Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/eXRmaTvm7rpRBESgfVl8-NEw1Ek.roa
File:                     eXRmaTvm7rpRBESgfVl8-NEw1Ek.roa (raw, json)
Hash identifier:          4KpxFL4+jWNDh1iP3HQE0PJL7HKcpzesPpW7++/kRJg=
Subject key identifier:   79:74:66:69:3B:E6:EE:BA:51:04:44:A0:7D:59:7C:F8:D1:30:D4:49
Certificate issuer:       /CN=94046108b54261442422c0fbc80b3fa986ebe93a
Certificate serial:       018CC801EEAEF680782EC54361487B316812
Authority key identifier: 94:04:61:08:B5:42:61:44:24:22:C0:FB:C8:0B:3F:A9:86:EB:E9:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lARhCLVCYUQkIsD7yAs_qYbr6To.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/eXRmaTvm7rpRBESgfVl8-NEw1Ek.roa
Signing time:             Tue 02 Jan 2024 02:30:19 +0000
ROA not before:           Tue 02 Jan 2024 02:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12453
IP address blocks:        185.230.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/lARhCLVCYUQkIsD7yAs_qYbr6To.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/lARhCLVCYUQkIsD7yAs_qYbr6To.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lARhCLVCYUQkIsD7yAs_qYbr6To.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ee:ae:f6:80:78:2e:c5:43:61:48:7b:31:68:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94046108b54261442422c0fbc80b3fa986ebe93a
        Validity
            Not Before: Jan  2 02:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=797466693be6eeba510444a07d597cf8d130d449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:29:34:67:f1:01:34:58:76:e5:73:25:7c:39:
                    c8:5a:a5:27:11:e0:ce:9a:c6:12:4f:4f:2e:3a:6c:
                    6e:28:69:d5:d3:15:d9:e1:fa:df:e8:e2:fd:a7:a8:
                    3c:58:78:b9:9b:07:aa:66:1f:0a:88:37:70:d0:e5:
                    6e:35:03:7f:9e:d3:6e:83:9a:ba:2a:12:12:c5:54:
                    c7:9e:15:30:2d:26:22:c3:36:ed:c1:95:db:78:73:
                    94:31:15:da:be:8a:0f:52:b1:ca:91:a3:01:7d:fd:
                    7b:c1:b2:3d:f8:f5:71:1c:f9:38:3f:fd:56:cf:ee:
                    f2:af:c7:7b:8a:57:d0:5a:fc:d2:44:cc:94:9b:04:
                    d9:57:e1:02:ca:73:d9:7d:81:0f:cd:1e:24:08:f8:
                    99:d8:e4:18:61:13:73:d5:12:95:3d:44:c0:91:26:
                    8b:0b:6b:56:f5:bb:a0:1e:b5:e4:62:77:00:37:3f:
                    24:e7:c7:a0:ef:ef:14:ab:c4:4b:aa:60:fa:61:8d:
                    29:9c:93:60:72:ed:b3:7f:9a:5e:e6:e2:44:a4:6f:
                    60:8e:c8:8a:36:ac:6b:95:62:8f:94:a2:4a:4e:74:
                    c3:54:0b:ea:71:93:08:a5:e4:fd:9b:b3:86:84:b6:
                    59:0f:5c:7b:94:07:fd:a4:5b:ad:6a:70:d1:c0:3c:
                    8e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:74:66:69:3B:E6:EE:BA:51:04:44:A0:7D:59:7C:F8:D1:30:D4:49
            X509v3 Authority Key Identifier:
                keyid:94:04:61:08:B5:42:61:44:24:22:C0:FB:C8:0B:3F:A9:86:EB:E9:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lARhCLVCYUQkIsD7yAs_qYbr6To.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/eXRmaTvm7rpRBESgfVl8-NEw1Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/32ce7d-fb46-419c-af1d-9394924c3c76/1/lARhCLVCYUQkIsD7yAs_qYbr6To.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:22:e6:a8:8a:6a:51:d4:77:34:71:5c:26:2f:e9:32:49:80:
         41:3d:61:23:71:78:31:f8:2e:b1:ee:89:11:0b:69:0b:4b:39:
         b4:11:c2:d5:69:82:09:42:bc:4d:de:c3:50:70:a3:52:43:a0:
         0a:2d:73:d2:fb:7a:fe:44:c9:ac:0e:54:c5:61:26:d0:1c:7d:
         17:92:f5:82:61:a3:77:fa:59:21:42:b3:32:9e:95:8e:95:75:
         6e:97:64:84:c9:04:2e:a0:aa:1d:8f:19:58:79:30:94:7e:44:
         c0:ee:39:08:a4:39:b1:b9:6b:df:4f:56:54:4a:bb:da:28:a4:
         d1:5a:7e:86:0f:ff:3f:e7:fc:d6:1d:05:da:ba:67:6f:7e:3e:
         59:5e:9e:a6:e5:ae:5d:6b:aa:46:1a:41:23:96:b1:3b:4f:17:
         c3:6e:ce:42:bd:4c:51:fb:1b:d5:a7:ba:03:af:60:b2:83:05:
         7e:c2:a3:91:ac:19:34:d9:fd:ff:be:aa:1f:c7:28:bc:b4:77:
         76:b8:76:76:6c:0d:b1:cb:08:21:54:e5:5c:f3:cf:23:9a:e5:
         07:e2:e9:e5:d6:7f:61:7f:f1:87:cd:35:61:95:7c:ec:3e:6c:
         52:09:c9:7b:73:0a:96:81:eb:de:77:0b:d6:7a:4c:ce:fb:66:
         6c:07:eb:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAe6u9oB4LsVDYUh7MWgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MDQ2MTA4YjU0MjYxNDQyNDIyYzBmYmM4MGIzZmE5ODZl
YmU5M2EwHhcNMjQwMTAyMDIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc0NjY2OTNiZTZlZWJhNTEwNDQ0YTA3ZDU5N2NmOGQxMzBkNDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCk0Z/EBNFh25XMlfDnIWqUnEeDO
msYST08uOmxuKGnV0xXZ4frf6OL9p6g8WHi5mweqZh8KiDdw0OVuNQN/ntNug5q6
KhISxVTHnhUwLSYiwzbtwZXbeHOUMRXavooPUrHKkaMBff17wbI9+PVxHPk4P/1W
z+7yr8d7ilfQWvzSRMyUmwTZV+ECynPZfYEPzR4kCPiZ2OQYYRNz1RKVPUTAkSaL
C2tW9bugHrXkYncANz8k58eg7+8Uq8RLqmD6YY0pnJNgcu2zf5pe5uJEpG9gjsiK
NqxrlWKPlKJKTnTDVAvqcZMIpeT9m7OGhLZZD1x7lAf9pFutanDRwDyO6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl0Zmk75u66UQREoH1ZfPjRMNRJMB8GA1UdIwQY
MBaAFJQEYQi1QmFEJCLA+8gLP6mG6+k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFSaENMVkNZVVFrSXNEN3lBc19xWWJyNlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8zMmNlN2QtZmI0Ni00MTljLWFmMWQt
OTM5NDkyNGMzYzc2LzEvZVhSbWFUdm03cnBSQkVTZ2ZWbDgtTkV3MUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8zMmNlN2QtZmI0Ni00MTljLWFmMWQtOTM5NDkyNGMzYzc2
LzEvbEFSaENMVkNZVVFrSXNEN3lBc19xWWJyNlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueaEMA0G
CSqGSIb3DQEBCwUAA4IBAQAmIuaoimpR1Hc0cVwmL+kySYBBPWEjcXgx+C6x7okR
C2kLSzm0EcLVaYIJQrxN3sNQcKNSQ6AKLXPS+3r+RMmsDlTFYSbQHH0XkvWCYaN3
+lkhQrMynpWOlXVul2SEyQQuoKodjxlYeTCUfkTA7jkIpDmxuWvfT1ZUSrvaKKTR
Wn6GD/8/5/zWHQXaumdvfj5ZXp6m5a5da6pGGkEjlrE7TxfDbs5CvUxR+xvVp7oD
r2CygwV+wqORrBk02f3/vqofxyi8tHd2uHZ2bA2xywghVOVc888jmuUH4unl1n9h
f/GHzTVhlXzsPmxSCcl7cwqWgevedwvWekzO+2ZsB+t4
-----END CERTIFICATE-----