Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/c13YCPS8Zb66GKjp3On_rDNgBic.roa
File:                     c13YCPS8Zb66GKjp3On_rDNgBic.roa (raw, json)
Hash identifier:          uXucTky1YYnioSILJB2sDd4ThH4gt+z6UrNsiFTJM0Q=
Subject key identifier:   73:5D:D8:08:F4:BC:65:BE:BA:18:A8:E9:DC:E9:FF:AC:33:60:06:27
Certificate issuer:       /CN=e2c137106c1a46aea07c24b11729fd7d216a24f5
Certificate serial:       018CC8017344E285DB2BF3545A3C5FE05200
Authority key identifier: E2:C1:37:10:6C:1A:46:AE:A0:7C:24:B1:17:29:FD:7D:21:6A:24:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/c13YCPS8Zb66GKjp3On_rDNgBic.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        185.222.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:73:44:e2:85:db:2b:f3:54:5a:3c:5f:e0:52:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c137106c1a46aea07c24b11729fd7d216a24f5
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=735dd808f4bc65beba18a8e9dce9ffac33600627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:b0:15:73:5f:54:33:b2:20:bf:42:41:fc:
                    74:8e:26:22:5e:d4:23:1f:53:83:dd:10:cf:a8:78:
                    73:bc:7b:30:54:18:35:14:2a:cc:5b:82:0f:97:75:
                    15:53:c7:ba:ce:ef:29:a3:06:78:9b:c2:f0:da:64:
                    45:88:85:1a:6e:11:58:51:33:52:10:e8:f8:8c:d4:
                    d8:ae:dc:aa:42:03:c1:d5:32:ae:15:fb:29:75:a0:
                    c7:b1:a7:4a:93:3e:d8:1d:a6:ab:0d:f4:c4:99:36:
                    2d:03:dd:c6:fc:d8:b9:ac:6a:03:c0:0d:9d:46:47:
                    bd:41:20:1e:0f:0d:af:df:b2:67:ec:f9:a4:37:95:
                    74:1f:a0:a5:ed:a3:ba:57:30:f0:54:e4:82:b3:1a:
                    6e:ed:6c:b8:0e:f8:95:94:7c:e1:30:c9:57:8e:91:
                    82:40:1b:5e:57:f5:4c:20:83:44:a6:ca:01:ae:14:
                    8c:e5:d1:df:19:8a:e0:f2:45:be:38:03:97:5a:a8:
                    a9:f3:2f:1a:85:77:a3:7a:45:5f:86:c9:b7:69:47:
                    ee:ad:95:73:40:c6:9c:e3:f2:1f:47:31:f9:d6:a1:
                    00:e3:14:fc:ee:a2:ee:17:4a:ad:62:8f:4d:d8:ab:
                    e3:5a:54:65:8d:ac:8e:9a:e4:a6:d9:53:0d:4d:f0:
                    b9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5D:D8:08:F4:BC:65:BE:BA:18:A8:E9:DC:E9:FF:AC:33:60:06:27
            X509v3 Authority Key Identifier:
                keyid:E2:C1:37:10:6C:1A:46:AE:A0:7C:24:B1:17:29:FD:7D:21:6A:24:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/c13YCPS8Zb66GKjp3On_rDNgBic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:56:0f:0e:9e:44:bd:22:ff:58:3f:3d:68:ad:1d:50:8d:30:
         10:10:a6:f6:4c:f9:4e:77:a4:c2:5c:9c:d2:4d:ee:4a:9d:84:
         ed:4b:68:72:9e:69:83:83:3f:4b:2f:5e:d5:b0:1f:82:49:05:
         ec:03:20:25:b5:b7:ec:0e:c8:d9:e1:c0:ff:d7:c1:b9:e2:d9:
         d5:ad:a4:20:3a:ed:ff:d5:cb:14:1a:cb:bc:5a:2a:d0:0c:6d:
         42:0a:e2:f1:ae:0f:a1:a7:c5:ad:e3:0c:f8:8a:17:a7:e0:fd:
         92:53:5e:f2:9e:05:79:38:f6:f8:93:ae:67:83:bd:35:78:73:
         92:e2:67:a2:4e:50:70:53:00:64:04:df:ad:5a:63:1d:6c:06:
         6c:83:39:45:c9:17:eb:d8:08:d1:16:f4:d6:e5:4b:1e:df:41:
         f6:08:c7:41:77:bd:29:3c:13:e4:bb:17:f5:4c:72:75:69:98:
         99:59:56:11:fd:95:f4:b6:81:4a:fe:a3:6b:de:70:4d:33:e6:
         52:6e:61:af:87:db:42:d0:17:ca:e4:bf:9c:c4:9d:ac:d1:88:
         ba:28:6e:24:22:f5:9c:d4:8c:36:6d:8e:da:af:f3:27:e0:b7:
         bf:38:4b:fa:52:59:b7:ab:a7:be:44:08:b4:bf:bc:91:4a:bf:
         70:d6:a8:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXNE4oXbK/NUWjxf4FIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzEzNzEwNmMxYTQ2YWVhMDdjMjRiMTE3MjlmZDdkMjE2
YTI0ZjUwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzVkZDgwOGY0YmM2NWJlYmExOGE4ZTlkY2U5ZmZhYzMzNjAwNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjqwFXNfVDOyIL9CQfx0jiYiXtQj
H1OD3RDPqHhzvHswVBg1FCrMW4IPl3UVU8e6zu8powZ4m8Lw2mRFiIUabhFYUTNS
EOj4jNTYrtyqQgPB1TKuFfspdaDHsadKkz7YHaarDfTEmTYtA93G/Ni5rGoDwA2d
Rke9QSAeDw2v37Jn7PmkN5V0H6Cl7aO6VzDwVOSCsxpu7Wy4DviVlHzhMMlXjpGC
QBteV/VMIINEpsoBrhSM5dHfGYrg8kW+OAOXWqip8y8ahXejekVfhsm3aUfurZVz
QMac4/IfRzH51qEA4xT87qLuF0qtYo9N2KvjWlRljayOmuSm2VMNTfC5mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNd2Aj0vGW+uhio6dzp/6wzYAYnMB8GA1UdIwQY
MBaAFOLBNxBsGkauoHwksRcp/X0haiT1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNFM0VHd2FScTZnZkNTeEZ5bjlmU0ZxSlBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yNDM1Y2MtNTUzMy00ZjcwLWJiODIt
OWNhZjI1YTQ5OWQ3LzEvYzEzWUNQUzhaYjY2R0tqcDNPbl9yRE5nQmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yNDM1Y2MtNTUzMy00ZjcwLWJiODItOWNhZjI1YTQ5OWQ3
LzEvNHNFM0VHd2FScTZnZkNTeEZ5bjlmU0ZxSlBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud7oMA0G
CSqGSIb3DQEBCwUAA4IBAQBlVg8OnkS9Iv9YPz1orR1QjTAQEKb2TPlOd6TCXJzS
Te5KnYTtS2hynmmDgz9LL17VsB+CSQXsAyAltbfsDsjZ4cD/18G54tnVraQgOu3/
1csUGsu8WirQDG1CCuLxrg+hp8Wt4wz4ihen4P2SU17yngV5OPb4k65ng701eHOS
4meiTlBwUwBkBN+tWmMdbAZsgzlFyRfr2AjRFvTW5Use30H2CMdBd70pPBPkuxf1
THJ1aZiZWVYR/ZX0toFK/qNr3nBNM+ZSbmGvh9tC0BfK5L+cxJ2s0Yi6KG4kIvWc
1Iw2bY7ar/Mn4Le/OEv6Ulm3q6e+RAi0v7yRSr9w1qjA
-----END CERTIFICATE-----