Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/DPmYqcSHpRgdVDFLr4RyYj2VD_4.roa
File:                     DPmYqcSHpRgdVDFLr4RyYj2VD_4.roa (raw, json)
Hash identifier:          gk8cqEonekO2bPuq1tSUJT7G2lzgSlfCQX2AqLgNf8E=
Subject key identifier:   0C:F9:98:A9:C4:87:A5:18:1D:54:31:4B:AF:84:72:62:3D:95:0F:FE
Certificate issuer:       /CN=2cee2998e86fa7488e6b64f8edbc032ce15d1bcc
Certificate serial:       018CC6B7EB5889356434616180CC33435F3C
Authority key identifier: 2C:EE:29:98:E8:6F:A7:48:8E:6B:64:F8:ED:BC:03:2C:E1:5D:1B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LO4pmOhvp0iOa2T47bwDLOFdG8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/DPmYqcSHpRgdVDFLr4RyYj2VD_4.roa
Signing time:             Mon 01 Jan 2024 20:29:51 +0000
ROA not before:           Mon 01 Jan 2024 20:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205564
IP address blocks:        185.213.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/LO4pmOhvp0iOa2T47bwDLOFdG8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/LO4pmOhvp0iOa2T47bwDLOFdG8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LO4pmOhvp0iOa2T47bwDLOFdG8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:eb:58:89:35:64:34:61:61:80:cc:33:43:5f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cee2998e86fa7488e6b64f8edbc032ce15d1bcc
        Validity
            Not Before: Jan  1 20:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cf998a9c487a5181d54314baf8472623d950ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:de:e3:ba:12:4f:42:c4:c1:ee:4e:93:ba:9d:
                    32:3f:96:d4:66:85:25:1b:4a:6e:20:7c:d6:96:c3:
                    61:8d:36:08:f9:f4:3a:2a:87:69:bc:05:b4:4b:50:
                    73:67:1f:95:af:aa:ac:b4:0b:2f:01:56:5f:01:8f:
                    85:59:35:94:9f:5c:41:a7:3d:94:fa:bb:d3:61:0f:
                    1d:78:9f:bb:d0:63:76:9d:15:80:f6:ed:47:30:13:
                    7f:4c:78:38:01:77:cc:30:dc:58:38:6c:e1:ac:8f:
                    43:13:c3:17:8c:24:c7:f6:01:f9:92:ce:21:ce:5c:
                    df:e5:4c:3d:ef:df:12:2b:97:fd:7d:62:55:3c:70:
                    67:29:8f:44:7b:95:f6:12:34:10:4e:f5:89:c0:d2:
                    6f:8f:8f:d7:56:98:29:f6:ba:98:11:74:1d:b2:1e:
                    5a:c1:cd:4f:c9:5c:a7:96:81:22:a9:b6:af:29:9e:
                    bc:a9:b6:eb:78:5a:db:c9:58:4e:13:c1:d1:a7:30:
                    67:49:f0:58:bf:cf:e0:5a:cf:df:9e:6e:2d:66:b5:
                    b0:9c:c1:74:d8:9d:e2:7d:43:fc:46:aa:c9:9b:f4:
                    c1:c0:90:82:ad:9c:50:90:fe:51:d1:ac:ac:80:83:
                    38:b0:c8:53:0b:71:2f:6b:fa:19:03:2e:92:e8:81:
                    54:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F9:98:A9:C4:87:A5:18:1D:54:31:4B:AF:84:72:62:3D:95:0F:FE
            X509v3 Authority Key Identifier:
                keyid:2C:EE:29:98:E8:6F:A7:48:8E:6B:64:F8:ED:BC:03:2C:E1:5D:1B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LO4pmOhvp0iOa2T47bwDLOFdG8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/DPmYqcSHpRgdVDFLr4RyYj2VD_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/5e1871-2af1-47d3-b262-08f433daea15/1/LO4pmOhvp0iOa2T47bwDLOFdG8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:35:09:4e:26:06:0d:e9:df:4e:9b:9f:1f:8c:1e:bf:3a:88:
         57:03:66:ba:ac:45:30:7c:89:94:18:c0:11:20:ef:13:be:48:
         38:9d:f9:fc:cb:45:b9:f0:2f:20:5e:62:ad:ca:81:d8:55:96:
         0d:a1:f6:e2:2b:1f:b9:16:76:70:bb:49:c0:9f:25:18:f4:39:
         5c:cd:f0:9b:d0:3f:1e:04:ad:c5:8f:bf:26:b7:d6:a3:3e:93:
         b3:9e:98:50:e5:be:1b:6d:8f:02:cc:e1:3c:08:5c:21:00:d9:
         41:fd:0a:37:0d:55:92:4e:7d:ed:52:ef:f7:5f:54:67:bf:51:
         ec:45:9f:f9:06:8d:f9:6a:00:f7:ec:93:ee:55:86:2c:f9:c2:
         24:57:5d:da:bb:fc:ca:8e:47:09:09:4f:8c:80:74:51:3b:1e:
         f3:4c:ab:1d:e2:13:fb:7d:9d:88:d0:7e:7c:3f:78:5e:c1:f2:
         28:72:7f:94:a6:f2:2c:83:33:86:e4:86:6c:28:aa:cb:f2:29:
         9f:76:37:0b:f1:bf:88:bc:3f:89:a7:21:97:5a:6a:0c:41:fb:
         fe:14:e5:5b:19:48:64:e8:1e:59:45:34:e7:8a:e1:49:f4:94:
         ee:5f:55:d8:a7:99:17:fc:64:f0:13:9c:3d:18:12:a0:45:a3:
         cd:54:f1:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+tYiTVkNGFhgMwzQ188MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZWUyOTk4ZTg2ZmE3NDg4ZTZiNjRmOGVkYmMwMzJjZTE1
ZDFiY2MwHhcNMjQwMTAxMjAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y5OThhOWM0ODdhNTE4MWQ1NDMxNGJhZjg0NzI2MjNkOTUwZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst7juhJPQsTB7k6Tup0yP5bUZoUl
G0puIHzWlsNhjTYI+fQ6KodpvAW0S1BzZx+Vr6qstAsvAVZfAY+FWTWUn1xBpz2U
+rvTYQ8deJ+70GN2nRWA9u1HMBN/THg4AXfMMNxYOGzhrI9DE8MXjCTH9gH5ks4h
zlzf5Uw9798SK5f9fWJVPHBnKY9Ee5X2EjQQTvWJwNJvj4/XVpgp9rqYEXQdsh5a
wc1PyVynloEiqbavKZ68qbbreFrbyVhOE8HRpzBnSfBYv8/gWs/fnm4tZrWwnMF0
2J3ifUP8RqrJm/TBwJCCrZxQkP5R0aysgIM4sMhTC3Eva/oZAy6S6IFU1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAz5mKnEh6UYHVQxS6+EcmI9lQ/+MB8GA1UdIwQY
MBaAFCzuKZjob6dIjmtk+O28AyzhXRvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE80cG1PaHZwMGlPYTJUNDdid0RMT0ZkRzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ZTE4NzEtMmFmMS00N2QzLWIyNjIt
MDhmNDMzZGFlYTE1LzEvRFBtWXFjU0hwUmdkVkRGTHI0UnlZajJWRF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ZTE4NzEtMmFmMS00N2QzLWIyNjItMDhmNDMzZGFlYTE1
LzEvTE80cG1PaHZwMGlPYTJUNDdid0RMT0ZkRzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudX8MA0G
CSqGSIb3DQEBCwUAA4IBAQBUNQlOJgYN6d9Om58fjB6/OohXA2a6rEUwfImUGMAR
IO8Tvkg4nfn8y0W58C8gXmKtyoHYVZYNofbiKx+5FnZwu0nAnyUY9DlczfCb0D8e
BK3Fj78mt9ajPpOznphQ5b4bbY8CzOE8CFwhANlB/Qo3DVWSTn3tUu/3X1Rnv1Hs
RZ/5Bo35agD37JPuVYYs+cIkV13au/zKjkcJCU+MgHRROx7zTKsd4hP7fZ2I0H58
P3hewfIocn+UpvIsgzOG5IZsKKrL8imfdjcL8b+IvD+JpyGXWmoMQfv+FOVbGUhk
6B5ZRTTniuFJ9JTuX1XYp5kX/GTwE5w9GBKgRaPNVPHi
-----END CERTIFICATE-----