Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/0mMkQorZM0wYC9Stg7fDSJQaXao.roa
File:                     0mMkQorZM0wYC9Stg7fDSJQaXao.roa (raw, json)
Hash identifier:          1im5P624giJ8gAxOg16W9WwlvYkHgpsMuX4cLq+KDAE=
Subject key identifier:   D2:63:24:42:8A:D9:33:4C:18:0B:D4:AD:83:B7:C3:48:94:1A:5D:AA
Certificate issuer:       /CN=ef1f01881b73c8e9b5d92239229a6e512eca4e7c
Certificate serial:       018CCA2951D898496B81DF99D774DA7F15CA
Authority key identifier: EF:1F:01:88:1B:73:C8:E9:B5:D9:22:39:22:9A:6E:51:2E:CA:4E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/0mMkQorZM0wYC9Stg7fDSJQaXao.roa
Signing time:             Tue 02 Jan 2024 12:32:34 +0000
ROA not before:           Tue 02 Jan 2024 12:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42037
IP address blocks:        185.155.182.0/24 maxlen: 24
                          2a00:8c40:238::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:51:d8:98:49:6b:81:df:99:d7:74:da:7f:15:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1f01881b73c8e9b5d92239229a6e512eca4e7c
        Validity
            Not Before: Jan  2 12:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d26324428ad9334c180bd4ad83b7c348941a5daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:67:39:9e:69:42:ff:9b:4c:9e:68:7c:55:ad:
                    40:13:2d:4d:38:a9:ab:b8:0d:5b:3d:4a:50:01:a8:
                    7e:19:23:11:f6:a6:25:75:39:06:49:aa:c0:07:0e:
                    1b:5c:8a:72:67:97:32:77:93:7d:13:e1:fd:ec:1d:
                    3e:35:44:9d:dc:63:a7:44:2e:2c:6d:2b:52:ad:a4:
                    76:2c:93:0d:e3:1d:e9:8e:d9:d3:69:aa:46:b7:9e:
                    a7:53:5c:41:06:0d:70:7b:e2:38:52:28:7b:91:cb:
                    1f:f5:dd:45:83:de:db:6e:a4:dd:15:45:37:8d:07:
                    c4:51:a3:52:44:bf:da:35:97:b9:1e:bf:97:d2:51:
                    7c:5c:99:37:79:85:d8:0c:6e:e0:0a:20:0d:3b:d5:
                    12:1d:4e:89:7b:1b:5a:09:36:08:13:a0:d0:02:0d:
                    b3:6e:8b:29:6e:91:87:1b:ec:eb:cc:a8:7b:9c:68:
                    b8:74:0c:41:75:6d:2b:2b:65:c1:5b:25:ed:44:8c:
                    9e:b5:34:82:86:64:b8:b4:f7:1f:e5:c2:8b:dd:ff:
                    74:25:22:4b:d6:42:1e:0c:db:6e:f3:2e:d6:62:ea:
                    d6:c0:92:3e:ae:bc:a5:3d:9c:83:79:c8:ac:7d:06:
                    36:ca:0c:59:d3:d8:15:9f:55:98:4a:a5:7f:e1:a7:
                    af:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:63:24:42:8A:D9:33:4C:18:0B:D4:AD:83:B7:C3:48:94:1A:5D:AA
            X509v3 Authority Key Identifier:
                keyid:EF:1F:01:88:1B:73:C8:E9:B5:D9:22:39:22:9A:6E:51:2E:CA:4E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/0mMkQorZM0wYC9Stg7fDSJQaXao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.182.0/24
                IPv6:
                  2a00:8c40:238::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:df:4f:01:a6:70:11:87:26:20:53:df:1d:60:0c:50:82:69:
         e7:d4:38:56:26:a6:e9:20:06:f2:16:42:20:e5:60:bd:b7:c7:
         5e:58:8e:e0:d5:ce:64:37:c1:92:4f:84:67:c6:6d:ee:74:62:
         7f:fc:55:3f:0a:54:d0:77:6a:9d:55:98:9d:e8:aa:94:a7:6d:
         51:bc:01:5d:31:71:fe:f5:87:39:b1:a6:58:4d:3c:21:57:b5:
         c4:c1:a6:7c:32:48:52:0f:03:6e:2a:fb:17:f5:7b:0f:be:0b:
         7f:de:8d:31:dd:3a:41:a2:84:77:51:5a:98:e0:50:db:56:94:
         80:dd:88:8c:19:b6:71:6d:5b:22:f5:19:e8:c6:0f:cf:8b:bd:
         94:44:6b:b0:33:f8:07:ae:65:45:ec:2b:cc:f9:f8:90:ee:b2:
         76:07:d5:0d:cd:f3:f6:39:88:9c:58:17:9f:06:27:7e:8c:74:
         b7:ae:15:17:d0:a8:7d:20:09:c1:eb:d2:7a:ff:f5:34:32:68:
         71:c7:89:f4:ba:32:bd:8c:68:ab:64:c0:93:f9:d6:9c:59:28:
         42:40:88:62:f4:ae:c2:9a:8f:58:d1:24:39:f9:eb:aa:0d:9b:
         19:71:33:98:b7:a2:2a:29:6e:e9:3b:a5:97:82:b8:67:9e:23:
         4f:d6:ed:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKVHYmElrgd+Z13TafxXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWYwMTg4MWI3M2M4ZTliNWQ5MjIzOTIyOWE2ZTUxMmVj
YTRlN2MwHhcNMjQwMTAyMTIzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjYzMjQ0MjhhZDkzMzRjMTgwYmQ0YWQ4M2I3YzM0ODk0MWE1ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWc5nmlC/5tMnmh8Va1AEy1NOKmr
uA1bPUpQAah+GSMR9qYldTkGSarABw4bXIpyZ5cyd5N9E+H97B0+NUSd3GOnRC4s
bStSraR2LJMN4x3pjtnTaapGt56nU1xBBg1we+I4Uih7kcsf9d1Fg97bbqTdFUU3
jQfEUaNSRL/aNZe5Hr+X0lF8XJk3eYXYDG7gCiANO9USHU6JextaCTYIE6DQAg2z
bospbpGHG+zrzKh7nGi4dAxBdW0rK2XBWyXtRIyetTSChmS4tPcf5cKL3f90JSJL
1kIeDNtu8y7WYurWwJI+rrylPZyDecisfQY2ygxZ09gVn1WYSqV/4aevjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNJjJEKK2TNMGAvUrYO3w0iUGl2qMB8GA1UdIwQY
MBaAFO8fAYgbc8jptdkiOSKablEuyk58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3g4QmlCdHp5T20xMlNJNUlwcHVVUzdLVG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS82NzUzOTktODFiZS00ZmVjLTlmODYt
NTUxMzFjYzFlZmVhLzEvMG1Na1FvclpNMHdZQzlTdGc3ZkRTSlFhWGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS82NzUzOTktODFiZS00ZmVjLTlmODYtNTUxMzFjYzFlZmVh
LzEvN3g4QmlCdHp5T20xMlNJNUlwcHVVUzdLVG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuZu2MA8E
AgACMAkDBwAqAIxAAjgwDQYJKoZIhvcNAQELBQADggEBAKbfTwGmcBGHJiBT3x1g
DFCCaefUOFYmpukgBvIWQiDlYL23x15YjuDVzmQ3wZJPhGfGbe50Yn/8VT8KVNB3
ap1VmJ3oqpSnbVG8AV0xcf71hzmxplhNPCFXtcTBpnwySFIPA24q+xf1ew++C3/e
jTHdOkGihHdRWpjgUNtWlIDdiIwZtnFtWyL1GejGD8+LvZREa7Az+AeuZUXsK8z5
+JDusnYH1Q3N8/Y5iJxYF58GJ36MdLeuFRfQqH0gCcHr0nr/9TQyaHHHifS6Mr2M
aKtkwJP51pxZKEJAiGL0rsKaj1jRJDn566oNmxlxM5i3oiopbuk7pZeCuGeeI0/W
7Yk=
-----END CERTIFICATE-----