Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/Dv43RHDeUtJDQmxti43L1AO5Ng8.roa
File:                     Dv43RHDeUtJDQmxti43L1AO5Ng8.roa (raw, json)
Hash identifier:          UlP96+n+rbW0WZnoFSkE3oER1BGEZK4WrwTTpGPwu8A=
Subject key identifier:   0E:FE:37:44:70:DE:52:D2:43:42:6C:6D:8B:8D:CB:D4:03:B9:36:0F
Certificate issuer:       /CN=b49bd84da17997cbb286af9022ab2e05ba08b442
Certificate serial:       018CC8016AA51E3817E1C4C4EC1670A29425
Authority key identifier: B4:9B:D8:4D:A1:79:97:CB:B2:86:AF:90:22:AB:2E:05:BA:08:B4:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJvYTaF5l8uyhq-QIqsuBboItEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/Dv43RHDeUtJDQmxti43L1AO5Ng8.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        185.230.183.0/24 maxlen: 24
                          185.230.182.0/24 maxlen: 24
                          185.230.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/tJvYTaF5l8uyhq-QIqsuBboItEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/tJvYTaF5l8uyhq-QIqsuBboItEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJvYTaF5l8uyhq-QIqsuBboItEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:a5:1e:38:17:e1:c4:c4:ec:16:70:a2:94:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b49bd84da17997cbb286af9022ab2e05ba08b442
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0efe374470de52d243426c6d8b8dcbd403b9360f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4f:aa:e9:f2:e1:b5:77:3d:4e:f7:b8:00:7d:
                    06:bb:e4:f1:5e:4a:19:99:8e:0b:62:fc:82:32:1e:
                    6f:87:5c:a8:6e:0a:1c:cd:8b:03:1c:91:71:2f:b0:
                    a5:6b:3f:3b:e6:6e:5d:12:49:74:4c:88:39:5b:52:
                    34:d1:47:71:f2:d1:0d:f9:5a:2b:e4:6a:e5:ac:07:
                    3c:98:4c:a6:4c:48:5b:cd:a7:e8:06:d5:0d:18:25:
                    01:09:b2:91:07:48:85:39:ed:e9:84:08:bd:59:16:
                    78:0a:e3:44:7b:63:f4:67:49:d8:7a:f5:86:04:04:
                    fa:d4:06:d0:4c:fc:de:bf:fe:62:79:ea:33:51:1b:
                    2f:52:eb:87:a1:03:80:a3:64:c3:8e:7b:e4:ca:e2:
                    0c:85:18:fc:7e:ec:b8:b9:d1:84:14:c5:fa:52:55:
                    38:42:c5:fe:80:34:93:2c:34:95:d4:1f:32:ac:ea:
                    0b:05:9c:b1:0f:03:40:15:4b:65:cb:aa:c2:c9:43:
                    a2:be:72:72:66:b5:ec:d6:0d:83:2b:ec:83:6b:d1:
                    e5:e2:cf:d5:d6:d2:af:da:72:28:38:13:0e:55:d1:
                    ee:c1:08:81:bd:30:2b:80:cb:d4:cb:82:73:a2:63:
                    84:cf:2f:b3:22:51:d0:50:4e:18:de:59:f1:e1:89:
                    16:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:FE:37:44:70:DE:52:D2:43:42:6C:6D:8B:8D:CB:D4:03:B9:36:0F
            X509v3 Authority Key Identifier:
                keyid:B4:9B:D8:4D:A1:79:97:CB:B2:86:AF:90:22:AB:2E:05:BA:08:B4:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJvYTaF5l8uyhq-QIqsuBboItEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/Dv43RHDeUtJDQmxti43L1AO5Ng8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/ee54d1-5b15-4f93-897b-0c909bf5be4d/1/tJvYTaF5l8uyhq-QIqsuBboItEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.181.0-185.230.183.255

    Signature Algorithm: sha256WithRSAEncryption
         1c:75:0a:63:5e:38:f1:a0:a0:09:e4:04:c6:64:9b:2b:1c:6d:
         32:7d:86:f6:e9:a4:78:2f:72:83:11:b7:09:d9:cd:65:00:f8:
         a3:dc:b6:e8:b3:26:15:75:bc:11:36:d6:a0:f7:1d:6c:bb:c5:
         25:ee:6b:b9:9b:f5:25:84:d8:76:2a:07:10:27:d9:4e:46:63:
         07:e3:c6:3c:16:e8:9d:74:1c:6a:14:b2:43:d6:ec:3b:33:cc:
         fd:06:3c:28:f8:05:a0:49:0d:38:15:3f:9a:c1:6e:4b:a4:c3:
         5f:6c:27:ea:28:7b:f4:05:33:6e:4f:82:db:3e:45:7e:ea:c7:
         a9:85:a3:99:ea:20:01:31:e4:97:40:a9:75:1b:15:5a:19:72:
         5e:89:de:4b:b9:12:bd:27:3a:7b:67:81:ae:3b:6a:b3:49:ae:
         86:be:e6:b9:b3:08:6b:dc:f0:25:17:56:70:4e:2d:ac:1c:d0:
         62:cd:95:9d:1d:b1:ac:7c:b2:27:41:d6:86:23:1f:14:fe:7d:
         db:68:d8:77:10:9a:e4:95:5b:aa:a9:bf:a0:04:c3:65:f3:25:
         1e:af:cf:e9:c3:bb:e7:d8:c3:ed:07:1b:45:91:16:aa:c9:c9:
         b9:45:9a:69:f7:16:fe:76:cb:af:fa:ee:0b:77:81:3c:90:77:
         30:00:58:e0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAWqlHjgX4cTE7BZwopQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OWJkODRkYTE3OTk3Y2JiMjg2YWY5MDIyYWIyZTA1YmEw
OGI0NDIwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWZlMzc0NDcwZGU1MmQyNDM0MjZjNmQ4YjhkY2JkNDAzYjkzNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU+q6fLhtXc9Tve4AH0Gu+TxXkoZ
mY4LYvyCMh5vh1yobgoczYsDHJFxL7Claz875m5dEkl0TIg5W1I00Udx8tEN+Vor
5GrlrAc8mEymTEhbzafoBtUNGCUBCbKRB0iFOe3phAi9WRZ4CuNEe2P0Z0nYevWG
BAT61AbQTPzev/5ieeozURsvUuuHoQOAo2TDjnvkyuIMhRj8fuy4udGEFMX6UlU4
QsX+gDSTLDSV1B8yrOoLBZyxDwNAFUtly6rCyUOivnJyZrXs1g2DK+yDa9Hl4s/V
1tKv2nIoOBMOVdHuwQiBvTArgMvUy4JzomOEzy+zIlHQUE4Y3lnx4YkWcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA7+N0Rw3lLSQ0JsbYuNy9QDuTYPMB8GA1UdIwQY
MBaAFLSb2E2heZfLsoavkCKrLgW6CLRCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEp2WVRhRjVsOHV5aHEtUUlxc3VCYm9JdEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lZTU0ZDEtNWIxNS00ZjkzLTg5N2It
MGM5MDliZjViZTRkLzEvRHY0M1JIRGVVdEpEUW14dGk0M0wxQU81Tmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lZTU0ZDEtNWIxNS00ZjkzLTg5N2ItMGM5MDliZjViZTRk
LzEvdEp2WVRhRjVsOHV5aHEtUUlxc3VCYm9JdEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC55rUD
BAO55rAwDQYJKoZIhvcNAQELBQADggEBABx1CmNeOPGgoAnkBMZkmyscbTJ9hvbp
pHgvcoMRtwnZzWUA+KPctuizJhV1vBE21qD3HWy7xSXua7mb9SWE2HYqBxAn2U5G
YwfjxjwW6J10HGoUskPW7DszzP0GPCj4BaBJDTgVP5rBbkukw19sJ+ooe/QFM25P
gts+RX7qx6mFo5nqIAEx5JdAqXUbFVoZcl6J3ku5Er0nOntnga47arNJroa+5rmz
CGvc8CUXVnBOLawc0GLNlZ0dsax8sidB1oYjHxT+fdto2HcQmuSVW6qpv6AEw2Xz
JR6vz+nDu+fYw+0HG0WRFqrJyblFmmn3Fv52y6/67gt3gTyQdzAAWOA=
-----END CERTIFICATE-----