Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/EdPKKUTBikSrw6zOoLik5Q-6iyc.roa
File:                     EdPKKUTBikSrw6zOoLik5Q-6iyc.roa (raw, json)
Hash identifier:          JeAo+ctlIJVM7kqvWcKz+qt43Un9DRJFAgW5wi8BYe0=
Subject key identifier:   11:D3:CA:29:44:C1:8A:44:AB:C3:AC:CE:A0:B8:A4:E5:0F:BA:8B:27
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       018CC5DCAA26E200AB248BC90CF83B6CC30A
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/EdPKKUTBikSrw6zOoLik5Q-6iyc.roa
Signing time:             Mon 01 Jan 2024 16:30:22 +0000
ROA not before:           Mon 01 Jan 2024 16:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        37.140.254.0/24 maxlen: 24
                          185.82.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:aa:26:e2:00:ab:24:8b:c9:0c:f8:3b:6c:c3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jan  1 16:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11d3ca2944c18a44abc3accea0b8a4e50fba8b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:4d:44:eb:bc:13:49:eb:54:e2:d1:d7:9e:
                    2e:f9:bd:44:66:03:a9:3a:b7:f4:f1:81:f4:07:8a:
                    40:65:d4:cc:fd:3f:79:a8:9d:7f:b9:9e:92:df:83:
                    1a:f0:b9:4f:5d:1d:b0:85:9b:3e:da:19:f7:b3:8f:
                    9f:63:e8:45:26:c0:b7:d4:7c:74:78:2d:9c:06:ef:
                    6a:ba:17:52:e5:d4:a9:07:5f:f1:01:d6:11:2f:ac:
                    4b:8f:b0:41:46:fa:e5:20:d8:ab:9c:3d:fa:b1:60:
                    58:03:7c:34:86:fa:3d:eb:d3:75:74:62:b9:7c:9d:
                    27:1f:0e:fc:b9:54:de:b7:ab:18:18:9e:86:c5:4d:
                    57:53:74:99:b0:26:c3:73:c7:3c:e0:92:1b:1c:b0:
                    73:09:76:b8:f1:c8:11:d3:7e:c4:be:00:e9:9e:07:
                    49:ef:2a:a6:58:34:04:b5:b1:a8:0c:04:92:e6:e3:
                    3f:47:fe:e0:88:cb:02:6d:20:97:54:a4:89:15:c2:
                    1e:24:91:0b:fa:40:41:c3:da:7f:0b:a2:2f:a1:92:
                    ef:40:50:2e:51:56:3a:47:77:9c:ac:5e:dd:1f:2b:
                    c4:80:72:16:a7:c7:30:28:45:fd:29:f1:cf:7f:bb:
                    62:2a:59:84:9b:c4:96:61:5c:b7:c4:8f:61:ca:6b:
                    0b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D3:CA:29:44:C1:8A:44:AB:C3:AC:CE:A0:B8:A4:E5:0F:BA:8B:27
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/EdPKKUTBikSrw6zOoLik5Q-6iyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.254.0/24
                  185.82.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:fc:68:26:61:b9:23:27:52:dc:4b:23:0d:66:9a:88:68:61:
         63:fd:b4:30:32:13:4f:ee:fe:d1:4b:d9:88:72:05:42:e2:50:
         f4:b0:a7:90:d5:45:6b:8b:43:0c:0a:87:6c:23:3a:fd:bc:eb:
         5f:0c:95:24:ef:b6:06:de:71:4c:41:65:8e:10:ae:72:c9:7d:
         84:40:80:5d:cd:f3:e1:c6:28:d3:bb:ee:5e:71:ca:2e:2f:38:
         c2:70:f1:34:74:29:2b:c3:e9:d2:3d:76:af:65:ff:13:20:59:
         62:72:21:70:a2:7e:26:22:aa:22:43:0c:d2:a5:e7:4c:00:39:
         f7:a6:77:f8:68:d2:dd:59:05:aa:bf:00:74:77:53:af:a6:3a:
         29:60:8c:ef:71:b1:cb:0f:9a:4d:52:fc:c7:09:5a:8a:7f:2c:
         79:79:a5:49:71:5c:82:98:6c:7c:1d:9a:c9:da:a2:5a:70:95:
         ee:8f:8e:0e:87:9b:b1:21:be:78:d4:a0:f2:8f:a2:86:0d:5b:
         11:5b:0f:1b:70:09:15:81:4f:89:8f:bf:c2:38:e1:b3:ef:c6:
         29:10:53:01:e3:81:df:4a:89:36:87:ed:5e:5f:f4:5e:7d:05:
         40:40:43:a3:28:3a:b5:ab:38:14:0c:f8:47:b1:a5:3d:d9:7d:
         5a:71:d6:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Kom4gCrJIvJDPg7bMMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjQwMTAxMTYzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQzY2EyOTQ0YzE4YTQ0YWJjM2FjY2VhMGI4YTRlNTBmYmE4YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJBNROu8E0nrVOLR154u+b1EZgOp
Orf08YH0B4pAZdTM/T95qJ1/uZ6S34Ma8LlPXR2whZs+2hn3s4+fY+hFJsC31Hx0
eC2cBu9quhdS5dSpB1/xAdYRL6xLj7BBRvrlINirnD36sWBYA3w0hvo969N1dGK5
fJ0nHw78uVTet6sYGJ6GxU1XU3SZsCbDc8c84JIbHLBzCXa48cgR037EvgDpngdJ
7yqmWDQEtbGoDASS5uM/R/7giMsCbSCXVKSJFcIeJJEL+kBBw9p/C6IvoZLvQFAu
UVY6R3ecrF7dHyvEgHIWp8cwKEX9KfHPf7tiKlmEm8SWYVy3xI9hymsL6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBHTyilEwYpEq8OszqC4pOUPuosnMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvRWRQS0tVVEJpa1NydzZ6T29MaWs1US02aXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJYz+AwQA
uVJIMA0GCSqGSIb3DQEBCwUAA4IBAQB6/GgmYbkjJ1LcSyMNZpqIaGFj/bQwMhNP
7v7RS9mIcgVC4lD0sKeQ1UVri0MMCodsIzr9vOtfDJUk77YG3nFMQWWOEK5yyX2E
QIBdzfPhxijTu+5eccouLzjCcPE0dCkrw+nSPXavZf8TIFliciFwon4mIqoiQwzS
pedMADn3pnf4aNLdWQWqvwB0d1OvpjopYIzvcbHLD5pNUvzHCVqKfyx5eaVJcVyC
mGx8HZrJ2qJacJXuj44Oh5uxIb541KDyj6KGDVsRWw8bcAkVgU+Jj7/COOGz78Yp
EFMB44HfSok2h+1eX/RefQVAQEOjKDq1qzgUDPhHsaU92X1acdY0
-----END CERTIFICATE-----