Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/i6RJzi5RYIdzCgbxYjv1ygRY83E.roa
File:                     i6RJzi5RYIdzCgbxYjv1ygRY83E.roa (raw, json)
Hash identifier:          xwJxH1GMl268ht7XqFvH/n3Qts5RSLF6hPoQSdpuekw=
Subject key identifier:   8B:A4:49:CE:2E:51:60:87:73:0A:06:F1:62:3B:F5:CA:04:58:F3:71
Certificate issuer:       /CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
Certificate serial:       0190BD1B7F369D1C3D831E177B381D9FD8CD
Authority key identifier: E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/i6RJzi5RYIdzCgbxYjv1ygRY83E.roa
Signing time:             Tue 16 Jul 2024 19:53:34 +0000
ROA not before:           Tue 16 Jul 2024 19:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135391
IP address blocks:        185.145.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:1b:7f:36:9d:1c:3d:83:1e:17:7b:38:1d:9f:d8:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
        Validity
            Not Before: Jul 16 19:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba449ce2e516087730a06f1623bf5ca0458f371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:24:9b:ff:c7:37:0b:09:f7:55:0f:24:4d:8b:
                    1d:b5:8b:63:ae:d3:3c:c5:7f:47:d0:d6:8d:19:f5:
                    1c:a6:2a:5a:81:37:e8:dc:c3:3e:7c:1d:52:1b:0d:
                    05:05:fc:80:b9:18:c5:5d:01:bd:3a:58:2e:22:35:
                    1d:28:de:e3:26:a2:f4:12:9d:0a:70:ae:c1:ae:01:
                    10:99:ba:40:67:16:fd:ae:92:a6:56:e3:bd:45:0a:
                    bb:b9:34:4e:d0:d0:23:b4:e0:9b:26:69:15:7c:a9:
                    96:92:61:fd:c8:63:ec:06:a3:cd:dd:91:c0:58:52:
                    57:46:d6:a0:5d:e3:47:07:4d:1d:8e:66:e9:e5:b0:
                    ee:7c:b3:7d:8d:13:7b:fd:66:dc:38:42:73:0e:39:
                    e9:94:2c:d1:58:19:35:e7:d1:45:e5:48:9d:45:86:
                    5e:b5:ca:22:7f:27:5e:61:e6:12:fd:01:db:d7:11:
                    62:15:91:1b:35:0c:11:c3:8e:d2:ba:0f:f1:eb:01:
                    dd:ea:a1:13:cb:c1:17:d0:b1:a2:92:f2:03:11:8b:
                    b7:84:d3:4d:a9:3a:bc:85:28:87:1e:ae:e3:f3:c8:
                    95:b4:3f:a1:93:cd:78:6b:2d:d7:02:af:1b:92:a7:
                    77:8a:1a:86:44:02:e2:2f:f5:25:9a:cd:07:96:75:
                    e1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A4:49:CE:2E:51:60:87:73:0A:06:F1:62:3B:F5:CA:04:58:F3:71
            X509v3 Authority Key Identifier:
                keyid:E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/i6RJzi5RYIdzCgbxYjv1ygRY83E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a3:b1:59:d6:34:79:69:91:1e:f7:79:34:ae:61:b0:e1:23:
         cd:47:c9:be:42:b7:68:52:4f:b0:6d:af:97:ed:18:5b:af:28:
         2a:08:9b:2d:04:15:b8:c7:30:52:09:6d:46:61:06:6c:d5:21:
         4d:f0:b0:aa:24:eb:13:99:79:99:c0:ad:bb:e4:34:0e:90:02:
         76:3b:96:2d:df:b0:29:d1:28:15:00:28:ed:8e:0e:88:ca:49:
         2a:76:3f:f9:e0:f7:a6:64:f6:7a:ba:9c:74:bb:70:5a:27:99:
         5b:78:48:e3:89:b7:df:97:72:b6:26:4b:dd:92:c1:7d:30:27:
         63:1e:9f:27:28:74:de:70:c7:4c:fb:ef:f3:08:6a:36:57:4e:
         b0:d5:33:4f:8f:96:48:c5:e1:b2:10:3b:ed:58:9f:cd:86:2f:
         b2:88:ae:51:13:7c:d5:d7:fc:d0:a2:7b:99:26:32:83:21:08:
         e6:21:68:1e:39:9f:35:ad:86:45:5d:77:47:c9:3d:a8:6c:d3:
         07:3b:82:05:a4:63:7b:77:94:17:5f:fb:f9:93:b6:99:62:69:
         0d:3e:05:96:40:62:51:7c:f1:7b:60:04:19:4c:29:54:79:49:
         7f:89:89:fb:b2:01:82:94:d1:8f:93:c5:cc:ad:08:35:2c:bf:
         89:89:20:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC9G382nRw9gx4Xezgdn9jNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNDc3MDcyYjkxYWY1YzNmM2JmZTY5NzQzMjQzZTdjZGEz
YWU4NzkwHhcNMjQwNzE2MTk1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE0NDljZTJlNTE2MDg3NzMwYTA2ZjE2MjNiZjVjYTA0NThmMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CSb/8c3Cwn3VQ8kTYsdtYtjrtM8
xX9H0NaNGfUcpipagTfo3MM+fB1SGw0FBfyAuRjFXQG9OlguIjUdKN7jJqL0Ep0K
cK7BrgEQmbpAZxb9rpKmVuO9RQq7uTRO0NAjtOCbJmkVfKmWkmH9yGPsBqPN3ZHA
WFJXRtagXeNHB00djmbp5bDufLN9jRN7/WbcOEJzDjnplCzRWBk159FF5UidRYZe
tcoifydeYeYS/QHb1xFiFZEbNQwRw47Sug/x6wHd6qETy8EX0LGikvIDEYu3hNNN
qTq8hSiHHq7j88iVtD+hk814ay3XAq8bkqd3ihqGRALiL/Ulms0HlnXhfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIukSc4uUWCHcwoG8WI79coEWPNxMB8GA1UdIwQY
MBaAFOFHcHK5GvXD87/ml0MkPnzaOuh5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2Ut
ZTdjOGNmM2FmNWRlLzEvaTZSSnppNVJZSWR6Q2dieFlqdjF5Z1JZODNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2UtZTdjOGNmM2FmNWRl
LzEvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZHrMA0G
CSqGSIb3DQEBCwUAA4IBAQAio7FZ1jR5aZEe93k0rmGw4SPNR8m+QrdoUk+wba+X
7RhbrygqCJstBBW4xzBSCW1GYQZs1SFN8LCqJOsTmXmZwK275DQOkAJ2O5Yt37Ap
0SgVACjtjg6Iykkqdj/54PemZPZ6upx0u3BaJ5lbeEjjibffl3K2JkvdksF9MCdj
Hp8nKHTecMdM++/zCGo2V06w1TNPj5ZIxeGyEDvtWJ/Nhi+yiK5RE3zV1/zQonuZ
JjKDIQjmIWgeOZ81rYZFXXdHyT2obNMHO4IFpGN7d5QXX/v5k7aZYmkNPgWWQGJR
fPF7YAQZTClUeUl/iYn7sgGClNGPk8XMrQg1LL+JiSAi
-----END CERTIFICATE-----