Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/c4klwM_PNhpObSnkLsuADsE_ByY.roa
File:                     c4klwM_PNhpObSnkLsuADsE_ByY.roa (raw, json)
Hash identifier:          QOLWMUIPnPQaedyjJiT1y4gPa+MllraoGhz5Mof+aVk=
Subject key identifier:   73:89:25:C0:CF:CF:36:1A:4E:6D:29:E4:2E:CB:80:0E:C1:3F:07:26
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       01932B8840DDC6D30CC6087C2CA451F0BA25
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/c4klwM_PNhpObSnkLsuADsE_ByY.roa
Signing time:             Thu 14 Nov 2024 16:36:09 +0000
ROA not before:           Thu 14 Nov 2024 16:36:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214036
IP address blocks:        185.82.73.0/24 maxlen: 24
                          193.23.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:88:40:dd:c6:d3:0c:c6:08:7c:2c:a4:51:f0:ba:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Nov 14 16:36:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=738925c0cfcf361a4e6d29e42ecb800ec13f0726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e1:83:32:f9:66:98:03:40:b5:cd:2b:7c:63:
                    2f:25:07:11:ee:af:8c:41:4b:46:3c:db:4b:77:d9:
                    32:39:52:83:12:d8:f6:82:fe:64:b2:4e:ec:80:e6:
                    5e:d1:bc:a0:f8:24:80:4c:af:99:58:9f:8a:f3:d6:
                    b5:4f:c8:69:45:aa:29:24:66:f3:26:22:ec:f6:94:
                    a1:64:dd:58:35:18:f5:54:03:7e:38:ed:26:56:bf:
                    7d:fc:14:3e:99:87:20:a5:57:96:b6:9b:b8:17:e8:
                    c9:4f:9f:8d:75:22:b8:f8:a5:a8:3e:b3:27:58:50:
                    1f:81:69:45:94:d3:1c:f1:9f:c9:67:38:87:7d:70:
                    5d:1f:b8:a1:29:ef:68:1f:f0:8e:9e:82:27:83:2d:
                    f3:81:61:a4:ee:99:1d:9f:94:ba:4a:bb:a6:11:9a:
                    19:55:04:3c:03:2f:8e:4d:d9:5b:52:85:da:65:c4:
                    8d:17:f2:0a:1e:ac:da:d1:aa:35:25:e3:25:ec:a0:
                    44:7f:bb:ee:b5:dd:39:9c:93:c3:2e:0f:59:5f:92:
                    79:65:81:05:6b:52:b3:fb:77:40:15:54:54:f4:95:
                    65:5b:88:a1:ce:ff:74:e9:4c:d7:22:07:37:be:05:
                    6e:5f:0a:c2:dc:1e:e3:85:37:6f:f4:c4:bb:fc:6f:
                    60:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:89:25:C0:CF:CF:36:1A:4E:6D:29:E4:2E:CB:80:0E:C1:3F:07:26
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/c4klwM_PNhpObSnkLsuADsE_ByY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.73.0/24
                  193.23.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:3d:30:aa:d1:98:b1:ee:dc:63:db:c3:88:2a:93:46:d3:47:
         0e:4e:56:e1:24:a3:93:ef:a0:29:88:bd:85:3a:ce:ed:db:95:
         72:9e:b7:e5:c3:6e:65:d8:a3:57:1e:86:87:b2:c2:9e:2f:dd:
         0e:4b:a8:1c:a3:c2:1f:c5:36:f3:95:27:48:e9:f4:ec:6a:4a:
         71:51:3c:7b:87:11:9c:50:d6:6b:2d:ef:3e:6d:f1:32:e6:95:
         d5:f1:8b:f4:d7:b1:1c:b7:28:a8:2c:a0:50:f4:8a:82:0c:17:
         d4:e7:d5:e3:14:5d:32:f3:2a:4d:82:d2:39:5c:16:cd:83:79:
         ff:32:df:7a:60:a8:3f:78:c7:8e:4f:f0:36:06:95:27:7a:04:
         48:bc:68:1a:bd:4a:55:b7:78:a7:c6:ab:5a:d0:09:61:02:96:
         4a:c0:33:50:b6:47:63:71:1e:47:86:bb:ed:e4:64:0e:f7:03:
         7d:3b:56:6b:cd:e6:51:1d:32:ef:8b:a9:95:63:86:8e:a9:97:
         2d:4e:91:1d:1d:80:d5:de:e4:d8:a1:6a:cf:c9:d3:21:24:64:
         1c:3c:27:08:42:a5:c4:49:d4:fb:ae:c7:5f:fe:59:23:60:ef:
         b1:4d:b2:82:14:09:70:e6:bf:58:72:e9:c3:6b:3e:a7:11:75:
         80:70:b6:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMriEDdxtMMxgh8LKRR8LolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjQxMTE0MTYzNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzg5MjVjMGNmY2YzNjFhNGU2ZDI5ZTQyZWNiODAwZWMxM2YwNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOGDMvlmmANAtc0rfGMvJQcR7q+M
QUtGPNtLd9kyOVKDEtj2gv5ksk7sgOZe0byg+CSATK+ZWJ+K89a1T8hpRaopJGbz
JiLs9pShZN1YNRj1VAN+OO0mVr99/BQ+mYcgpVeWtpu4F+jJT5+NdSK4+KWoPrMn
WFAfgWlFlNMc8Z/JZziHfXBdH7ihKe9oH/COnoIngy3zgWGk7pkdn5S6SrumEZoZ
VQQ8Ay+OTdlbUoXaZcSNF/IKHqza0ao1JeMl7KBEf7vutd05nJPDLg9ZX5J5ZYEF
a1Kz+3dAFVRU9JVlW4ihzv906UzXIgc3vgVuXwrC3B7jhTdv9MS7/G9gIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHOJJcDPzzYaTm0p5C7LgA7BPwcmMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvYzRrbHdNX1BOaHBPYlNua0xzdUFEc0VfQnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVJJAwQA
wRd2MA0GCSqGSIb3DQEBCwUAA4IBAQCqPTCq0Zix7txj28OIKpNG00cOTlbhJKOT
76ApiL2FOs7t25Vynrflw25l2KNXHoaHssKeL90OS6gco8IfxTbzlSdI6fTsakpx
UTx7hxGcUNZrLe8+bfEy5pXV8Yv017EctyioLKBQ9IqCDBfU59XjFF0y8ypNgtI5
XBbNg3n/Mt96YKg/eMeOT/A2BpUnegRIvGgavUpVt3inxqta0AlhApZKwDNQtkdj
cR5Hhrvt5GQO9wN9O1ZrzeZRHTLvi6mVY4aOqZctTpEdHYDV3uTYoWrPydMhJGQc
PCcIQqXESdT7rsdf/lkjYO+xTbKCFAlw5r9YcunDaz6nEXWAcLaW
-----END CERTIFICATE-----