Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/d5OVo0FXAKx8zgPc7OKQbVqKOpo.roa
File:                     d5OVo0FXAKx8zgPc7OKQbVqKOpo.roa (raw, json)
Hash identifier:          /h7tkyaPQKYLhEgZGcJM7nIF6LuWkgn/QVFPe0nYr34=
Subject key identifier:   77:93:95:A3:41:57:00:AC:7C:CE:03:DC:EC:E2:90:6D:5A:8A:3A:9A
Certificate issuer:       /CN=ea641eade1955dd4b907916b99e021039ecc33e8
Certificate serial:       018CC4937E03CFC21A570CE5AA694552AD6B
Authority key identifier: EA:64:1E:AD:E1:95:5D:D4:B9:07:91:6B:99:E0:21:03:9E:CC:33:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6mQereGVXdS5B5FrmeAhA57MM-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/d5OVo0FXAKx8zgPc7OKQbVqKOpo.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203180
IP address blocks:        185.142.172.0/22 maxlen: 24
                          2a0d:540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/6mQereGVXdS5B5FrmeAhA57MM-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/6mQereGVXdS5B5FrmeAhA57MM-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6mQereGVXdS5B5FrmeAhA57MM-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7e:03:cf:c2:1a:57:0c:e5:aa:69:45:52:ad:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea641eade1955dd4b907916b99e021039ecc33e8
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=779395a3415700ac7cce03dcece2906d5a8a3a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:5f:be:4e:76:03:82:ca:f6:bf:d6:f0:c9:c0:
                    6d:57:dd:32:ff:78:f6:c9:6a:61:d4:4f:cd:85:10:
                    e7:46:d0:94:7e:ac:0b:72:3b:54:e8:0f:31:e4:b5:
                    9c:33:c8:90:c0:ff:64:8c:fa:f2:0e:81:c8:96:a0:
                    63:fb:09:5e:98:6b:0e:a4:df:32:a4:26:c0:80:7a:
                    7d:98:ab:2a:90:5a:6e:5a:36:88:5c:7d:ab:2f:84:
                    d5:4f:ad:4c:6c:87:84:75:92:80:1a:85:e9:ac:f3:
                    af:f9:32:9c:c9:21:bb:87:cc:46:38:c2:aa:87:e8:
                    26:b5:0e:2a:6d:ac:df:f9:46:fd:31:e4:c0:3f:12:
                    41:46:44:bf:e6:43:6f:47:1a:c4:25:ab:eb:97:b4:
                    13:fb:63:bf:14:ee:c2:f7:d5:62:0a:28:4e:c4:5b:
                    47:8d:8b:45:48:dd:fa:bd:1c:92:82:ea:00:f0:6a:
                    e1:b3:7a:d2:86:f3:e1:ee:f9:92:d0:1e:a4:68:a5:
                    99:31:de:5c:73:81:c4:4f:d2:c5:41:19:49:e2:cf:
                    f9:7f:22:15:23:c5:6d:db:ea:c7:88:9e:cb:58:48:
                    6e:e5:ca:99:7a:dd:76:30:b0:ba:69:94:fb:90:87:
                    51:37:b1:af:b0:c9:6e:3e:5b:38:28:7a:0e:02:7f:
                    99:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:93:95:A3:41:57:00:AC:7C:CE:03:DC:EC:E2:90:6D:5A:8A:3A:9A
            X509v3 Authority Key Identifier:
                keyid:EA:64:1E:AD:E1:95:5D:D4:B9:07:91:6B:99:E0:21:03:9E:CC:33:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6mQereGVXdS5B5FrmeAhA57MM-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/d5OVo0FXAKx8zgPc7OKQbVqKOpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/73764d-f250-4e3d-bb6f-21c4c6d6b6cb/1/6mQereGVXdS5B5FrmeAhA57MM-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.172.0/22
                IPv6:
                  2a0d:540::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:dc:49:e1:9e:19:01:c4:3f:2b:d9:09:71:be:ab:9d:62:e3:
         da:c3:6e:f4:de:50:c9:26:ce:c3:93:d2:9c:04:02:cc:24:d6:
         d2:5e:06:ca:90:1d:b6:54:bc:24:22:97:b4:fe:1a:ab:44:87:
         9f:7f:5a:4c:2c:e9:97:19:25:46:9f:7a:8b:a6:22:57:de:7b:
         8e:fc:d1:6d:1c:b0:38:18:af:1a:be:35:bc:39:d1:f5:1c:01:
         e5:04:78:ea:b7:44:26:05:2f:94:98:87:d3:43:af:a9:4a:08:
         e6:51:e1:ec:af:c9:6d:a4:84:db:37:32:18:0b:70:26:2b:3d:
         f1:5e:ad:bc:00:05:c4:f4:16:40:98:fe:e6:c8:c4:72:b7:fc:
         79:1c:e3:ad:f5:dc:87:e0:f3:93:e2:2b:85:e5:a0:1b:3c:d8:
         30:cf:3b:25:eb:12:54:45:78:a5:ae:2d:0d:6e:a3:71:09:02:
         36:7b:ad:70:5e:28:d3:4f:9f:55:dd:e4:11:11:de:32:5d:1d:
         31:1e:4a:c0:7f:89:e8:77:6f:77:c8:a1:5e:6a:37:16:bd:5f:
         17:e2:43:4f:32:4f:b7:47:69:28:af:7b:98:a2:42:82:15:18:
         8d:ed:68:b2:2b:a4:61:fb:27:0a:c9:6c:60:55:85:72:7b:78:
         80:ca:87:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk34Dz8IaVwzlqmlFUq1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNjQxZWFkZTE5NTVkZDRiOTA3OTE2Yjk5ZTAyMTAzOWVj
YzMzZTgwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzkzOTVhMzQxNTcwMGFjN2NjZTAzZGNlY2UyOTA2ZDVhOGEzYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4F++TnYDgsr2v9bwycBtV90y/3j2
yWph1E/NhRDnRtCUfqwLcjtU6A8x5LWcM8iQwP9kjPryDoHIlqBj+wlemGsOpN8y
pCbAgHp9mKsqkFpuWjaIXH2rL4TVT61MbIeEdZKAGoXprPOv+TKcySG7h8xGOMKq
h+gmtQ4qbazf+Ub9MeTAPxJBRkS/5kNvRxrEJavrl7QT+2O/FO7C99ViCihOxFtH
jYtFSN36vRySguoA8Grhs3rShvPh7vmS0B6kaKWZMd5cc4HET9LFQRlJ4s/5fyIV
I8Vt2+rHiJ7LWEhu5cqZet12MLC6aZT7kIdRN7GvsMluPls4KHoOAn+ZywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHeTlaNBVwCsfM4D3OzikG1aijqaMB8GA1UdIwQY
MBaAFOpkHq3hlV3UuQeRa5ngIQOezDPoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm1RZXJlR1ZYZFM1QjVGcm1lQWhBNTdNTS1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83Mzc2NGQtZjI1MC00ZTNkLWJiNmYt
MjFjNGM2ZDZiNmNiLzEvZDVPVm8wRlhBS3g4emdQYzdPS1FiVnFLT3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83Mzc2NGQtZjI1MC00ZTNkLWJiNmYtMjFjNGM2ZDZiNmNi
LzEvNm1RZXJlR1ZYZFM1QjVGcm1lQWhBNTdNTS1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY6sMA0E
AgACMAcDBQMqDQVAMA0GCSqGSIb3DQEBCwUAA4IBAQBD3EnhnhkBxD8r2Qlxvqud
YuPaw2703lDJJs7Dk9KcBALMJNbSXgbKkB22VLwkIpe0/hqrRIeff1pMLOmXGSVG
n3qLpiJX3nuO/NFtHLA4GK8avjW8OdH1HAHlBHjqt0QmBS+UmIfTQ6+pSgjmUeHs
r8ltpITbNzIYC3AmKz3xXq28AAXE9BZAmP7myMRyt/x5HOOt9dyH4POT4iuF5aAb
PNgwzzsl6xJURXilri0NbqNxCQI2e61wXijTT59V3eQREd4yXR0xHkrAf4nod293
yKFeajcWvV8X4kNPMk+3R2kor3uYokKCFRiN7WiyK6Rh+ycKyWxgVYVye3iAyoc6
-----END CERTIFICATE-----