Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/1-rU3n-MmX0x7vSSIglpKrM6p7wc.roa
File:                     1-rU3n-MmX0x7vSSIglpKrM6p7wc.roa (raw, json)
Hash identifier:          c73xh5XkAcPFRSo/oWqlfjE2NzFubQ+3BLO5+whFr6o=
Subject key identifier:   FA:B5:37:9F:E3:26:5F:4C:7B:BD:24:88:82:5A:4A:AC:CE:A9:EF:07
Certificate issuer:       /CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
Certificate serial:       01941FFA399EF05BDF6F854B4D88209A8AE4
Authority key identifier: E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/1-rU3n-MmX0x7vSSIglpKrM6p7wc.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.98.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:39:9e:f0:5b:df:6f:85:4b:4d:88:20:9a:8a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fab5379fe3265f4c7bbd2488825a4aaccea9ef07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:57:49:1e:b6:fe:3b:ab:02:02:43:4a:92:61:
                    9f:bc:f3:d6:5b:76:1e:0e:61:e3:06:cf:dc:1a:98:
                    80:a3:71:19:3f:0e:d6:c4:30:33:cf:a5:98:d1:a2:
                    07:e9:b8:ab:8a:4b:53:8e:4f:06:4c:0b:2d:ec:9f:
                    d2:43:7c:06:f3:39:1c:b8:b1:68:95:c3:8d:08:08:
                    0a:88:50:fe:2d:17:c6:1f:32:1e:f7:3f:ee:24:9e:
                    d5:3c:50:4e:33:ec:67:ea:2c:d8:8d:be:76:27:34:
                    d1:e3:ea:44:1e:18:ba:e7:90:7b:ed:6d:cb:12:f5:
                    f5:9a:f4:fe:ce:df:d2:49:5d:ac:10:b9:b2:b9:0b:
                    8f:cc:e3:d3:9f:1f:45:f9:a9:14:6f:c4:08:34:1f:
                    c0:22:59:68:31:68:b3:02:18:61:58:9e:82:7b:23:
                    21:16:8e:a5:46:02:ce:6c:5e:c7:4d:93:1d:df:e1:
                    3f:22:11:ed:92:29:f2:94:b0:11:11:73:a0:36:54:
                    64:1c:07:51:51:de:e5:ff:15:ae:69:82:98:f3:95:
                    97:1b:7f:aa:84:86:b2:0c:87:fd:32:80:16:66:61:
                    56:bd:39:9a:c6:e4:2f:d1:81:20:0a:9b:69:b5:60:
                    e6:31:60:e5:ea:b4:89:d0:76:b4:a5:01:d7:3f:2b:
                    3b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B5:37:9F:E3:26:5F:4C:7B:BD:24:88:82:5A:4A:AC:CE:A9:EF:07
            X509v3 Authority Key Identifier:
                keyid:E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/1-rU3n-MmX0x7vSSIglpKrM6p7wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:5d:7f:29:79:3b:90:dd:b6:5f:ff:0e:48:14:9e:cf:60:d2:
         86:c3:1f:2b:33:16:ca:cc:60:01:1b:26:f9:d6:5a:90:b1:1b:
         b5:e7:e5:3f:34:58:f5:2f:23:98:88:d4:d3:b6:dc:05:48:c9:
         3b:c2:ee:7e:46:b6:79:d7:4e:f4:a5:9e:fd:8a:35:af:05:8e:
         c1:57:46:81:56:be:2e:96:92:99:3a:e1:df:ae:36:f8:06:b6:
         ec:a2:ab:9a:10:c4:1d:ab:66:f8:22:f6:65:13:3c:c1:0a:7f:
         8d:f0:89:26:70:4a:97:97:7d:96:24:31:b9:13:af:24:55:48:
         da:c3:d5:ee:1d:45:3c:98:db:9b:1f:2c:65:0c:d6:1e:e7:ea:
         5a:54:02:45:40:0e:63:c8:3a:40:be:b5:dd:26:80:da:80:fb:
         1c:51:4c:65:65:ab:72:ee:dd:ee:c8:a8:e7:90:cc:ab:6f:82:
         82:e2:e2:f0:d8:74:11:25:32:43:04:40:0a:50:70:9f:9f:97:
         3e:ed:35:fb:83:1e:c5:8d:9c:a4:2a:73:4d:d3:f2:f0:a0:9b:
         c0:e1:7d:89:28:89:cc:4e:c3:e4:52:6b:25:6f:52:1d:17:40:
         89:9c:c3:34:89:93:38:61:33:b8:90:00:ac:85:a5:7d:aa:9c:
         ba:74:53:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+jme8Fvfb4VLTYggmorkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZGEyM2QzYjkzMGQ0YzFmM2FjNzMwNjVkNzFhNjA3YzM1
ZDI5MDAwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWI1Mzc5ZmUzMjY1ZjRjN2JiZDI0ODg4MjVhNGFhY2NlYTllZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVdJHrb+O6sCAkNKkmGfvPPWW3Ye
DmHjBs/cGpiAo3EZPw7WxDAzz6WY0aIH6biriktTjk8GTAst7J/SQ3wG8zkcuLFo
lcONCAgKiFD+LRfGHzIe9z/uJJ7VPFBOM+xn6izYjb52JzTR4+pEHhi655B77W3L
EvX1mvT+zt/SSV2sELmyuQuPzOPTnx9F+akUb8QINB/AIlloMWizAhhhWJ6CeyMh
Fo6lRgLObF7HTZMd3+E/IhHtkinylLAREXOgNlRkHAdRUd7l/xWuaYKY85WXG3+q
hIayDIf9MoAWZmFWvTmaxuQv0YEgCptptWDmMWDl6rSJ0Ha0pQHXPys7RQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq1N5/jJl9Me70kiIJaSqzOqe8HMB8GA1UdIwQY
MBaAFOLaI9O5MNTB86xzBl1xpgfDXSkAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRvajA3a3cxTUh6ckhNR1hYR21COE5kS1FBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWViYjgtYWU4Ni00Njk0LWE5NzIt
ODI3YTBhYzA0YTlkLzEvMS1yVTNuLU1tWDB4N3ZTU0lnbHBLck02cDd3Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTIvZGVlYmI4LWFlODYtNDY5NC1hOTcyLTgyN2EwYWMwNGE5
ZC8xLzR0b2owN2t3MU1IenJITUdYWEdtQjhOZEtRQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlitzAN
BgkqhkiG9w0BAQsFAAOCAQEAMl1/KXk7kN22X/8OSBSez2DShsMfKzMWysxgARsm
+dZakLEbteflPzRY9S8jmIjU07bcBUjJO8Lufka2eddO9KWe/Yo1rwWOwVdGgVa+
LpaSmTrh3642+Aa27KKrmhDEHatm+CL2ZRM8wQp/jfCJJnBKl5d9liQxuROvJFVI
2sPV7h1FPJjbmx8sZQzWHufqWlQCRUAOY8g6QL613SaA2oD7HFFMZWWrcu7d7sio
55DMq2+CguLi8Nh0ESUyQwRAClBwn5+XPu01+4MexY2cpCpzTdPy8KCbwOF9iSiJ
zE7D5FJrJW9SHRdAiZzDNImTOGEzuJAArIWlfaqcunRTcw==
-----END CERTIFICATE-----