Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/Ew_Jby283-0Y3MAswW4FNvp9YVs.roa
File:                     Ew_Jby283-0Y3MAswW4FNvp9YVs.roa (raw, json)
Hash identifier:          LyWgg5ScPnRFXlS/rxVzk54VnLJ/LDjizBFL0CMlLd8=
Subject key identifier:   13:0F:C9:6F:2D:BC:DF:ED:18:DC:C0:2C:C1:6E:05:36:FA:7D:61:5B
Certificate issuer:       /CN=ff4705a363dc1d8d0ea51c9b9a1ecbd3807bd054
Certificate serial:       018CC9BC7C062ABBAC57C602B49005AD9D99
Authority key identifier: FF:47:05:A3:63:DC:1D:8D:0E:A5:1C:9B:9A:1E:CB:D3:80:7B:D0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0cFo2PcHY0OpRybmh7L04B70FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/Ew_Jby283-0Y3MAswW4FNvp9YVs.roa
Signing time:             Tue 02 Jan 2024 10:33:42 +0000
ROA not before:           Tue 02 Jan 2024 10:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207044
IP address blocks:        185.12.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/_0cFo2PcHY0OpRybmh7L04B70FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/_0cFo2PcHY0OpRybmh7L04B70FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0cFo2PcHY0OpRybmh7L04B70FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7c:06:2a:bb:ac:57:c6:02:b4:90:05:ad:9d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff4705a363dc1d8d0ea51c9b9a1ecbd3807bd054
        Validity
            Not Before: Jan  2 10:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=130fc96f2dbcdfed18dcc02cc16e0536fa7d615b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1d:a3:f3:d6:51:d8:0b:51:4f:1d:80:a4:cf:
                    8c:c1:99:66:43:ae:f8:7f:ac:2e:b5:37:3a:e0:cd:
                    f7:49:52:97:54:c3:4d:1e:4c:b5:05:2b:b7:62:d3:
                    a5:ea:b6:60:7b:f6:1d:48:90:96:24:07:63:47:58:
                    16:8d:9a:e4:43:9e:be:17:e6:fe:53:47:1e:1b:a6:
                    9a:18:f2:f6:23:0d:36:4a:bb:b8:df:83:0d:c5:10:
                    5a:c6:1c:83:04:b7:03:18:09:f6:e3:dc:9d:65:38:
                    62:ba:a4:48:dd:8b:9c:50:f2:ed:cf:9a:31:5b:1a:
                    6c:29:47:16:42:c5:d5:59:52:c5:25:9d:9e:e5:c6:
                    fc:bc:a9:da:85:85:ae:4e:34:5f:f7:8d:86:c0:65:
                    93:3a:69:57:0a:ac:d3:49:2b:a9:9e:28:6b:7c:dd:
                    1a:b6:62:72:a0:f3:60:51:bb:09:35:d7:9c:cf:6b:
                    99:c0:6d:4c:fb:59:cb:f5:c0:13:3f:9f:d0:64:49:
                    90:04:2e:4b:89:66:63:fa:83:31:f1:59:62:25:13:
                    b5:52:5e:38:5c:d4:2a:a5:47:e7:54:13:74:ac:74:
                    c5:e6:2f:24:88:d2:e9:cd:4d:76:20:b4:1a:b5:e6:
                    57:42:c5:55:f3:ef:82:05:f8:d1:21:e5:45:eb:5d:
                    69:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0F:C9:6F:2D:BC:DF:ED:18:DC:C0:2C:C1:6E:05:36:FA:7D:61:5B
            X509v3 Authority Key Identifier:
                keyid:FF:47:05:A3:63:DC:1D:8D:0E:A5:1C:9B:9A:1E:CB:D3:80:7B:D0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0cFo2PcHY0OpRybmh7L04B70FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/Ew_Jby283-0Y3MAswW4FNvp9YVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/05b3d1-116f-4d60-a176-56bbe38f7407/1/_0cFo2PcHY0OpRybmh7L04B70FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b4:44:6a:a9:fd:7e:f5:f0:fd:8c:35:cf:a0:12:0e:84:08:
         e9:0d:19:24:12:2a:02:28:ce:c6:a7:05:4c:03:ab:27:dd:5c:
         4a:2f:6f:cc:95:6f:5d:4c:55:70:73:94:69:6c:2f:33:de:d1:
         83:42:c2:d5:2b:e2:c7:52:a7:59:eb:48:bc:63:00:47:ce:e1:
         6f:43:3f:0a:ac:45:31:88:f1:eb:a3:17:06:89:5d:07:35:65:
         e4:72:79:ec:ba:10:9a:d0:da:61:d5:b7:eb:80:e5:3a:1a:64:
         38:ca:78:f1:da:6c:c4:bf:14:04:0d:d2:dd:cb:92:f5:12:9b:
         34:1e:cc:8d:c1:14:09:cb:4c:03:8d:f6:df:c1:0f:a9:b7:9c:
         2a:e0:d5:7f:d1:62:7e:46:b6:d7:c1:a3:aa:a0:9e:9f:85:86:
         7a:79:0f:c6:af:ac:a1:70:df:17:69:8f:d0:01:39:47:86:96:
         21:da:3a:d6:eb:53:6a:b7:35:ac:b8:95:30:06:0d:33:d9:12:
         0a:28:38:2b:a7:f3:db:20:86:4a:b4:2e:d8:a4:7e:c7:fa:87:
         83:12:6b:76:f5:68:96:f4:eb:f7:81:82:ba:2f:ca:ef:0e:89:
         b5:a8:be:f1:e6:bd:08:6f:96:44:f1:23:10:56:92:ae:63:39:
         a0:5e:8e:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHwGKrusV8YCtJAFrZ2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDcwNWEzNjNkYzFkOGQwZWE1MWM5YjlhMWVjYmQzODA3
YmQwNTQwHhcNMjQwMTAyMTAzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBmYzk2ZjJkYmNkZmVkMThkY2MwMmNjMTZlMDUzNmZhN2Q2MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR2j89ZR2AtRTx2ApM+MwZlmQ674
f6wutTc64M33SVKXVMNNHky1BSu3YtOl6rZge/YdSJCWJAdjR1gWjZrkQ56+F+b+
U0ceG6aaGPL2Iw02Sru434MNxRBaxhyDBLcDGAn249ydZThiuqRI3YucUPLtz5ox
WxpsKUcWQsXVWVLFJZ2e5cb8vKnahYWuTjRf942GwGWTOmlXCqzTSSupnihrfN0a
tmJyoPNgUbsJNdecz2uZwG1M+1nL9cATP5/QZEmQBC5LiWZj+oMx8VliJRO1Ul44
XNQqpUfnVBN0rHTF5i8kiNLpzU12ILQateZXQsVV8++CBfjRIeVF611pJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMPyW8tvN/tGNzALMFuBTb6fWFbMB8GA1UdIwQY
MBaAFP9HBaNj3B2NDqUcm5oey9OAe9BUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBjRm8yUGNIWTBPcFJ5Ym1oN0wwNEI3MEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wNWIzZDEtMTE2Zi00ZDYwLWExNzYt
NTZiYmUzOGY3NDA3LzEvRXdfSmJ5MjgzLTBZM01Bc3dXNEZOdnA5WVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wNWIzZDEtMTE2Zi00ZDYwLWExNzYtNTZiYmUzOGY3NDA3
LzEvXzBjRm8yUGNIWTBPcFJ5Ym1oN0wwNEI3MEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQydMA0G
CSqGSIb3DQEBCwUAA4IBAQCgtERqqf1+9fD9jDXPoBIOhAjpDRkkEioCKM7GpwVM
A6sn3VxKL2/MlW9dTFVwc5RpbC8z3tGDQsLVK+LHUqdZ60i8YwBHzuFvQz8KrEUx
iPHroxcGiV0HNWXkcnnsuhCa0Nph1bfrgOU6GmQ4ynjx2mzEvxQEDdLdy5L1Eps0
HsyNwRQJy0wDjfbfwQ+pt5wq4NV/0WJ+RrbXwaOqoJ6fhYZ6eQ/Gr6yhcN8XaY/Q
ATlHhpYh2jrW61NqtzWsuJUwBg0z2RIKKDgrp/PbIIZKtC7YpH7H+oeDEmt29WiW
9Ov3gYK6L8rvDom1qL7x5r0Ib5ZE8SMQVpKuYzmgXo6Y
-----END CERTIFICATE-----