Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/sAdnLOMB2-SIzibVYgNReKrsRkI.roa
File:                     sAdnLOMB2-SIzibVYgNReKrsRkI.roa (raw, json)
Hash identifier:          jUc5E22rfIqjqdiYtrFEZGxOD37Hbil8Hmx66oYFrqQ=
Subject key identifier:   B0:07:67:2C:E3:01:DB:E4:88:CE:26:D5:62:03:51:78:AA:EC:46:42
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01907BCCCFDA93F8DCB862AC1A83AC40072A
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/sAdnLOMB2-SIzibVYgNReKrsRkI.roa
Signing time:             Thu 04 Jul 2024 03:32:18 +0000
ROA not before:           Thu 04 Jul 2024 03:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136526
IP address blocks:        185.202.103.0/24 maxlen: 24
                          193.239.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7b:cc:cf:da:93:f8:dc:b8:62:ac:1a:83:ac:40:07:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jul  4 03:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b007672ce301dbe488ce26d562035178aaec4642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:52:40:e3:94:47:36:f6:1a:a5:66:96:0d:d3:
                    f3:50:90:fc:3d:76:92:97:af:29:18:77:f2:ad:e1:
                    48:ce:f4:40:f8:f7:d8:e5:4a:9f:b9:fe:4e:4f:06:
                    dd:3a:bb:19:23:45:35:89:7f:44:75:79:aa:9d:8f:
                    69:b2:ac:5d:d2:dd:ca:60:70:51:19:1e:31:a1:ed:
                    ef:ff:65:4f:63:18:ac:b7:a6:81:21:f0:c6:0d:59:
                    37:95:ec:9e:24:5b:20:ab:5c:53:4c:c3:8f:a0:a2:
                    03:2f:cb:da:23:55:45:b9:5d:c3:4a:9b:bc:69:24:
                    1c:fd:67:e6:83:9a:93:65:94:81:8e:fe:43:6b:97:
                    cf:0f:47:88:db:60:51:71:07:5d:78:9e:ce:e8:da:
                    c6:a3:b7:c7:e0:9e:89:28:75:eb:f3:ba:ce:61:cd:
                    90:5c:1e:c3:5e:62:a5:54:76:5c:bb:fa:ad:9a:45:
                    d0:cc:b7:20:86:29:7d:cc:8d:d0:9e:23:e4:e0:f7:
                    a2:73:4b:0e:c4:6f:d9:4b:ac:d2:62:d9:04:4b:78:
                    b0:91:68:37:39:40:da:c0:2b:3f:4e:02:ae:b5:31:
                    60:bb:9e:0a:19:2d:18:5e:9e:b6:ed:46:66:ee:0a:
                    8f:48:77:15:33:2d:1a:b0:93:99:42:a0:a7:01:db:
                    8b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:07:67:2C:E3:01:DB:E4:88:CE:26:D5:62:03:51:78:AA:EC:46:42
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/sAdnLOMB2-SIzibVYgNReKrsRkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.103.0/24
                  193.239.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:35:60:95:30:9c:62:9e:4f:d0:12:84:bd:9b:b0:32:35:de:
         bf:6d:04:4b:a5:c6:5f:0e:13:98:1a:d1:ff:f4:ab:83:ab:62:
         46:e2:5e:bc:ea:9c:94:e9:83:3e:32:63:d9:a5:29:be:c7:d6:
         ec:17:89:0f:db:a2:2b:20:b1:cf:c2:64:d8:b6:2e:d5:c1:2a:
         5c:9a:1c:c6:c5:aa:72:94:34:6c:cf:c2:7d:38:e0:f3:39:0e:
         6c:f3:2e:26:af:04:d1:ec:29:03:fd:bf:77:a2:52:9d:58:b7:
         a8:2d:d4:bb:55:97:56:b9:6b:78:c6:73:ea:45:aa:b5:33:6f:
         06:d8:d8:7e:0d:27:12:1f:ac:61:21:62:4a:db:7d:93:d3:05:
         e1:f3:38:d2:f9:ca:ab:93:a5:51:7a:c0:f6:9d:dd:59:22:3b:
         43:9a:7b:47:ae:03:54:d1:91:3d:3a:4c:5c:07:c4:b0:e8:26:
         d0:9c:fb:70:b9:c2:61:3f:f4:d9:4e:7e:35:05:3b:48:7a:69:
         e8:dc:fd:62:ed:95:d8:65:ed:b0:eb:ac:0f:4e:b5:d7:4b:2c:
         b1:6b:b0:36:8c:5f:91:87:5d:5f:cd:96:55:03:81:eb:ad:77:
         cf:ac:e2:e6:eb:92:d0:2b:af:af:ba:0f:c2:c7:17:08:51:87:
         9d:27:6b:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB7zM/ak/jcuGKsGoOsQAcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwNzA0MDMzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDA3NjcyY2UzMDFkYmU0ODhjZTI2ZDU2MjAzNTE3OGFhZWM0NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1JA45RHNvYapWaWDdPzUJD8PXaS
l68pGHfyreFIzvRA+PfY5Uqfuf5OTwbdOrsZI0U1iX9EdXmqnY9psqxd0t3KYHBR
GR4xoe3v/2VPYxist6aBIfDGDVk3leyeJFsgq1xTTMOPoKIDL8vaI1VFuV3DSpu8
aSQc/Wfmg5qTZZSBjv5Da5fPD0eI22BRcQddeJ7O6NrGo7fH4J6JKHXr87rOYc2Q
XB7DXmKlVHZcu/qtmkXQzLcghil9zI3QniPk4Peic0sOxG/ZS6zSYtkES3iwkWg3
OUDawCs/TgKutTFgu54KGS0YXp627UZm7gqPSHcVMy0asJOZQqCnAduL/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLAHZyzjAdvkiM4m1WIDUXiq7EZCMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvc0FkbkxPTUIyLVNJemliVllnTlJlS3JzUmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucpnAwQA
we+aMA0GCSqGSIb3DQEBCwUAA4IBAQBuNWCVMJxink/QEoS9m7AyNd6/bQRLpcZf
DhOYGtH/9KuDq2JG4l686pyU6YM+MmPZpSm+x9bsF4kP26IrILHPwmTYti7VwSpc
mhzGxapylDRsz8J9OODzOQ5s8y4mrwTR7CkD/b93olKdWLeoLdS7VZdWuWt4xnPq
Raq1M28G2Nh+DScSH6xhIWJK232T0wXh8zjS+cqrk6VResD2nd1ZIjtDmntHrgNU
0ZE9OkxcB8Sw6CbQnPtwucJhP/TZTn41BTtIemno3P1i7ZXYZe2w66wPTrXXSyyx
a7A2jF+Rh11fzZZVA4HrrXfPrOLm65LQK6+vug/CxxcIUYedJ2tk
-----END CERTIFICATE-----