Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/of0bBj5GcAoGs5lLDyHVYaY8IJY.roa
File:                     of0bBj5GcAoGs5lLDyHVYaY8IJY.roa (raw, json)
Hash identifier:          5ch38ENGeYiYq2Lj81L+2Szb/2QgIPmwNRJGUEHsePY=
Subject key identifier:   A1:FD:1B:06:3E:46:70:0A:06:B3:99:4B:0F:21:D5:61:A6:3C:20:96
Certificate issuer:       /CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
Certificate serial:       018CC64B140C45D1C3A7457B248BF5DD5137
Authority key identifier: 79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/of0bBj5GcAoGs5lLDyHVYaY8IJY.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213047
IP address blocks:        185.103.118.0/24 maxlen: 24
                          91.234.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:14:0c:45:d1:c3:a7:45:7b:24:8b:f5:dd:51:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1fd1b063e46700a06b3994b0f21d561a63c2096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:27:be:94:24:c4:0d:81:0d:63:f9:2c:41:c0:
                    b1:8f:1e:0c:54:52:f6:ab:9a:2f:3d:4d:dc:73:fb:
                    2b:2b:13:6b:23:fb:25:d8:3f:b3:71:56:d5:29:8f:
                    37:9e:25:76:e6:45:11:fe:38:22:21:e1:7f:02:04:
                    75:a8:fe:d1:e4:44:f9:2a:7f:60:6e:6f:dd:ac:d0:
                    1b:c7:08:c5:12:d4:c3:65:e2:95:b9:75:dc:63:c8:
                    68:77:59:0c:f8:8c:bb:76:0c:0b:f0:79:4f:f9:a6:
                    27:9d:25:11:c0:ea:71:08:f6:dd:36:de:de:4e:e9:
                    ae:2c:29:7b:b4:4b:3e:98:b8:6b:8b:3b:54:86:af:
                    8f:c4:8d:9f:18:c2:93:d1:b9:b8:4c:fe:3c:59:69:
                    7a:10:98:9e:10:b2:83:4b:fa:bd:3b:b7:ba:af:f4:
                    c3:21:1f:c6:7d:2b:da:6a:3f:5e:e5:e9:bc:3a:23:
                    4f:1b:55:8c:8f:52:2a:a3:1c:8e:34:a8:5f:b3:b2:
                    3b:34:2f:f0:06:6a:05:f4:12:6d:3c:96:24:2b:63:
                    c9:26:39:fb:c2:e5:5e:ce:67:cd:96:43:dc:4b:8f:
                    15:c0:89:0e:59:37:27:b3:18:2e:17:5e:37:1d:5f:
                    a8:37:08:5c:e8:00:46:cf:43:e9:4d:0a:8a:f8:d0:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FD:1B:06:3E:46:70:0A:06:B3:99:4B:0F:21:D5:61:A6:3C:20:96
            X509v3 Authority Key Identifier:
                keyid:79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/of0bBj5GcAoGs5lLDyHVYaY8IJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.236.0/24
                  185.103.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:dc:3c:ea:9f:65:c3:44:76:0d:43:a1:7a:e9:cc:f4:a0:b4:
         9a:e4:bc:74:d1:cc:04:a0:68:aa:f5:e9:f5:d5:05:e4:f5:e7:
         63:95:49:8d:a4:69:3e:46:02:e8:59:a6:a3:63:86:3b:20:f8:
         c3:12:15:af:1d:ed:36:c7:11:73:34:c4:80:1b:ac:43:6b:cd:
         7f:72:3a:98:89:1b:24:07:bf:b6:ce:52:52:b0:0a:ce:eb:92:
         0f:df:a5:39:01:f8:75:db:95:57:63:26:fb:25:8d:f5:dd:4c:
         cf:45:39:0a:88:0c:36:72:a2:08:24:02:7d:44:19:fd:0e:2a:
         d7:6b:67:cb:d2:85:c8:7b:0b:6e:8a:7b:e4:ba:96:10:6d:28:
         c6:07:e1:09:4e:8c:18:65:67:96:45:a7:50:da:ea:4d:d6:8c:
         cf:6f:e2:70:04:ac:f0:b0:06:f2:1c:18:2d:05:68:c3:95:1d:
         2a:9b:f6:43:55:ac:37:92:0f:ce:98:63:11:22:1a:6b:46:73:
         01:30:bf:c5:6d:6f:93:2b:e9:20:5a:aa:92:58:c3:79:c3:d0:
         51:3a:0e:31:63:ec:65:d5:2b:ab:e3:aa:20:f0:69:0f:9b:ce:
         6b:55:af:e2:fe:cd:9b:20:35:85:9f:a5:b1:a8:51:4f:0d:23:
         51:12:4c:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSxQMRdHDp0V7JIv13VE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTI5NWM4MGI1NGMyZGJlNzdiYTQ3ZGU3ZGFlYzZiOTg2
MDIxYjQwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZkMWIwNjNlNDY3MDBhMDZiMzk5NGIwZjIxZDU2MWE2M2MyMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApie+lCTEDYENY/ksQcCxjx4MVFL2
q5ovPU3cc/srKxNrI/sl2D+zcVbVKY83niV25kUR/jgiIeF/AgR1qP7R5ET5Kn9g
bm/drNAbxwjFEtTDZeKVuXXcY8hod1kM+Iy7dgwL8HlP+aYnnSURwOpxCPbdNt7e
TumuLCl7tEs+mLhriztUhq+PxI2fGMKT0bm4TP48WWl6EJieELKDS/q9O7e6r/TD
IR/GfSvaaj9e5em8OiNPG1WMj1IqoxyONKhfs7I7NC/wBmoF9BJtPJYkK2PJJjn7
wuVezmfNlkPcS48VwIkOWTcnsxguF143HV+oNwhc6ABGz0PpTQqK+NAT3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKH9GwY+RnAKBrOZSw8h1WGmPCCWMB8GA1UdIwQY
MBaAFHmilcgLVMLb53ukfefa7GuYYCG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEt
MmJiYjQ4ZWZiMGVkLzEvb2YwYkJqNUdjQW9HczVsTER5SFZZYVk4SUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEtMmJiYjQ4ZWZiMGVk
LzEvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+rsAwQA
uWd2MA0GCSqGSIb3DQEBCwUAA4IBAQCC3Dzqn2XDRHYNQ6F66cz0oLSa5Lx00cwE
oGiq9en11QXk9edjlUmNpGk+RgLoWaajY4Y7IPjDEhWvHe02xxFzNMSAG6xDa81/
cjqYiRskB7+2zlJSsArO65IP36U5Afh125VXYyb7JY313UzPRTkKiAw2cqIIJAJ9
RBn9DirXa2fL0oXIewtuinvkupYQbSjGB+EJTowYZWeWRadQ2upN1ozPb+JwBKzw
sAbyHBgtBWjDlR0qm/ZDVaw3kg/OmGMRIhprRnMBML/FbW+TK+kgWqqSWMN5w9BR
Og4xY+xl1Sur46og8GkPm85rVa/i/s2bIDWFn6WxqFFPDSNREkwz
-----END CERTIFICATE-----