:68:02:89:3e:5a:df:ca:b5:7d:72:8e:7d:
                    5d:b6:8e:84:99:1b:32:ff:bf:4a:b2:35:34:48:28:
                    c2:1f:ad:7a:13:64:7d:40:f1:b4:b7:67:b9:63:40:
                    84:9a:ef:ec:09:24:43:4b:3b:8e:92:a2:ba:12:d8:
                    04:f0:aa:8f:b9:ba:5d:79:25:52:27:fb:be:6c:93:
                    e7:4c:30:99:bd:a5:40:7c:1f:01:b6:3c:b5:8d:cf:
                    8f:fe:cb:79:92:a1:70:1b:39:a1:58:0d:a6:ab:ed:
                    c7:5e:40:a0:cc:d0:b7:7f:0a:fa:0f:d5:13:ba:81:
                    4d:d6:b3:4f:07:c9:3b:8b:b5:82:ed:41:b7:cf:24:
                    e5:94:40:96:07:48:4f:b3:91:89:48:c9:7a:50:90:
                    8a:fb:aa:3c:ac:90:df:6f:31:a5:15:01:17:9a:a0:
                    f5:ee:a6:e8:e0:26:7c:87:d3:40:68:90:41:83:85:
                    e9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CD:68:54:6B:BB:62:2B:35:03:C4:49:5F:4B:A9:3B:79:18:50:69
            X509v3 Authority Key Identifier:
                keyid:89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/os1oVGu7Yis1A8RJX0upO3kYUGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:a1:4a:45:88:09:99:54:6e:95:41:4a:66:05:8f:d7:09:26:
         c8:9b:08:69:15:73:11:00:19:53:50:85:29:15:5d:81:e3:00:
         d6:2d:bb:e3:2c:cb:2c:e0:a9:e0:08:04:1c:d1:79:06:2a:b3:
         f5:93:4d:81:45:93:8b:67:5a:10:63:cf:ac:45:d2:34:97:5c:
         34:d1:37:8f:c8:e8:97:69:06:16:a8:64:8c:f3:5f:80:8f:f6:
         91:8d:8b:8d:28:1a:23:18:70:e3:45:74:da:8b:91:1d:ee:e9:
         0d:16:f0:1c:fe:cb:19:3b:c5:86:d2:ff:0f:28:3e:d6:9b:ff:
         d2:85:96:50:b1:ff:af:60:55:fc:4e:bb:11:4c:c7:9a:1f:0d:
         ea:e0:c8:c6:61:aa:0c:0a:3f:fd:82:80:8b:b6:ed:b6:ec:c1:
         67:f8:3b:40:90:a7:90:96:89:a0:b3:ed:2d:7e:2d:21:3e:fd:
         77:f3:3a:fe:58:cf:7e:63:af:8d:ed:2f:54:8c:f2:3c:14:d8:
         cb:d8:21:17:d1:48:65:cd:37:c0:7f:2b:1e:1d:45:2f:c1:24:
         17:c6:1c:aa:e7:c2:6b:a5:59:39:f0:79:e7:90:57:d5:d7:bb:
         9c:b1:96:09:c1:65:0e:05:6f:3d:38:c7:36:e2:a9:27:88:5d:
         ae:84:f2:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/LNDaKE9DvOn4trmEsgoRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTU0NzgwZGIyNWIyNDNjMGEyZDM2MTk3OWIxMzBhN2Yx
M2M2MGQwHhcNMjQwNTMwMjAzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNkNjg1NDZiYmI2MjJiMzUwM2M0NDk1ZjRiYTkzYjc5MTg1MDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08PVnSa/hdfI0C6Qhtq5JG8Jhdtl
yCYrMTLJXG85SUSQSgkDk53nhv2QGyNmGrT2YoWMqjTFTHzpWyGoUDoZoyU1SQY2
C8viLqz0RTNoAok+Wt/KtX1yjn1dto6EmRsy/79KsjU0SCjCH616E2R9QPG0t2e5
Y0CEmu/sCSRDSzuOkqK6EtgE8KqPubpdeSVSJ/u+bJPnTDCZvaVAfB8Btjy1jc+P
/st5kqFwGzmhWA2mq+3HXkCgzNC3fwr6D9UTuoFN1rNPB8k7i7WC7UG3zyTllECW
B0hPs5GJSMl6UJCK+6o8rJDfbzGlFQEXmqD17qbo4CZ8h9NAaJBBg4XpNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLNaFRru2IrNQPESV9LqTt5GFBpMB8GA1UdIwQY
MBaAFIlVR4DbJbJDwKLTYZebEwp/E8YNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGIt
ZGJhNGM5Yjg3MDZiLzEvb3Mxb1ZHdTdZaXMxQThSSlgwdXBPM2tZVUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGItZGJhNGM5Yjg3MDZi
LzEvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUucMA0G
CSqGSIb3DQEBCwUAA4IBAQChoUpFiAmZVG6VQUpmBY/XCSbImwhpFXMRABlTUIUp
FV2B4wDWLbvjLMss4KngCAQc0XkGKrP1k02BRZOLZ1oQY8+sRdI0l1w00TePyOiX
aQYWqGSM81+Aj/aRjYuNKBojGHDjRXTai5Ed7ukNFvAc/ssZO8WG0v8PKD7Wm//S
hZZQsf+vYFX8TrsRTMeaHw3q4MjGYaoMCj/9goCLtu227MFn+DtAkKeQlomgs+0t
fi0hPv138zr+WM9+Y6+N7S9UjPI8FNjL2CEX0UhlzTfAfyseHUUvwSQXxhyq58Jr
pVk58HnnkFfV17ucsZYJwWUOBW89OMc24qkniF2uhPL2
-----END CERTIFICATE-----