Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/DNGDsibsMhX2Jm35ON8Z46A3KTk.roa
File:                     DNGDsibsMhX2Jm35ON8Z46A3KTk.roa (raw, json)
Hash identifier:          IiQeZ36+XfzMEhi+j/AEKPMJtu/iUB+BlQw1Cz0Efws=
Subject key identifier:   0C:D1:83:B2:26:EC:32:15:F6:26:6D:F9:38:DF:19:E3:A0:37:29:39
Certificate issuer:       /CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
Certificate serial:       0194266BCF45824874A8A346C6FE8B420191
Authority key identifier: 2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/DNGDsibsMhX2Jm35ON8Z46A3KTk.roa
Signing time:             Thu 02 Jan 2025 09:49:47 +0000
ROA not before:           Thu 02 Jan 2025 09:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56582
IP address blocks:        185.23.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:cf:45:82:48:74:a8:a3:46:c6:fe:8b:42:01:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
        Validity
            Not Before: Jan  2 09:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cd183b226ec3215f6266df938df19e3a0372939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b2:9b:fc:c4:9c:06:d7:05:da:ef:ca:6f:85:
                    41:5f:5f:aa:8f:dd:a4:91:75:62:84:98:9c:8f:0c:
                    ba:61:04:48:df:8e:23:5e:0d:e1:96:44:41:a6:7e:
                    4a:c2:c1:7b:7f:c2:52:af:d2:69:5a:50:04:c6:bf:
                    f8:3b:e3:46:a0:88:92:0e:3b:9d:64:09:d3:f5:14:
                    de:bd:2a:5d:4b:62:06:ea:22:6f:83:cb:ba:7d:56:
                    4f:51:94:1f:4e:6a:96:00:43:ab:99:b4:95:00:95:
                    23:73:ec:77:15:09:e2:a1:1e:0f:9d:cb:10:aa:36:
                    6a:42:43:87:4a:2c:22:40:70:27:8d:fa:53:d1:3d:
                    68:19:55:b7:10:58:9f:dc:2b:06:7e:c2:62:c2:c7:
                    d5:ca:ed:d3:e2:a0:ee:90:64:a1:20:67:b4:dc:10:
                    a5:67:6b:83:d9:ed:6c:e3:e2:54:de:f8:64:68:da:
                    48:3f:bb:4d:49:24:28:b2:ab:bd:8d:db:27:41:91:
                    0a:dd:7e:45:29:91:7e:d0:e9:54:66:93:46:eb:d9:
                    53:49:92:12:79:8d:d3:5d:17:92:03:e4:89:c9:98:
                    98:c1:73:7e:af:53:5e:d8:3f:01:2f:55:d6:32:48:
                    b3:70:0b:ab:9a:80:e8:9a:00:31:0e:25:c9:a5:27:
                    c2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D1:83:B2:26:EC:32:15:F6:26:6D:F9:38:DF:19:E3:A0:37:29:39
            X509v3 Authority Key Identifier:
                keyid:2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/DNGDsibsMhX2Jm35ON8Z46A3KTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:86:b8:fa:b8:71:26:93:5e:46:8d:31:6d:01:a1:47:83:26:
         1b:86:f3:a9:f7:da:8b:06:02:8a:bc:7e:e7:3b:1f:62:19:46:
         0a:1e:a0:00:a5:02:52:00:c0:40:28:71:d3:5f:0f:e2:d3:0a:
         76:3d:ef:49:2d:9e:76:85:45:7b:b3:1d:aa:f4:e7:0d:c3:29:
         a0:81:15:f3:0e:a8:9a:a7:3c:01:d6:39:7b:58:b0:ef:bc:96:
         21:92:66:65:62:56:33:03:dc:84:38:c3:91:c3:3d:35:83:19:
         a1:bb:75:d0:c7:98:e4:0b:c2:e1:f7:0d:a8:de:f7:fe:e4:d7:
         5d:f0:19:54:31:e0:fd:91:ff:31:08:cf:99:dd:62:9a:48:35:
         ba:60:ac:d1:86:13:e7:2a:b4:47:c9:d7:4a:8f:50:cd:59:45:
         2c:9f:4f:68:04:f5:ad:63:65:1c:79:84:45:ef:44:d8:09:8e:
         4b:c8:3b:86:46:68:01:3c:1e:75:d9:45:48:dc:23:bd:ce:2f:
         32:06:8d:6e:b7:78:2f:b7:52:93:56:6b:75:5e:21:d7:65:99:
         c0:3d:7b:ae:60:d9:7a:ea:b1:41:a4:12:52:e4:36:19:f8:66:
         d9:48:d6:c0:51:69:ab:c1:43:67:10:86:2f:14:79:05:db:ac:
         8b:e8:78:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma89Fgkh0qKNGxv6LQgGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGE5MzMzZjkzY2NhNTQ0ZmRhYmUyZWE3YTY3MzhhNTRh
Zjc1OWUwHhcNMjUwMTAyMDk0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QxODNiMjI2ZWMzMjE1ZjYyNjZkZjkzOGRmMTllM2EwMzcyOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLKb/MScBtcF2u/Kb4VBX1+qj92k
kXVihJicjwy6YQRI344jXg3hlkRBpn5KwsF7f8JSr9JpWlAExr/4O+NGoIiSDjud
ZAnT9RTevSpdS2IG6iJvg8u6fVZPUZQfTmqWAEOrmbSVAJUjc+x3FQnioR4PncsQ
qjZqQkOHSiwiQHAnjfpT0T1oGVW3EFif3CsGfsJiwsfVyu3T4qDukGShIGe03BCl
Z2uD2e1s4+JU3vhkaNpIP7tNSSQosqu9jdsnQZEK3X5FKZF+0OlUZpNG69lTSZIS
eY3TXReSA+SJyZiYwXN+r1Ne2D8BL1XWMkizcAurmoDomgAxDiXJpSfCowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzRg7Im7DIV9iZt+TjfGeOgNyk5MB8GA1UdIwQY
MBaAFC4KkzP5PMpUT9q+Lqemc4pUr3WeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEt
MGEwYWFlYWVlNGYxLzEvRE5HRHNpYnNNaFgySm0zNU9OOFo0NkEzS1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEtMGEwYWFlYWVlNGYx
LzEvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRdJMA0G
CSqGSIb3DQEBCwUAA4IBAQDHhrj6uHEmk15GjTFtAaFHgyYbhvOp99qLBgKKvH7n
Ox9iGUYKHqAApQJSAMBAKHHTXw/i0wp2Pe9JLZ52hUV7sx2q9OcNwymggRXzDqia
pzwB1jl7WLDvvJYhkmZlYlYzA9yEOMORwz01gxmhu3XQx5jkC8Lh9w2o3vf+5Ndd
8BlUMeD9kf8xCM+Z3WKaSDW6YKzRhhPnKrRHyddKj1DNWUUsn09oBPWtY2UceYRF
70TYCY5LyDuGRmgBPB512UVI3CO9zi8yBo1ut3gvt1KTVmt1XiHXZZnAPXuuYNl6
6rFBpBJS5DYZ+GbZSNbAUWmrwUNnEIYvFHkF26yL6Hh+
-----END CERTIFICATE-----