Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/pOWFiKd8k-Uvc89LTmPVn_EQGWE.roa
File:                     pOWFiKd8k-Uvc89LTmPVn_EQGWE.roa (raw, json)
Hash identifier:          RuHe+M3QcBd0YCaTlqd+grEwASZGXYBLtzCYRkEuNio=
Subject key identifier:   A4:E5:85:88:A7:7C:93:E5:2F:73:CF:4B:4E:63:D5:9F:F1:10:19:61
Certificate issuer:       /CN=49af2153f02409a464e4d7461c802d4b8dd10dff
Certificate serial:       018CC56EA73710FB55CF7E5C7B7BF1275110
Authority key identifier: 49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/pOWFiKd8k-Uvc89LTmPVn_EQGWE.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15440
IP address blocks:        185.140.228.0/24 maxlen: 24
                          185.140.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a7:37:10:fb:55:cf:7e:5c:7b:7b:f1:27:51:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49af2153f02409a464e4d7461c802d4b8dd10dff
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4e58588a77c93e52f73cf4b4e63d59ff1101961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:72:20:b0:2d:d1:21:58:3e:fd:6f:96:b5:99:
                    da:85:96:51:cd:28:12:91:44:29:95:02:51:1e:f7:
                    3b:10:86:36:40:e6:36:f4:fb:aa:2c:05:80:ee:4f:
                    ac:bb:45:80:4f:a3:a3:d7:85:8e:17:9b:7c:2f:71:
                    58:eb:a9:d3:e2:ca:97:f4:0f:cd:b5:85:e7:33:a1:
                    d2:c7:5a:ee:79:05:12:3d:d4:a5:34:ec:75:c0:bd:
                    c8:9a:71:6e:40:1b:45:92:66:8b:1b:eb:27:14:01:
                    10:07:6c:a3:32:78:b3:05:06:89:ae:a0:62:66:46:
                    b0:21:e8:1e:3f:fc:8e:0d:c3:88:90:a1:a1:96:01:
                    e4:44:fc:2f:8f:05:51:d0:90:46:02:6a:f4:43:ec:
                    dc:63:81:00:36:9f:60:43:2c:9f:17:be:d2:e1:59:
                    66:fe:b7:d2:44:b6:2d:7a:04:7a:52:96:b1:e5:5c:
                    76:8d:16:a9:c4:1d:05:ce:a8:fe:fd:d1:ca:8a:39:
                    81:d4:32:0a:93:87:fe:b6:5c:b0:9a:43:c2:f9:1e:
                    87:f4:f7:b2:29:da:53:3d:44:f0:7d:bf:b7:73:d1:
                    f4:8f:0c:12:6c:4b:0d:c8:92:17:a7:15:b0:e3:5e:
                    99:af:13:33:82:8b:a5:7a:be:8c:27:5c:07:a7:77:
                    6b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E5:85:88:A7:7C:93:E5:2F:73:CF:4B:4E:63:D5:9F:F1:10:19:61
            X509v3 Authority Key Identifier:
                keyid:49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/pOWFiKd8k-Uvc89LTmPVn_EQGWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:5a:b5:94:bc:a2:05:bf:09:4e:18:a2:90:b8:a9:b6:be:46:
         f7:7b:b9:70:94:4f:c1:22:ee:71:da:d6:b4:05:e2:3c:de:b6:
         7c:bf:ee:04:22:a6:45:d6:1e:6b:9c:75:9c:ef:49:18:fd:8d:
         4e:ec:c7:d1:f8:fa:73:3a:4e:8d:40:e5:52:22:72:c9:d2:b6:
         9b:39:9f:1e:67:e4:ad:09:d3:62:63:93:c0:99:b4:f9:bc:22:
         8a:a4:aa:3f:e9:d1:41:3e:95:c4:ff:03:67:70:81:5e:a2:f0:
         90:41:3f:63:c8:f8:cb:9a:ed:1c:12:e3:30:1a:e2:47:56:dd:
         cc:fb:be:17:8b:1a:f1:1d:05:61:51:d3:54:45:26:80:1b:72:
         38:03:f6:cb:54:29:b3:5b:29:87:df:88:f5:cf:35:4b:17:a0:
         2e:7a:15:f6:7f:53:ff:fd:41:73:da:4a:6a:5a:55:e7:71:31:
         ca:6a:bd:b3:d5:14:2e:f5:b9:6f:25:df:80:1c:27:36:a5:8e:
         c7:1a:2b:f5:62:20:83:5e:24:60:24:c8:db:ea:82:51:4b:b8:
         9a:7a:30:be:5b:79:42:67:41:21:02:06:1e:eb:68:77:0f:bf:
         47:2d:bd:7b:02:5a:2b:01:bb:d5:5b:ac:50:0b:e0:f3:0b:3b:
         8c:48:b7:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqc3EPtVz35ce3vxJ1EQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YWYyMTUzZjAyNDA5YTQ2NGU0ZDc0NjFjODAyZDRiOGRk
MTBkZmYwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU1ODU4OGE3N2M5M2U1MmY3M2NmNGI0ZTYzZDU5ZmYxMTAxOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXIgsC3RIVg+/W+WtZnahZZRzSgS
kUQplQJRHvc7EIY2QOY29PuqLAWA7k+su0WAT6Oj14WOF5t8L3FY66nT4sqX9A/N
tYXnM6HSx1rueQUSPdSlNOx1wL3ImnFuQBtFkmaLG+snFAEQB2yjMnizBQaJrqBi
ZkawIegeP/yODcOIkKGhlgHkRPwvjwVR0JBGAmr0Q+zcY4EANp9gQyyfF77S4Vlm
/rfSRLYtegR6Upax5Vx2jRapxB0Fzqj+/dHKijmB1DIKk4f+tlywmkPC+R6H9Pey
KdpTPUTwfb+3c9H0jwwSbEsNyJIXpxWw416ZrxMzgouler6MJ1wHp3drSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTlhYinfJPlL3PPS05j1Z/xEBlhMB8GA1UdIwQY
MBaAFEmvIVPwJAmkZOTXRhyALUuN0Q3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQt
NGVhNmRmYjJlNWQzLzEvcE9XRmlLZDhrLVV2Yzg5TFRtUFZuX0VRR1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQtNGVhNmRmYjJlNWQz
LzEvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYzkMA0G
CSqGSIb3DQEBCwUAA4IBAQBqWrWUvKIFvwlOGKKQuKm2vkb3e7lwlE/BIu5x2ta0
BeI83rZ8v+4EIqZF1h5rnHWc70kY/Y1O7MfR+PpzOk6NQOVSInLJ0rabOZ8eZ+St
CdNiY5PAmbT5vCKKpKo/6dFBPpXE/wNncIFeovCQQT9jyPjLmu0cEuMwGuJHVt3M
+74XixrxHQVhUdNURSaAG3I4A/bLVCmzWymH34j1zzVLF6AuehX2f1P//UFz2kpq
WlXncTHKar2z1RQu9blvJd+AHCc2pY7HGiv1YiCDXiRgJMjb6oJRS7iaejC+W3lC
Z0EhAgYe62h3D79HLb17AlorAbvVW6xQC+DzCzuMSLdq
-----END CERTIFICATE-----