Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_ezucTOG5aF50VLtPhIG3nZDkgM.roa
File:                     _ezucTOG5aF50VLtPhIG3nZDkgM.roa (raw, json)
Hash identifier:          4VImfOVQ6WbhYaP06nesDSxESsBNf15lWLwMf6sShY8=
Subject key identifier:   FD:EC:EE:71:33:86:E5:A1:79:D1:52:ED:3E:12:06:DE:76:43:92:03
Certificate issuer:       /CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
Certificate serial:       018CC348BA625A8747BE1B22E3468E7DA539
Authority key identifier: D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_ezucTOG5aF50VLtPhIG3nZDkgM.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.69.250.0/24 maxlen: 24
                          185.69.249.0/24 maxlen: 24
                          185.69.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ba:62:5a:87:47:be:1b:22:e3:46:8e:7d:a5:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdecee713386e5a179d152ed3e1206de76439203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4c:a8:b2:78:23:e8:36:56:47:35:55:3e:86:
                    fa:d7:0f:ef:9d:9d:d2:e7:bf:a9:f1:e4:54:80:32:
                    6f:d3:17:90:8b:81:7f:b2:87:2e:14:5a:41:1b:76:
                    61:2f:a3:a8:30:6f:12:d8:cf:b8:6e:2e:d1:93:7e:
                    36:b4:67:92:d8:c5:08:10:c1:f9:fd:ac:3d:17:8c:
                    10:b7:5b:8f:ec:72:05:d0:a7:59:2a:1c:17:7a:4a:
                    6e:a4:a6:e6:84:02:95:d8:c4:d4:c9:9b:80:db:69:
                    8c:87:8e:ac:58:37:12:fb:80:26:b5:ed:a8:f1:df:
                    14:fb:ff:34:08:41:e2:58:ad:b2:b5:2d:4f:ad:06:
                    05:56:4c:e0:be:33:fa:24:4a:7f:74:7a:b0:a5:21:
                    90:cc:8d:30:3d:86:c4:5c:18:e2:76:8e:7b:34:de:
                    71:8a:d0:ae:b6:19:5c:49:d2:4f:93:29:3f:7e:a1:
                    b5:6b:a1:c7:ec:07:9b:71:b7:a9:b4:b9:4c:3f:bf:
                    da:81:03:98:14:31:37:e7:7a:5b:ac:6f:7b:10:9a:
                    2b:67:b5:83:38:c4:d8:e8:cc:bc:0d:9a:27:43:52:
                    07:66:f6:80:44:12:32:18:df:c4:1b:95:e1:2c:b4:
                    90:4e:94:da:1f:a3:ea:71:cb:a4:d4:1f:27:6d:d6:
                    d3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EC:EE:71:33:86:E5:A1:79:D1:52:ED:3E:12:06:DE:76:43:92:03
            X509v3 Authority Key Identifier:
                keyid:D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_ezucTOG5aF50VLtPhIG3nZDkgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.248.0-185.69.250.255

    Signature Algorithm: sha256WithRSAEncryption
         1f:e9:93:bb:ae:a0:e8:d4:2b:52:bf:4c:3f:c8:78:12:25:ef:
         64:d7:93:32:28:97:ce:f2:6f:47:94:b3:3b:17:00:aa:a0:5f:
         e6:99:53:8a:cc:be:16:61:ad:18:f3:13:4e:b8:cd:91:da:e4:
         8e:49:6b:3a:51:2a:8d:a7:f9:1a:81:7d:06:09:a2:9b:86:be:
         31:ea:88:f5:3b:31:96:3a:ab:8f:1e:b8:40:42:cb:68:f0:1b:
         28:e0:c6:dd:99:10:d9:e3:d4:30:83:20:37:3b:c9:92:63:b7:
         9b:d2:cb:db:bd:8e:3d:ec:d5:58:0c:e1:ec:01:14:e2:ee:83:
         d0:2c:9b:81:30:ee:84:7b:b5:da:48:ef:9c:34:f8:52:d3:ab:
         78:1d:33:c9:72:75:38:ad:86:c5:04:e4:9e:65:75:c7:69:8e:
         b3:32:f6:6e:bd:95:0f:d0:65:32:b0:09:87:ae:ad:e9:fd:49:
         fc:0c:05:1a:bf:a0:04:3c:52:c1:93:e5:68:57:22:f8:b1:01:
         ad:ff:e9:74:9a:9a:53:2a:54:65:7c:2a:ad:a2:3d:23:04:e4:
         c8:56:7e:31:b9:bc:ec:be:d9:db:37:2d:f7:2b:65:2a:97:1c:
         0f:73:b2:b0:e5:a6:64:6a:71:ec:11:32:90:12:26:2a:34:21:
         84:34:b1:cc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSLpiWodHvhsi40aOfaU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWE3ZjdmZGQ1NGExN2NlNWUxMmE0MTgyZWI2NTI0Nzlm
OWQ3NTgwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVjZWU3MTMzODZlNWExNzlkMTUyZWQzZTEyMDZkZTc2NDM5MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkyosngj6DZWRzVVPob61w/vnZ3S
57+p8eRUgDJv0xeQi4F/socuFFpBG3ZhL6OoMG8S2M+4bi7Rk342tGeS2MUIEMH5
/aw9F4wQt1uP7HIF0KdZKhwXekpupKbmhAKV2MTUyZuA22mMh46sWDcS+4Amte2o
8d8U+/80CEHiWK2ytS1PrQYFVkzgvjP6JEp/dHqwpSGQzI0wPYbEXBjido57NN5x
itCuthlcSdJPkyk/fqG1a6HH7AebcbeptLlMP7/agQOYFDE353pbrG97EJorZ7WD
OMTY6My8DZonQ1IHZvaARBIyGN/EG5XhLLSQTpTaH6Pqccuk1B8nbdbTsQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP3s7nEzhuWhedFS7T4SBt52Q5IDMB8GA1UdIwQY
MBaAFNCaf3/dVKF85eEqQYLrZSR5+ddYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgt
NTg3NWE0NDg5ZGJhLzEvX2V6dWNUT0c1YUY1MFZMdFBoSUczblpEa2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgtNTg3NWE0NDg5ZGJh
LzEvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5RfgD
BAC5RfowDQYJKoZIhvcNAQELBQADggEBAB/pk7uuoOjUK1K/TD/IeBIl72TXkzIo
l87yb0eUszsXAKqgX+aZU4rMvhZhrRjzE064zZHa5I5JazpRKo2n+RqBfQYJopuG
vjHqiPU7MZY6q48euEBCy2jwGyjgxt2ZENnj1DCDIDc7yZJjt5vSy9u9jj3s1VgM
4ewBFOLug9Asm4Ew7oR7tdpI75w0+FLTq3gdM8lydTithsUE5J5ldcdpjrMy9m69
lQ/QZTKwCYeuren9SfwMBRq/oAQ8UsGT5WhXIvixAa3/6XSamlMqVGV8Kq2iPSME
5MhWfjG5vOy+2ds3LfcrZSqXHA9zsrDlpmRqcewRMpASJio0IYQ0scw=
-----END CERTIFICATE-----