Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/hTYUwO0mjtldaMrJ4oe2mM-kV8g.roa
File:                     hTYUwO0mjtldaMrJ4oe2mM-kV8g.roa (raw, json)
Hash identifier:          Ojy0YjqUQ3am+vua5jKVzbqLR7onknrC2uVpV13U+VI=
Subject key identifier:   85:36:14:C0:ED:26:8E:D9:5D:68:CA:C9:E2:87:B6:98:CF:A4:57:C8
Certificate issuer:       /CN=e122e2b58233a193d1f72778565d6c98d76163a7
Certificate serial:       018F9DCD3E07E0814C3FBEF02F2F9B14EA05
Authority key identifier: E1:22:E2:B5:82:33:A1:93:D1:F7:27:78:56:5D:6C:98:D7:61:63:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SLitYIzoZPR9yd4Vl1smNdhY6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/hTYUwO0mjtldaMrJ4oe2mM-kV8g.roa
Signing time:             Wed 22 May 2024 00:57:04 +0000
ROA not before:           Wed 22 May 2024 00:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51019
IP address blocks:        185.242.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/4SLitYIzoZPR9yd4Vl1smNdhY6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/4SLitYIzoZPR9yd4Vl1smNdhY6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SLitYIzoZPR9yd4Vl1smNdhY6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9d:cd:3e:07:e0:81:4c:3f:be:f0:2f:2f:9b:14:ea:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e122e2b58233a193d1f72778565d6c98d76163a7
        Validity
            Not Before: May 22 00:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=853614c0ed268ed95d68cac9e287b698cfa457c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a8:6c:33:89:4b:10:f3:c5:ce:4e:ea:df:2f:
                    f2:ed:60:18:b6:2c:7c:b1:41:39:02:85:78:3b:17:
                    18:cc:80:5a:21:8f:9f:d0:50:e6:1f:7c:0d:5e:4d:
                    40:70:9d:1b:56:f5:3c:bc:e4:50:2b:af:80:a7:4d:
                    a3:c9:d0:c1:73:69:39:9b:60:70:59:2d:46:d7:35:
                    b5:d9:8f:46:7a:37:0a:3a:fb:de:68:ee:29:49:3c:
                    26:e5:e0:08:11:44:3c:8b:47:5f:1d:8b:d3:a0:d1:
                    70:34:45:db:55:34:a2:66:03:0c:a9:c5:59:66:08:
                    ef:bd:72:d3:39:4c:97:62:63:69:d4:d9:82:c3:19:
                    1c:6d:d6:74:0f:2e:ea:18:76:ed:04:2e:a5:68:aa:
                    17:9a:16:b9:70:86:48:a8:b9:7a:60:1a:ca:5a:d6:
                    bd:d8:0a:9f:3f:cf:64:e6:93:6f:77:d1:3f:64:86:
                    30:4d:48:1d:75:30:4c:8c:7a:1d:05:1d:2a:d6:ad:
                    2e:06:36:97:32:94:ab:8e:65:c0:ec:39:5f:d7:d1:
                    e9:0b:a6:8d:dd:9e:18:be:b6:b8:82:14:c1:00:ca:
                    2d:88:65:ba:41:27:43:ff:be:31:f9:43:98:e5:95:
                    34:92:11:d3:48:36:ff:d4:15:d8:67:a8:dc:36:79:
                    69:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:36:14:C0:ED:26:8E:D9:5D:68:CA:C9:E2:87:B6:98:CF:A4:57:C8
            X509v3 Authority Key Identifier:
                keyid:E1:22:E2:B5:82:33:A1:93:D1:F7:27:78:56:5D:6C:98:D7:61:63:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SLitYIzoZPR9yd4Vl1smNdhY6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/hTYUwO0mjtldaMrJ4oe2mM-kV8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d815fd-cfab-4a4a-9595-4166b75b08af/1/4SLitYIzoZPR9yd4Vl1smNdhY6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:a4:66:5e:30:c7:93:79:58:a9:7b:89:07:97:49:83:cf:43:
         e5:9a:5d:13:cb:e5:49:65:99:21:22:1d:68:15:5b:76:ab:72:
         21:80:04:fa:2f:a6:25:57:35:ce:6b:02:64:ab:9f:8c:95:c9:
         12:41:4c:15:02:94:d6:8a:6a:09:f9:21:93:f9:11:d0:e4:ff:
         c7:82:45:68:a8:57:46:f7:66:5e:91:3f:09:cf:53:e8:4b:ea:
         f2:60:7c:cf:f6:48:75:03:f9:82:2a:b3:2c:96:1c:00:c2:85:
         ea:72:9f:9b:a1:d4:2c:7e:37:49:f8:00:b1:26:20:48:c7:96:
         ae:2a:fe:eb:e6:97:f7:c2:d2:f3:9c:d1:e3:97:cc:9f:ad:ca:
         d8:e3:a1:08:63:98:f5:bd:6e:67:23:84:39:80:8c:70:33:05:
         e9:41:e6:cc:12:74:9d:50:d1:48:c1:be:ca:82:bc:6c:22:46:
         28:25:8f:51:b9:57:ac:ab:d5:e9:68:16:31:b4:a5:12:b4:3f:
         da:48:da:9e:40:23:75:db:d9:bb:55:d5:02:40:02:36:b9:d7:
         4b:4c:a1:05:65:ec:73:41:d6:24:3c:c6:bc:ec:a1:a2:b0:41:
         ec:3c:85:c0:bb:64:d0:1b:49:6d:9c:1b:0c:5a:88:73:29:44:
         55:7f:3c:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+dzT4H4IFMP77wLy+bFOoFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjJlMmI1ODIzM2ExOTNkMWY3Mjc3ODU2NWQ2Yzk4ZDc2
MTYzYTcwHhcNMjQwNTIyMDA1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTM2MTRjMGVkMjY4ZWQ5NWQ2OGNhYzllMjg3YjY5OGNmYTQ1N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qhsM4lLEPPFzk7q3y/y7WAYtix8
sUE5AoV4OxcYzIBaIY+f0FDmH3wNXk1AcJ0bVvU8vORQK6+Ap02jydDBc2k5m2Bw
WS1G1zW12Y9GejcKOvveaO4pSTwm5eAIEUQ8i0dfHYvToNFwNEXbVTSiZgMMqcVZ
ZgjvvXLTOUyXYmNp1NmCwxkcbdZ0Dy7qGHbtBC6laKoXmha5cIZIqLl6YBrKWta9
2AqfP89k5pNvd9E/ZIYwTUgddTBMjHodBR0q1q0uBjaXMpSrjmXA7Dlf19HpC6aN
3Z4Yvra4ghTBAMotiGW6QSdD/74x+UOY5ZU0khHTSDb/1BXYZ6jcNnlp/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU2FMDtJo7ZXWjKyeKHtpjPpFfIMB8GA1UdIwQY
MBaAFOEi4rWCM6GT0fcneFZdbJjXYWOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNMaXRZSXpvWlBSOXlkNFZsMXNtTmRoWTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kODE1ZmQtY2ZhYi00YTRhLTk1OTUt
NDE2NmI3NWIwOGFmLzEvaFRZVXdPMG1qdGxkYU1ySjRvZTJtTS1rVjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kODE1ZmQtY2ZhYi00YTRhLTk1OTUtNDE2NmI3NWIwOGFm
LzEvNFNMaXRZSXpvWlBSOXlkNFZsMXNtTmRoWTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufK6MA0G
CSqGSIb3DQEBCwUAA4IBAQCQpGZeMMeTeVipe4kHl0mDz0Plml0Ty+VJZZkhIh1o
FVt2q3IhgAT6L6YlVzXOawJkq5+MlckSQUwVApTWimoJ+SGT+RHQ5P/HgkVoqFdG
92ZekT8Jz1PoS+ryYHzP9kh1A/mCKrMslhwAwoXqcp+bodQsfjdJ+ACxJiBIx5au
Kv7r5pf3wtLznNHjl8yfrcrY46EIY5j1vW5nI4Q5gIxwMwXpQebMEnSdUNFIwb7K
grxsIkYoJY9RuVesq9XpaBYxtKUStD/aSNqeQCN129m7VdUCQAI2uddLTKEFZexz
QdYkPMa87KGisEHsPIXAu2TQG0ltnBsMWohzKURVfzwf
-----END CERTIFICATE-----