Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/rD3wnP0Vuyo9MsO7bm_YTJjrzKs.roa
File:                     rD3wnP0Vuyo9MsO7bm_YTJjrzKs.roa (raw, json)
Hash identifier:          b79jdgwH+SWMle2e48d/N6xtO7l+SSxtipp8x2JyYOw=
Subject key identifier:   AC:3D:F0:9C:FD:15:BB:2A:3D:32:C3:BB:6E:6F:D8:4C:98:EB:CC:AB
Certificate issuer:       /CN=e7fe22f551e95b0f15033c503552e49bca617c6a
Certificate serial:       0193B0C729A824F9AA0234F9385C42952D9B
Authority key identifier: E7:FE:22:F5:51:E9:5B:0F:15:03:3C:50:35:52:E4:9B:CA:61:7C:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_4i9VHpWw8VAzxQNVLkm8phfGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/rD3wnP0Vuyo9MsO7bm_YTJjrzKs.roa
Signing time:             Tue 10 Dec 2024 13:34:22 +0000
ROA not before:           Tue 10 Dec 2024 13:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28725
IP address blocks:        185.218.92.0/23 maxlen: 23
                          2a0b:bb40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/5_4i9VHpWw8VAzxQNVLkm8phfGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/5_4i9VHpWw8VAzxQNVLkm8phfGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_4i9VHpWw8VAzxQNVLkm8phfGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b0:c7:29:a8:24:f9:aa:02:34:f9:38:5c:42:95:2d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fe22f551e95b0f15033c503552e49bca617c6a
        Validity
            Not Before: Dec 10 13:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac3df09cfd15bb2a3d32c3bb6e6fd84c98ebccab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bd:e5:0c:d3:16:31:12:48:d5:fd:99:9b:01:
                    59:5d:7b:e1:43:49:6b:51:0b:9f:37:64:21:16:44:
                    f5:73:13:b7:f1:b7:95:08:9e:01:85:ec:b2:6a:59:
                    b0:d1:14:7d:22:06:40:cc:5a:fc:98:eb:8b:2b:af:
                    c5:b2:40:3f:0e:a3:95:8e:f4:4c:76:c2:85:ab:eb:
                    1f:92:67:e0:50:21:9b:2e:e5:19:fe:8a:02:89:ec:
                    ed:f5:d7:b9:d6:b3:e4:a3:f3:0b:85:ce:31:17:e0:
                    97:ff:d2:21:30:86:36:62:3e:2c:b3:e6:ab:d6:6a:
                    96:4a:08:7c:39:54:cf:5e:7a:f7:87:b4:9b:b9:c4:
                    3d:e6:5a:fe:4e:21:c9:51:43:26:f7:f4:fb:03:36:
                    62:43:68:58:5a:ae:23:9f:f2:73:43:09:9b:74:2f:
                    71:d0:c8:a7:a1:47:c5:22:c6:51:f5:d1:21:eb:df:
                    c4:11:d0:90:5f:82:12:e5:0d:f0:01:04:dc:bf:62:
                    0f:27:cd:11:5e:10:7e:ac:41:b1:82:d6:97:71:0b:
                    76:56:e3:7c:69:3f:47:2c:81:3c:01:1d:81:1d:89:
                    7b:63:f4:6e:6a:e4:ce:3c:3f:8a:05:8b:85:76:82:
                    42:7c:47:15:c2:bf:37:5f:29:d1:99:07:41:22:b5:
                    78:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3D:F0:9C:FD:15:BB:2A:3D:32:C3:BB:6E:6F:D8:4C:98:EB:CC:AB
            X509v3 Authority Key Identifier:
                keyid:E7:FE:22:F5:51:E9:5B:0F:15:03:3C:50:35:52:E4:9B:CA:61:7C:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_4i9VHpWw8VAzxQNVLkm8phfGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/rD3wnP0Vuyo9MsO7bm_YTJjrzKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d612e3-94eb-4866-b43c-e40b301401a9/1/5_4i9VHpWw8VAzxQNVLkm8phfGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.92.0/23
                IPv6:
                  2a0b:bb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:d2:8f:6d:43:49:f9:71:a6:ef:0e:36:2e:d2:42:2e:ae:fd:
         bf:1c:87:b9:e4:64:3f:b5:c4:e9:38:52:98:b3:c0:f1:c7:e9:
         1d:8b:57:aa:85:bd:10:3b:7e:2e:e1:c5:38:cb:fb:07:b1:2e:
         e1:81:4b:fa:37:04:79:09:e7:30:40:23:bb:4b:0a:3c:33:34:
         37:14:d8:7e:08:ff:33:c1:51:ad:c7:3c:4c:0d:20:a7:86:8b:
         aa:c6:2a:58:59:0b:1e:4f:58:60:14:c2:28:1a:a5:7b:5a:9b:
         f4:05:8a:24:82:8c:78:68:bd:2e:21:c4:a4:cb:1d:e3:94:ab:
         f3:12:c0:95:b1:fd:f3:56:2b:ce:50:fe:32:df:8d:47:24:f2:
         9f:72:f2:5d:70:9f:ff:ec:ba:1d:52:b2:b4:ef:a6:38:a1:ed:
         65:78:05:a7:93:84:ed:a1:5c:b9:4e:40:19:d2:59:2e:d6:43:
         67:9d:31:30:a3:63:0d:93:53:10:86:1a:98:2a:a5:05:0a:f3:
         99:7c:98:28:59:a9:9f:2c:11:11:5a:4b:bb:f9:0f:0f:23:00:
         07:8d:c2:c0:7a:30:0f:18:8f:f1:c6:de:55:91:20:78:ca:ff:
         91:f8:01:6f:a5:aa:5a:94:f5:71:d5:a0:44:9b:e5:78:a3:37:
         56:8a:eb:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZOwxymoJPmqAjT5OFxClS2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmUyMmY1NTFlOTViMGYxNTAzM2M1MDM1NTJlNDliY2E2
MTdjNmEwHhcNMjQxMjEwMTMzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNkZjA5Y2ZkMTViYjJhM2QzMmMzYmI2ZTZmZDg0Yzk4ZWJjY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr3lDNMWMRJI1f2ZmwFZXXvhQ0lr
UQufN2QhFkT1cxO38beVCJ4Bheyyalmw0RR9IgZAzFr8mOuLK6/FskA/DqOVjvRM
dsKFq+sfkmfgUCGbLuUZ/ooCiezt9de51rPko/MLhc4xF+CX/9IhMIY2Yj4ss+ar
1mqWSgh8OVTPXnr3h7SbucQ95lr+TiHJUUMm9/T7AzZiQ2hYWq4jn/JzQwmbdC9x
0MinoUfFIsZR9dEh69/EEdCQX4IS5Q3wAQTcv2IPJ80RXhB+rEGxgtaXcQt2VuN8
aT9HLIE8AR2BHYl7Y/RuauTOPD+KBYuFdoJCfEcVwr83XynRmQdBIrV4HwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKw98Jz9FbsqPTLDu25v2EyY68yrMB8GA1UdIwQY
MBaAFOf+IvVR6VsPFQM8UDVS5JvKYXxqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV80aTlWSHBXdzhWQXp4UU5WTGttOHBoZkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kNjEyZTMtOTRlYi00ODY2LWI0M2Mt
ZTQwYjMwMTQwMWE5LzEvckQzd25QMFZ1eW85TXNPN2JtX1lUSmpyektzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kNjEyZTMtOTRlYi00ODY2LWI0M2MtZTQwYjMwMTQwMWE5
LzEvNV80aTlWSHBXdzhWQXp4UU5WTGttOHBoZkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBudpcMA0E
AgACMAcDBQAqC7tAMA0GCSqGSIb3DQEBCwUAA4IBAQAw0o9tQ0n5cabvDjYu0kIu
rv2/HIe55GQ/tcTpOFKYs8Dxx+kdi1eqhb0QO34u4cU4y/sHsS7hgUv6NwR5Cecw
QCO7Swo8MzQ3FNh+CP8zwVGtxzxMDSCnhouqxipYWQseT1hgFMIoGqV7Wpv0BYok
gox4aL0uIcSkyx3jlKvzEsCVsf3zVivOUP4y341HJPKfcvJdcJ//7LodUrK076Y4
oe1leAWnk4TtoVy5TkAZ0lku1kNnnTEwo2MNk1MQhhqYKqUFCvOZfJgoWamfLBER
Wku7+Q8PIwAHjcLAejAPGI/xxt5VkSB4yv+R+AFvpapalPVx1aBEm+V4ozdWiut2
-----END CERTIFICATE-----