Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/rpmC05yvMgrqBbwgt-NJfb13ryk.roa
File:                     rpmC05yvMgrqBbwgt-NJfb13ryk.roa (raw, json)
Hash identifier:          RZ9AozzzdIXmLU4n1keCqrHsj+hAbncel1mq6a9N6Kc=
Subject key identifier:   AE:99:82:D3:9C:AF:32:0A:EA:05:BC:20:B7:E3:49:7D:BD:77:AF:29
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       018FDCA7502BB356007AA296B0F8139F3219
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/rpmC05yvMgrqBbwgt-NJfb13ryk.roa
Signing time:             Mon 03 Jun 2024 05:51:43 +0000
ROA not before:           Mon 03 Jun 2024 05:51:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.148.68.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dc:a7:50:2b:b3:56:00:7a:a2:96:b0:f8:13:9f:32:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jun  3 05:51:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae9982d39caf320aea05bc20b7e3497dbd77af29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b0:eb:ec:e4:eb:7f:66:15:91:9e:c2:d8:42:
                    44:ab:75:96:3b:18:83:95:22:c5:53:bf:9d:58:ef:
                    2f:ba:61:a2:f3:a6:e8:29:36:84:0a:d3:40:70:a1:
                    7d:aa:8c:24:26:67:8e:bd:c5:69:ba:bb:8a:02:6f:
                    b7:d4:ed:ee:b5:51:57:d3:23:d1:c7:2e:85:9d:2a:
                    1c:2a:eb:22:6f:4b:04:fc:d6:90:4e:e5:58:78:d1:
                    f6:eb:34:d7:9b:67:b4:47:ab:d4:bc:d9:11:e9:7e:
                    b1:27:a1:c5:fc:cd:e2:ae:51:db:f1:7c:23:36:29:
                    c4:af:c2:96:dc:df:fb:c7:a8:fd:b3:bc:b4:e2:9c:
                    6b:24:10:2f:3d:6e:26:b5:8b:63:bb:81:24:68:7f:
                    d2:e8:05:5f:1f:35:ee:51:d3:b8:9a:77:a8:ad:88:
                    b7:e0:a8:e9:db:4b:78:e5:98:59:bc:4f:53:a5:a3:
                    89:68:d3:cf:27:66:2b:24:70:fd:85:7e:e4:ed:a4:
                    5d:97:ab:e4:80:42:01:5b:84:2c:cc:ba:fd:db:71:
                    92:ab:a4:1d:99:0c:00:41:cd:84:f0:0e:61:91:e0:
                    b4:ba:8d:9b:bc:a1:86:b0:2f:ea:00:ac:6c:88:af:
                    8e:d9:92:a4:58:47:e3:90:b2:a1:40:a1:4a:4b:63:
                    53:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:99:82:D3:9C:AF:32:0A:EA:05:BC:20:B7:E3:49:7D:BD:77:AF:29
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/rpmC05yvMgrqBbwgt-NJfb13ryk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:7e:27:dc:e8:da:e2:81:91:d8:8d:8a:d4:68:21:ab:1d:95:
         28:86:09:43:24:dc:58:aa:3f:70:6d:4d:7c:38:60:43:fb:29:
         4e:0f:02:b3:89:2c:d4:38:55:71:f4:89:03:9f:63:6b:ed:69:
         9b:75:d9:fb:de:e3:41:5b:23:9a:25:4d:09:84:99:48:db:0a:
         60:03:34:ee:78:3a:b5:32:18:05:42:2d:03:cb:b1:0d:fc:da:
         1e:c3:f3:ee:0f:c8:9a:6e:6a:4c:42:26:ed:86:46:5c:d7:2a:
         e8:12:99:f8:00:c5:6c:c5:98:ea:12:1e:ec:22:e8:d4:5a:8a:
         b1:93:96:46:96:55:74:33:73:d2:f9:09:e5:ae:41:60:61:57:
         16:ad:83:76:ab:fe:9e:98:42:b0:3b:38:04:ca:48:fe:8a:d4:
         36:36:84:d2:50:c5:b6:61:0a:d1:04:5d:67:87:01:fa:a0:82:
         56:d3:37:7a:6f:2b:52:e7:ad:96:09:2d:74:10:c5:ff:e7:a2:
         0c:14:9f:5a:57:e7:c4:2a:a1:10:3e:ea:07:61:6c:7d:d9:0c:
         be:2c:d9:bd:d9:05:fc:ce:f5:04:2c:a9:1d:63:07:95:7b:00:
         b4:8d:60:6e:e9:9c:56:83:dc:f5:b1:28:97:32:9d:68:e9:6c:
         60:39:30:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/cp1Ars1YAeqKWsPgTnzIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNjAzMDU1MTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTk5ODJkMzljYWYzMjBhZWEwNWJjMjBiN2UzNDk3ZGJkNzdhZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LDr7OTrf2YVkZ7C2EJEq3WWOxiD
lSLFU7+dWO8vumGi86boKTaECtNAcKF9qowkJmeOvcVpuruKAm+31O3utVFX0yPR
xy6FnSocKusib0sE/NaQTuVYeNH26zTXm2e0R6vUvNkR6X6xJ6HF/M3irlHb8Xwj
NinEr8KW3N/7x6j9s7y04pxrJBAvPW4mtYtju4EkaH/S6AVfHzXuUdO4mneorYi3
4Kjp20t45ZhZvE9TpaOJaNPPJ2YrJHD9hX7k7aRdl6vkgEIBW4QszLr923GSq6Qd
mQwAQc2E8A5hkeC0uo2bvKGGsC/qAKxsiK+O2ZKkWEfjkLKhQKFKS2NTRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6ZgtOcrzIK6gW8ILfjSX29d68pMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvcnBtQzA1eXZNZ3JxQmJ3Z3QtTkpmYjEzcnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZREMA0G
CSqGSIb3DQEBCwUAA4IBAQALfifc6NrigZHYjYrUaCGrHZUohglDJNxYqj9wbU18
OGBD+ylODwKziSzUOFVx9IkDn2Nr7Wmbddn73uNBWyOaJU0JhJlI2wpgAzTueDq1
MhgFQi0Dy7EN/Noew/PuD8iabmpMQibthkZc1yroEpn4AMVsxZjqEh7sIujUWoqx
k5ZGllV0M3PS+QnlrkFgYVcWrYN2q/6emEKwOzgEykj+itQ2NoTSUMW2YQrRBF1n
hwH6oIJW0zd6bytS562WCS10EMX/56IMFJ9aV+fEKqEQPuoHYWx92Qy+LNm92QX8
zvUELKkdYweVewC0jWBu6ZxWg9z1sSiXMp1o6WxgOTAQ
-----END CERTIFICATE-----