Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/e-3uQ7rUHldII4f4DJGlEgRBhCM.roa
File:                     e-3uQ7rUHldII4f4DJGlEgRBhCM.roa (raw, json)
Hash identifier:          LDgDsC2f/B2tJ4mo+bdyR2RNjhvCJie6rraIkdvkC48=
Subject key identifier:   7B:ED:EE:43:BA:D4:1E:57:48:23:87:F8:0C:91:A5:12:04:41:84:23
Certificate issuer:       /CN=02ab010cf5c11c1b30693d11417b60cf45fb1209
Certificate serial:       018CC348D672FBF505FD144DB3DC55B923A0
Authority key identifier: 02:AB:01:0C:F5:C1:1C:1B:30:69:3D:11:41:7B:60:CF:45:FB:12:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AqsBDPXBHBswaT0RQXtgz0X7Egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/e-3uQ7rUHldII4f4DJGlEgRBhCM.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57852
IP address blocks:        185.217.185.0/24 maxlen: 24
                          185.217.186.0/24 maxlen: 24
                          185.217.184.0/24 maxlen: 24
                          185.217.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/AqsBDPXBHBswaT0RQXtgz0X7Egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/AqsBDPXBHBswaT0RQXtgz0X7Egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AqsBDPXBHBswaT0RQXtgz0X7Egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d6:72:fb:f5:05:fd:14:4d:b3:dc:55:b9:23:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02ab010cf5c11c1b30693d11417b60cf45fb1209
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bedee43bad41e57482387f80c91a51204418423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c9:6a:d1:4d:db:48:09:72:ec:39:86:f4:74:
                    34:53:d6:15:5e:6f:6a:59:9c:2d:19:2d:09:98:a2:
                    9a:56:58:a3:1e:5b:c2:64:cc:61:54:d6:bd:5a:90:
                    ee:fd:33:8e:be:dd:a5:69:17:a5:18:41:e6:fb:de:
                    c7:70:e9:ce:ce:d5:64:0f:c5:14:f3:1a:8b:b3:f8:
                    70:8b:a2:ac:86:b7:6e:0a:26:52:45:da:5b:11:40:
                    a3:58:6a:13:8e:a0:dd:6f:3b:08:75:d8:99:4f:67:
                    c8:9a:f6:b6:c0:8b:61:ff:77:a5:56:fb:a4:73:c2:
                    5b:0f:74:c6:4e:f8:eb:09:69:a3:1c:69:de:e0:e5:
                    b9:56:53:cd:9e:28:e5:5c:24:a7:d2:85:fe:1b:a3:
                    45:4d:bc:36:ba:c5:24:c1:91:78:f8:c3:1b:e4:ae:
                    c5:66:c3:1b:a8:c1:ba:f8:06:27:1b:99:26:43:00:
                    22:4a:80:9f:6b:f4:d0:84:0d:63:da:4f:b7:7a:c4:
                    55:b5:31:54:65:94:71:fe:1e:32:d6:ee:77:5c:62:
                    8f:f5:ee:f4:bf:37:e2:54:da:61:48:37:32:de:40:
                    10:3c:8e:d1:43:95:b9:10:b3:58:f5:b1:78:bb:11:
                    6b:64:65:52:53:02:28:f0:0d:be:95:06:93:3a:04:
                    83:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:ED:EE:43:BA:D4:1E:57:48:23:87:F8:0C:91:A5:12:04:41:84:23
            X509v3 Authority Key Identifier:
                keyid:02:AB:01:0C:F5:C1:1C:1B:30:69:3D:11:41:7B:60:CF:45:FB:12:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AqsBDPXBHBswaT0RQXtgz0X7Egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/e-3uQ7rUHldII4f4DJGlEgRBhCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/79c0a9-e5e4-47c3-823f-0b8b075e86db/1/AqsBDPXBHBswaT0RQXtgz0X7Egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:4e:df:9d:18:99:c6:a1:50:d2:14:c5:4f:2b:4b:a0:32:bf:
         fc:6d:cf:35:6d:46:e2:d8:6a:e3:14:a5:17:ec:b5:71:78:25:
         9f:b3:99:57:ef:bc:3f:b8:e5:78:40:6f:09:df:85:8e:5e:52:
         69:44:cf:2c:a0:a7:9e:32:92:30:95:d0:11:c5:69:41:ad:de:
         d1:be:c7:3b:7f:fc:5e:b7:7b:08:81:f0:ec:f3:ba:9b:fa:21:
         81:b9:d8:26:d5:41:2a:c8:14:d6:e1:b0:59:01:e2:9e:63:75:
         ff:d0:64:5c:09:bc:65:48:7d:0b:b9:66:34:0a:af:58:ec:07:
         23:06:ee:14:da:70:cf:58:2b:48:42:02:dc:e2:6c:33:7b:ad:
         00:5e:ed:67:f9:21:e8:d8:bb:38:e7:ec:6d:f9:e9:42:25:c3:
         03:2e:02:d1:0d:6f:1e:33:a8:88:53:6e:1b:d0:72:65:f0:cb:
         ba:d0:63:d1:94:69:5d:01:c8:5e:43:64:2e:c9:2f:c1:4e:c4:
         ac:0c:4d:47:51:d1:85:88:06:ad:19:e4:df:1e:6a:fc:fc:0f:
         b5:4a:6b:7e:d2:6c:a6:7f:e7:37:54:04:d7:ed:04:26:c7:b2:
         a2:ab:43:9d:04:3a:dc:f7:c4:2f:f6:05:33:c3:8e:7b:ed:a6:
         52:2c:e1:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNZy+/UF/RRNs9xVuSOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYWIwMTBjZjVjMTFjMWIzMDY5M2QxMTQxN2I2MGNmNDVm
YjEyMDkwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmVkZWU0M2JhZDQxZTU3NDgyMzg3ZjgwYzkxYTUxMjA0NDE4NDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMlq0U3bSAly7DmG9HQ0U9YVXm9q
WZwtGS0JmKKaVlijHlvCZMxhVNa9WpDu/TOOvt2laRelGEHm+97HcOnOztVkD8UU
8xqLs/hwi6KshrduCiZSRdpbEUCjWGoTjqDdbzsIddiZT2fImva2wIth/3elVvuk
c8JbD3TGTvjrCWmjHGne4OW5VlPNnijlXCSn0oX+G6NFTbw2usUkwZF4+MMb5K7F
ZsMbqMG6+AYnG5kmQwAiSoCfa/TQhA1j2k+3esRVtTFUZZRx/h4y1u53XGKP9e70
vzfiVNphSDcy3kAQPI7RQ5W5ELNY9bF4uxFrZGVSUwIo8A2+lQaTOgSD8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvt7kO61B5XSCOH+AyRpRIEQYQjMB8GA1UdIwQY
MBaAFAKrAQz1wRwbMGk9EUF7YM9F+xIJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFzQkRQWEJIQnN3YVQwUlFYdGd6MFg3RWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83OWMwYTktZTVlNC00N2MzLTgyM2Yt
MGI4YjA3NWU4NmRiLzEvZS0zdVE3clVIbGRJSTRmNERKR2xFZ1JCaENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83OWMwYTktZTVlNC00N2MzLTgyM2YtMGI4YjA3NWU4NmRi
LzEvQXFzQkRQWEJIQnN3YVQwUlFYdGd6MFg3RWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudm4MA0G
CSqGSIb3DQEBCwUAA4IBAQAMTt+dGJnGoVDSFMVPK0ugMr/8bc81bUbi2GrjFKUX
7LVxeCWfs5lX77w/uOV4QG8J34WOXlJpRM8soKeeMpIwldARxWlBrd7Rvsc7f/xe
t3sIgfDs87qb+iGBudgm1UEqyBTW4bBZAeKeY3X/0GRcCbxlSH0LuWY0Cq9Y7Acj
Bu4U2nDPWCtIQgLc4mwze60AXu1n+SHo2Ls45+xt+elCJcMDLgLRDW8eM6iIU24b
0HJl8Mu60GPRlGldAcheQ2QuyS/BTsSsDE1HUdGFiAatGeTfHmr8/A+1Smt+0mym
f+c3VATX7QQmx7Kiq0OdBDrc98Qv9gUzw4577aZSLOH5
-----END CERTIFICATE-----