Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/D8Npx5yQG7Ze4tcNJRq2T-3oN70.roa
File:                     D8Npx5yQG7Ze4tcNJRq2T-3oN70.roa (raw, json)
Hash identifier:          oSyETx06tyNiiNec4JR5AXYmY/qLJxXp2+L6i3DOKho=
Subject key identifier:   0F:C3:69:C7:9C:90:1B:B6:5E:E2:D7:0D:25:1A:B6:4F:ED:E8:37:BD
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0194404210EC7DAF6D4920604B316C242F67
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/D8Npx5yQG7Ze4tcNJRq2T-3oN70.roa
Signing time:             Tue 07 Jan 2025 10:14:19 +0000
ROA not before:           Tue 07 Jan 2025 10:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152900
IP address blocks:        185.232.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:42:10:ec:7d:af:6d:49:20:60:4b:31:6c:24:2f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  7 10:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fc369c79c901bb65ee2d70d251ab64fede837bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:65:0e:eb:91:18:e3:e5:5a:db:6b:0f:d7:e4:
                    3b:d4:37:88:f1:fd:df:89:ed:e2:b8:f8:52:0d:5e:
                    03:58:62:b8:3e:1c:f3:04:08:4d:10:71:d3:82:cc:
                    19:da:ac:f7:9c:7a:54:9d:d4:f6:08:bd:2d:92:a5:
                    76:1c:3f:e1:d7:13:1c:c7:a2:d3:1a:2c:e1:c5:cf:
                    88:2a:f3:7e:2c:b1:aa:4f:df:61:9a:68:04:74:88:
                    6a:cf:d6:64:67:01:f0:fd:ff:6a:9b:de:d2:2d:8e:
                    10:44:c7:d5:bd:d2:19:5c:d2:eb:80:d9:df:da:9a:
                    41:9e:9c:83:3b:bc:a0:32:f9:13:a4:87:f5:cd:09:
                    f5:ce:c7:48:69:ac:9e:8f:e9:02:2d:8f:55:c9:3d:
                    54:3e:f2:6b:1a:62:4b:3e:f0:43:b0:60:db:38:82:
                    fb:11:4e:8c:df:1d:e5:0a:e8:d3:b1:42:1b:28:c0:
                    40:fe:1c:01:20:d8:ba:bc:21:36:3a:18:7e:f5:58:
                    db:fc:2c:a4:51:49:11:d2:e9:d8:b4:52:66:c1:bc:
                    4a:1f:01:9a:9a:e4:d3:99:3a:a0:4c:20:b9:72:25:
                    48:ae:29:73:a4:2d:8d:79:c4:06:31:c5:a8:13:6c:
                    97:d3:ec:ec:0d:78:33:a8:14:40:d4:5f:29:78:f5:
                    14:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C3:69:C7:9C:90:1B:B6:5E:E2:D7:0D:25:1A:B6:4F:ED:E8:37:BD
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/D8Npx5yQG7Ze4tcNJRq2T-3oN70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:46:15:66:a7:eb:d7:68:9c:2d:c2:f8:5a:d9:f5:e4:dd:1d:
         87:a8:30:a7:94:63:3f:ab:a1:f5:02:3f:b1:50:f7:dd:5d:5f:
         03:ca:d4:1f:59:9f:77:a1:76:8c:4c:aa:35:dc:75:e0:4f:a2:
         8a:b1:f3:09:62:c7:c2:da:f3:60:a2:80:01:09:b7:19:9d:8c:
         45:a5:46:fa:b7:23:03:4e:84:ea:c5:da:33:c3:ec:3c:02:23:
         23:b6:00:26:87:e9:33:41:2f:fc:93:00:d1:3a:d6:03:c4:b6:
         25:4c:5f:3c:20:1d:aa:13:0d:34:60:92:dc:90:5b:c8:f7:1e:
         69:00:0f:13:45:80:41:82:44:8a:46:fc:00:81:71:1c:31:65:
         50:44:90:f9:de:58:f2:75:49:a4:55:bf:3d:91:e9:18:73:05:
         60:70:cc:1d:62:58:1b:f0:7a:62:5b:9e:65:55:00:fd:ed:31:
         f7:94:b9:a0:98:49:42:68:5e:d8:4e:14:df:53:96:be:bf:1c:
         a5:aa:3c:48:37:0c:26:34:97:fb:0a:da:fc:60:3d:94:9c:cc:
         97:db:46:de:4d:ea:55:e1:7a:f8:5f:1a:3d:f9:ab:25:8a:6b:
         fb:5e:f0:30:27:05:f0:d6:6e:b3:e6:4e:ef:10:a7:a9:c5:e9:
         fd:9e:86:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRAQhDsfa9tSSBgSzFsJC9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTA3MTAxNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmMzNjljNzljOTAxYmI2NWVlMmQ3MGQyNTFhYjY0ZmVkZTgzN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWUO65EY4+Va22sP1+Q71DeI8f3f
ie3iuPhSDV4DWGK4PhzzBAhNEHHTgswZ2qz3nHpUndT2CL0tkqV2HD/h1xMcx6LT
Gizhxc+IKvN+LLGqT99hmmgEdIhqz9ZkZwHw/f9qm97SLY4QRMfVvdIZXNLrgNnf
2ppBnpyDO7ygMvkTpIf1zQn1zsdIaayej+kCLY9VyT1UPvJrGmJLPvBDsGDbOIL7
EU6M3x3lCujTsUIbKMBA/hwBINi6vCE2Ohh+9Vjb/CykUUkR0unYtFJmwbxKHwGa
muTTmTqgTCC5ciVIrilzpC2NecQGMcWoE2yX0+zsDXgzqBRA1F8pePUUbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/DaceckBu2XuLXDSUatk/t6De9MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvRDhOcHg1eVFHN1plNHRjTkpScTJULTNvTjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuehUMA0G
CSqGSIb3DQEBCwUAA4IBAQAWRhVmp+vXaJwtwvha2fXk3R2HqDCnlGM/q6H1Aj+x
UPfdXV8DytQfWZ93oXaMTKo13HXgT6KKsfMJYsfC2vNgooABCbcZnYxFpUb6tyMD
ToTqxdozw+w8AiMjtgAmh+kzQS/8kwDROtYDxLYlTF88IB2qEw00YJLckFvI9x5p
AA8TRYBBgkSKRvwAgXEcMWVQRJD53ljydUmkVb89kekYcwVgcMwdYlgb8HpiW55l
VQD97TH3lLmgmElCaF7YThTfU5a+vxylqjxINwwmNJf7Ctr8YD2UnMyX20beTepV
4Xr4Xxo9+aslimv7XvAwJwXw1m6z5k7vEKepxen9noYH
-----END CERTIFICATE-----