Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/phKERRguDNs8sQS0Ctn-RMIXq0g.roa
File:                     phKERRguDNs8sQS0Ctn-RMIXq0g.roa (raw, json)
Hash identifier:          1zGNeniRacKcoyN3DnpGYTP+6ee3AJez079a8Gp+EJQ=
Subject key identifier:   A6:12:84:45:18:2E:0C:DB:3C:B1:04:B4:0A:D9:FE:44:C2:17:AB:48
Certificate issuer:       /CN=41251342e05d58b3b7fc93a15cba1eb71e542385
Certificate serial:       018CC8016B995E809988998B8E0D1257C7FC
Authority key identifier: 41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/phKERRguDNs8sQS0Ctn-RMIXq0g.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64434
IP address blocks:        185.165.30.0/24 maxlen: 24
                          185.165.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:99:5e:80:99:88:99:8b:8e:0d:12:57:c7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41251342e05d58b3b7fc93a15cba1eb71e542385
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6128445182e0cdb3cb104b40ad9fe44c217ab48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ce:99:f5:a2:c7:fa:a3:fb:e8:9f:7b:2a:4b:
                    b5:1d:c9:b4:c2:90:9b:bc:af:2d:93:24:c6:f2:ec:
                    21:42:7b:50:21:00:63:49:9a:68:99:d5:99:fc:1e:
                    23:63:bb:18:e1:0b:8b:1c:8b:7c:58:58:36:ff:d6:
                    11:6a:52:95:19:8e:42:44:00:ef:a6:47:98:2d:ba:
                    c2:bf:fa:9f:74:7b:fc:b2:45:27:5a:32:31:96:8d:
                    9e:47:07:e5:05:b7:47:d1:2f:9f:50:2c:c3:11:d7:
                    48:77:8c:d7:3c:fa:c2:d0:00:7f:bf:a7:f0:76:28:
                    3b:c1:4e:62:2e:50:f4:e1:76:b2:48:9f:32:82:e2:
                    4f:c5:4a:f8:22:ed:8b:e0:9b:65:67:58:ab:d0:dd:
                    6f:cf:bb:e6:82:aa:4d:1f:68:27:85:c2:db:81:de:
                    6b:fc:99:8c:50:08:a8:76:b5:ce:a1:1f:6d:b0:d1:
                    4a:d0:ed:07:f1:96:eb:98:0f:52:e3:44:95:9f:a9:
                    41:6f:44:26:f3:2c:ae:87:45:f1:81:b8:d0:31:d9:
                    1a:43:a3:1d:88:15:3e:2b:e6:3a:28:28:79:b9:45:
                    07:d2:7f:a8:29:7e:70:08:f1:88:af:ed:47:04:ac:
                    78:fc:49:b2:77:2d:97:f7:ae:c8:14:86:38:71:f6:
                    9a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:12:84:45:18:2E:0C:DB:3C:B1:04:B4:0A:D9:FE:44:C2:17:AB:48
            X509v3 Authority Key Identifier:
                keyid:41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/phKERRguDNs8sQS0Ctn-RMIXq0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.28.0/24
                  185.165.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:3a:23:8c:6f:ab:94:73:98:41:18:ee:48:ce:b0:da:fd:c6:
         04:6a:c1:80:b4:34:73:ef:a1:35:02:5e:20:32:8d:70:cf:b9:
         63:56:af:5d:3a:55:64:e9:40:c4:1f:37:e3:2d:0b:97:dc:37:
         b5:b4:74:7f:a6:11:a1:5f:df:08:b4:da:c8:f0:7c:c0:b1:5e:
         c5:62:68:8e:53:0e:a0:d0:69:30:c4:0f:eb:72:80:22:45:03:
         88:65:9c:00:b5:2d:3b:94:fd:87:60:a8:76:06:83:cb:ea:a0:
         6d:a8:37:03:2e:00:38:7f:39:f5:5e:4b:b2:0f:41:56:38:60:
         5e:3c:c4:c7:cf:54:8b:b5:e3:34:5a:80:56:9c:99:ef:92:79:
         02:fd:18:31:b0:2f:13:63:0f:83:e0:fd:38:a2:06:a1:98:92:
         2b:ef:4a:e0:0c:69:3e:2a:c6:79:9a:d7:a2:b2:b2:10:f4:df:
         d8:27:bb:2a:b1:fc:61:d3:c5:af:c4:70:9d:5c:dd:dd:df:0f:
         dc:d7:fa:cc:a1:ec:35:45:6b:9c:6a:b7:21:61:e8:8b:4c:f3:
         47:99:f4:75:fc:03:dc:24:42:8a:6a:9a:58:70:1f:f0:89:70:
         36:5a:85:30:04:15:2c:24:d9:e2:61:86:ae:04:6f:f1:8d:73:
         75:f5:53:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAWuZXoCZiJmLjg0SV8f8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjUxMzQyZTA1ZDU4YjNiN2ZjOTNhMTVjYmExZWI3MWU1
NDIzODUwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjEyODQ0NTE4MmUwY2RiM2NiMTA0YjQwYWQ5ZmU0NGMyMTdhYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM6Z9aLH+qP76J97Kku1Hcm0wpCb
vK8tkyTG8uwhQntQIQBjSZpomdWZ/B4jY7sY4QuLHIt8WFg2/9YRalKVGY5CRADv
pkeYLbrCv/qfdHv8skUnWjIxlo2eRwflBbdH0S+fUCzDEddId4zXPPrC0AB/v6fw
dig7wU5iLlD04XaySJ8yguJPxUr4Iu2L4JtlZ1ir0N1vz7vmgqpNH2gnhcLbgd5r
/JmMUAiodrXOoR9tsNFK0O0H8ZbrmA9S40SVn6lBb0Qm8yyuh0XxgbjQMdkaQ6Md
iBU+K+Y6KCh5uUUH0n+oKX5wCPGIr+1HBKx4/Emydy2X967IFIY4cfaa1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKYShEUYLgzbPLEEtArZ/kTCF6tIMB8GA1UdIwQY
MBaAFEElE0LgXVizt/yToVy6HrceVCOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGIt
YzM2NjhiNTAzYTFjLzEvcGhLRVJSZ3VETnM4c1FTMEN0bi1STUlYcTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGItYzM2NjhiNTAzYTFj
LzEvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaUcAwQA
uaUeMA0GCSqGSIb3DQEBCwUAA4IBAQAzOiOMb6uUc5hBGO5IzrDa/cYEasGAtDRz
76E1Al4gMo1wz7ljVq9dOlVk6UDEHzfjLQuX3De1tHR/phGhX98ItNrI8HzAsV7F
YmiOUw6g0GkwxA/rcoAiRQOIZZwAtS07lP2HYKh2BoPL6qBtqDcDLgA4fzn1Xkuy
D0FWOGBePMTHz1SLteM0WoBWnJnvknkC/RgxsC8TYw+D4P04ogahmJIr70rgDGk+
KsZ5mteisrIQ9N/YJ7sqsfxh08WvxHCdXN3d3w/c1/rMoew1RWucarchYeiLTPNH
mfR1/APcJEKKappYcB/wiXA2WoUwBBUsJNniYYauBG/xjXN19VOR
-----END CERTIFICATE-----