Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/XHxAUhg2QFUCqEdGPN0uXYuMznE.roa
File:                     XHxAUhg2QFUCqEdGPN0uXYuMznE.roa (raw, json)
Hash identifier:          huGaoe8zpVDT/PS0KfuSVpRCV5gbe5euU9U6REGVVD4=
Subject key identifier:   5C:7C:40:52:18:36:40:55:02:A8:47:46:3C:DD:2E:5D:8B:8C:CE:71
Certificate issuer:       /CN=2eebf8a5b02016e4394392819738644d6ca25642
Certificate serial:       018CC8DE4E1DE3A792AD18C284F87685F2A1
Authority key identifier: 2E:EB:F8:A5:B0:20:16:E4:39:43:92:81:97:38:64:4D:6C:A2:56:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/XHxAUhg2QFUCqEdGPN0uXYuMznE.roa
Signing time:             Tue 02 Jan 2024 06:31:01 +0000
ROA not before:           Tue 02 Jan 2024 06:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210355
IP address blocks:        185.1.229.0/24 maxlen: 24
                          2001:7f8:121::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4e:1d:e3:a7:92:ad:18:c2:84:f8:76:85:f2:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eebf8a5b02016e4394392819738644d6ca25642
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c7c40521836405502a847463cdd2e5d8b8cce71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:84:31:62:52:a7:ed:09:92:04:f2:cc:b0:
                    94:d3:9b:97:52:81:00:b4:ec:52:c0:c9:10:cd:75:
                    bd:47:fc:c2:e5:72:5d:d4:ea:c0:1c:3d:87:54:cf:
                    85:0e:0b:4f:23:7d:d2:05:90:7b:64:7a:87:17:01:
                    e2:ee:fe:b3:74:a1:20:35:cf:9e:ec:8c:56:90:8e:
                    c6:1b:81:99:21:e2:ed:28:76:36:32:07:f3:74:6d:
                    f4:07:95:76:7c:3a:ea:6a:3a:32:e3:a1:01:a3:56:
                    7d:75:f7:9a:d7:07:d8:c4:a4:48:69:7a:c7:85:eb:
                    a0:ba:04:ff:83:26:59:b9:00:1a:21:55:ee:e1:c3:
                    4a:ba:d1:25:8e:d6:bf:d7:81:de:13:7d:24:a0:ec:
                    d7:f0:fc:df:be:45:89:c9:41:1c:a2:8a:ce:94:e3:
                    13:c0:79:ce:c0:ae:27:73:46:27:db:71:95:51:62:
                    ff:c9:c7:fa:3e:61:5d:b2:12:90:5e:ae:2c:02:39:
                    c7:6b:54:b5:8f:ea:d7:6e:9c:ca:77:a7:eb:85:26:
                    5c:79:85:fe:be:af:4f:da:5c:51:03:4f:ec:80:96:
                    08:3e:d0:17:56:d4:1a:93:78:99:48:a6:b8:27:4c:
                    37:16:07:b4:fe:00:5c:b6:4e:33:53:e6:de:48:8f:
                    b1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7C:40:52:18:36:40:55:02:A8:47:46:3C:DD:2E:5D:8B:8C:CE:71
            X509v3 Authority Key Identifier:
                keyid:2E:EB:F8:A5:B0:20:16:E4:39:43:92:81:97:38:64:4D:6C:A2:56:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/XHxAUhg2QFUCqEdGPN0uXYuMznE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/75044b-7a06-4150-a9ef-5d985369cce8/1/Luv4pbAgFuQ5Q5KBlzhkTWyiVkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.229.0/24
                IPv6:
                  2001:7f8:121::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:70:86:44:95:65:52:1c:05:f8:9c:de:bb:a2:cd:ee:4f:2f:
         af:a4:b8:c1:d4:c0:b2:ba:75:b1:c1:cb:c8:d6:29:39:fb:17:
         ad:78:cd:d3:6f:df:66:3b:d5:01:3e:1a:0e:4f:0b:e6:b0:ab:
         91:72:6e:70:c3:e4:de:08:f0:ad:1f:de:e1:88:1a:7a:2e:87:
         24:64:4e:c0:fe:81:6e:94:d4:cc:8b:b0:15:c7:e7:b9:4c:84:
         03:07:98:55:81:94:82:5d:38:bb:0a:6a:81:ea:25:4a:5d:cc:
         2d:56:22:a5:1e:ed:76:6c:bf:1a:84:18:c2:99:ea:dd:05:5c:
         c3:c8:55:71:fa:36:b4:59:e5:30:ad:d6:f0:64:6a:53:80:c2:
         80:ac:22:29:93:f7:35:5d:8f:5b:3a:76:73:c3:dd:fc:6c:80:
         74:7d:ed:c9:1b:f9:ad:e6:49:c0:ae:ca:e1:e7:8c:cc:04:71:
         3a:8d:51:28:e2:bf:24:c9:aa:f2:70:6a:37:dc:7d:41:55:3b:
         23:bd:06:4b:6a:63:76:3d:72:ba:00:00:cb:4b:20:aa:d5:6c:
         09:f1:c2:09:47:a7:b8:51:24:57:cd:07:8f:96:c6:70:d1:b6:
         70:b0:c7:3c:8d:4e:d0:0a:8d:aa:0b:02:06:b8:90:06:46:b5:
         6b:01:cc:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3k4d46eSrRjChPh2hfKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJmOGE1YjAyMDE2ZTQzOTQzOTI4MTk3Mzg2NDRkNmNh
MjU2NDIwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdjNDA1MjE4MzY0MDU1MDJhODQ3NDYzY2RkMmU1ZDhiOGNjZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpeEMWJSp+0JkgTyzLCU05uXUoEA
tOxSwMkQzXW9R/zC5XJd1OrAHD2HVM+FDgtPI33SBZB7ZHqHFwHi7v6zdKEgNc+e
7IxWkI7GG4GZIeLtKHY2MgfzdG30B5V2fDrqajoy46EBo1Z9dfea1wfYxKRIaXrH
heugugT/gyZZuQAaIVXu4cNKutEljta/14HeE30koOzX8PzfvkWJyUEcoorOlOMT
wHnOwK4nc0Yn23GVUWL/ycf6PmFdshKQXq4sAjnHa1S1j+rXbpzKd6frhSZceYX+
vq9P2lxRA0/sgJYIPtAXVtQak3iZSKa4J0w3Fge0/gBctk4zU+beSI+x5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFx8QFIYNkBVAqhHRjzdLl2LjM5xMB8GA1UdIwQY
MBaAFC7r+KWwIBbkOUOSgZc4ZE1solZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV2NHBiQWdGdVE1UTVLQmx6aGtUV3lpVmtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83NTA0NGItN2EwNi00MTUwLWE5ZWYt
NWQ5ODUzNjljY2U4LzEvWEh4QVVoZzJRRlVDcUVkR1BOMHVYWXVNem5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83NTA0NGItN2EwNi00MTUwLWE5ZWYtNWQ5ODUzNjljY2U4
LzEvTHV2NHBiQWdGdVE1UTVLQmx6aGtUV3lpVmtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHlMA8E
AgACMAkDBwAgAQf4ASEwDQYJKoZIhvcNAQELBQADggEBADVwhkSVZVIcBfic3rui
ze5PL6+kuMHUwLK6dbHBy8jWKTn7F614zdNv32Y71QE+Gg5PC+awq5FybnDD5N4I
8K0f3uGIGnouhyRkTsD+gW6U1MyLsBXH57lMhAMHmFWBlIJdOLsKaoHqJUpdzC1W
IqUe7XZsvxqEGMKZ6t0FXMPIVXH6NrRZ5TCt1vBkalOAwoCsIimT9zVdj1s6dnPD
3fxsgHR97ckb+a3mScCuyuHnjMwEcTqNUSjivyTJqvJwajfcfUFVOyO9BktqY3Y9
croAAMtLIKrVbAnxwglHp7hRJFfNB4+WxnDRtnCwxzyNTtAKjaoLAga4kAZGtWsB
zP8=
-----END CERTIFICATE-----