Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/R0Aserci1TJlr-b10aeSTE-yFVc.roa
File:                     R0Aserci1TJlr-b10aeSTE-yFVc.roa (raw, json)
Hash identifier:          b3M4Lu8qHzKc/jXgTvP9W2F1Rw1rucr4YhAxlwwIZl0=
Subject key identifier:   47:40:2C:7A:B7:22:D5:32:65:AF:E6:F5:D1:A7:92:4C:4F:B2:15:57
Certificate issuer:       /CN=d730a29941efbc7a7927f029481e2c725a1a6711
Certificate serial:       018CC56E2885E443B48653D8DB2EC2356440
Authority key identifier: D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/R0Aserci1TJlr-b10aeSTE-yFVc.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200069
IP address blocks:        185.250.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:28:85:e4:43:b4:86:53:d8:db:2e:c2:35:64:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d730a29941efbc7a7927f029481e2c725a1a6711
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47402c7ab722d53265afe6f5d1a7924c4fb21557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:85:f1:98:b0:c9:6f:ec:0b:4a:b1:aa:4a:28:
                    45:41:25:7f:d9:66:71:3c:b6:ae:7d:88:d3:bd:1b:
                    14:e2:85:45:70:8b:bc:02:3e:4c:bd:93:56:5c:69:
                    e8:10:f3:b0:12:25:3b:cc:ea:6a:34:be:40:20:a3:
                    07:62:a7:d2:1f:6d:42:38:68:84:3a:ba:9e:a3:9b:
                    14:e0:0f:b9:9b:ed:37:80:83:b4:e9:e4:c0:7b:03:
                    94:8d:44:4f:4d:c1:f9:7f:c3:71:23:df:56:0d:20:
                    91:b7:5d:bc:a1:7f:3f:e8:d7:36:5e:ed:63:88:38:
                    8f:6c:5e:49:2b:0c:0a:a8:bd:56:fc:a8:9c:df:7d:
                    a1:4d:84:01:a7:36:c0:59:cc:39:5c:7b:f5:9e:58:
                    9e:13:e0:23:45:05:d4:8b:cd:af:f1:60:9f:4f:1f:
                    9a:f2:33:ba:0c:52:a2:89:fb:78:af:fc:e8:4c:bb:
                    f9:98:2c:5f:48:0b:71:84:37:81:75:06:cb:3f:24:
                    d3:be:84:27:91:9b:3b:69:2d:5d:8b:1c:69:f7:67:
                    5a:7f:84:67:9c:17:e1:a8:8f:6f:7b:08:78:81:64:
                    34:9b:dd:8f:1b:cb:e4:c1:3c:6d:65:dd:5a:de:f8:
                    ab:94:be:ca:de:19:4e:a1:9d:c9:86:71:a5:d0:f3:
                    56:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:40:2C:7A:B7:22:D5:32:65:AF:E6:F5:D1:A7:92:4C:4F:B2:15:57
            X509v3 Authority Key Identifier:
                keyid:D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/R0Aserci1TJlr-b10aeSTE-yFVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:26:80:70:50:8e:74:87:51:27:78:8c:6f:25:d3:96:0a:24:
         ce:19:75:56:f4:fc:46:c7:b9:2e:80:fa:51:88:8d:2c:3b:38:
         f1:8d:79:fa:26:c3:3c:b7:f7:89:13:f0:fd:3c:f1:85:79:80:
         29:32:78:86:c4:fb:32:f3:8f:f1:f4:01:c6:d4:70:7f:2f:14:
         f6:47:fa:4b:55:f3:53:f7:47:f0:d7:5f:fc:0c:bb:35:18:3a:
         3f:81:60:24:a8:d0:2d:0e:aa:5f:46:09:1c:8b:de:b2:56:f0:
         45:23:97:cf:34:d0:32:9c:92:10:58:7e:a6:37:cb:f2:20:03:
         7e:01:80:b1:e6:3d:dd:16:3f:29:d8:64:46:be:bb:9c:59:68:
         75:ad:95:2c:33:28:02:29:ea:9b:b0:1b:28:43:ea:dd:48:f5:
         e7:13:6a:43:b0:34:91:d5:1a:67:78:2d:ab:c2:46:5e:e1:5d:
         de:e4:79:8f:9f:c6:4e:e1:71:02:cb:9c:60:30:cf:13:ce:d3:
         09:12:df:f9:83:d2:dd:42:fd:fd:f2:0d:9d:10:9e:0f:99:ec:
         c1:c2:8c:a7:d4:a3:28:c6:4d:3d:f0:bc:7b:f0:e4:60:3a:f1:
         07:a0:d6:42:57:06:02:08:ed:1b:3a:7a:e0:47:d3:37:6f:16:
         ea:a0:cf:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiiF5EO0hlPY2y7CNWRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzBhMjk5NDFlZmJjN2E3OTI3ZjAyOTQ4MWUyYzcyNWEx
YTY3MTEwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQwMmM3YWI3MjJkNTMyNjVhZmU2ZjVkMWE3OTI0YzRmYjIxNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIXxmLDJb+wLSrGqSihFQSV/2WZx
PLaufYjTvRsU4oVFcIu8Aj5MvZNWXGnoEPOwEiU7zOpqNL5AIKMHYqfSH21COGiE
Orqeo5sU4A+5m+03gIO06eTAewOUjURPTcH5f8NxI99WDSCRt128oX8/6Nc2Xu1j
iDiPbF5JKwwKqL1W/Kic332hTYQBpzbAWcw5XHv1nlieE+AjRQXUi82v8WCfTx+a
8jO6DFKiift4r/zoTLv5mCxfSAtxhDeBdQbLPyTTvoQnkZs7aS1dixxp92daf4Rn
nBfhqI9vewh4gWQ0m92PG8vkwTxtZd1a3virlL7K3hlOoZ3JhnGl0PNWpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdALHq3ItUyZa/m9dGnkkxPshVXMB8GA1UdIwQY
MBaAFNcwoplB77x6eSfwKUgeLHJaGmcRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2Et
M2MwZmExOGM1OGNiLzEvUjBBc2VyY2kxVEpsci1iMTBhZVNURS15RlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2EtM2MwZmExOGM1OGNi
LzEvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufrsMA0G
CSqGSIb3DQEBCwUAA4IBAQAZJoBwUI50h1EneIxvJdOWCiTOGXVW9PxGx7kugPpR
iI0sOzjxjXn6JsM8t/eJE/D9PPGFeYApMniGxPsy84/x9AHG1HB/LxT2R/pLVfNT
90fw11/8DLs1GDo/gWAkqNAtDqpfRgkci96yVvBFI5fPNNAynJIQWH6mN8vyIAN+
AYCx5j3dFj8p2GRGvrucWWh1rZUsMygCKeqbsBsoQ+rdSPXnE2pDsDSR1RpneC2r
wkZe4V3e5HmPn8ZO4XECy5xgMM8TztMJEt/5g9LdQv398g2dEJ4PmezBwoyn1KMo
xk098Lx78ORgOvEHoNZCVwYCCO0bOnrgR9M3bxbqoM8u
-----END CERTIFICATE-----