Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/dmhmhHpoC2rgtWleCsbrFsVzPcM.roa
File:                     dmhmhHpoC2rgtWleCsbrFsVzPcM.roa (raw, json)
Hash identifier:          qD/qUeTaVJffu1v7WT4gBrTdEo9yz5VHRkJXqCKrvjE=
Subject key identifier:   76:68:66:84:7A:68:0B:6A:E0:B5:69:5E:0A:C6:EB:16:C5:73:3D:C3
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       019241D14D7E55DF4B075554F9E208849A81
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/dmhmhHpoC2rgtWleCsbrFsVzPcM.roa
Signing time:             Mon 30 Sep 2024 07:24:48 +0000
ROA not before:           Mon 30 Sep 2024 07:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31204
IP address blocks:        83.218.192.0/19 maxlen: 19
                          89.149.64.0/18 maxlen: 24
                          89.149.84.0/23 maxlen: 23
                          89.149.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:41:d1:4d:7e:55:df:4b:07:55:54:f9:e2:08:84:9a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Sep 30 07:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=766866847a680b6ae0b5695e0ac6eb16c5733dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4c:e0:b1:56:a2:93:42:a4:0c:c2:50:a4:0f:
                    5f:ce:ea:62:13:cd:6c:8c:7c:0b:0e:f2:b0:5c:ba:
                    83:99:51:6d:8b:4c:b2:fa:19:6f:92:59:6c:d9:e7:
                    3c:ac:0b:a8:fa:81:8d:40:8d:89:30:ab:db:c2:64:
                    da:fb:b4:46:62:ab:80:ab:8b:99:5d:20:0e:72:2c:
                    a7:d4:09:58:c6:e9:f6:f0:e0:de:66:76:55:17:8f:
                    5d:d7:b5:43:97:a0:a4:20:79:de:4d:c8:e1:7c:17:
                    35:70:00:e0:a0:b9:4e:8d:92:36:47:15:0a:10:5f:
                    fb:41:70:7e:b9:0f:8a:0d:23:5b:74:bc:29:09:22:
                    1a:f9:f5:b8:df:54:00:66:92:f5:3e:20:76:59:79:
                    72:4d:3d:0a:5a:26:1f:9d:3a:71:e1:39:32:a7:88:
                    01:30:e3:e0:01:89:9a:d7:0c:de:30:61:c0:89:87:
                    e3:f9:c0:bc:fd:7d:4f:f0:88:53:eb:be:2c:ad:db:
                    db:cb:d2:fd:28:76:ef:16:86:72:9a:8d:d0:43:d2:
                    27:0f:53:cd:36:6d:2a:91:b4:26:68:57:08:dd:7a:
                    50:09:6e:d4:58:49:38:e7:ee:f0:20:5d:22:90:d4:
                    33:04:bf:89:57:d5:60:58:ca:2f:d7:54:4b:31:31:
                    bd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:68:66:84:7A:68:0B:6A:E0:B5:69:5E:0A:C6:EB:16:C5:73:3D:C3
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/dmhmhHpoC2rgtWleCsbrFsVzPcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.218.192.0/19
                  89.149.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         86:2a:1d:32:b6:30:fc:81:b1:cb:ba:ab:02:d7:17:61:c1:69:
         06:f4:22:76:bf:5f:e8:db:18:51:28:7c:5b:e7:a4:7e:df:91:
         bb:26:3b:ef:9a:a3:2b:25:c9:5e:f6:a0:18:aa:c0:16:e0:9f:
         44:36:9e:e3:ef:9c:f9:0e:a9:01:aa:e3:56:0d:59:58:de:c1:
         5e:b9:f0:12:b7:72:69:68:5e:c3:3a:88:06:9b:65:f7:a6:af:
         48:e7:f7:38:e3:4b:ec:11:3b:25:45:56:fd:0c:42:6e:e4:dc:
         b6:c3:21:e5:03:8d:99:ef:5f:9f:29:c0:cf:c2:5e:d0:f5:01:
         a9:39:b7:8b:81:3a:ae:3a:6f:d2:24:99:ea:c4:2e:e6:4b:cf:
         95:3b:7b:bd:c2:5f:c0:bb:40:a5:7c:0e:90:28:87:04:97:3b:
         ce:76:a2:71:fb:39:9a:a2:0e:f4:d5:a9:00:e2:66:16:d1:a9:
         82:34:85:a8:54:4f:99:0f:7a:d1:ef:58:71:df:64:0c:de:b6:
         e0:99:db:d3:14:1a:53:67:c1:be:2d:4a:d2:35:94:7f:e4:3e:
         7e:53:4a:5b:7c:93:09:d2:c9:d5:f8:62:c8:05:53:c7:78:54:
         f9:cd:78:50:9b:40:e3:73:c1:48:ff:51:5c:8a:d3:9b:b6:3c:
         8b:dd:e9:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJB0U1+Vd9LB1VU+eIIhJqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjQwOTMwMDcyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY4NjY4NDdhNjgwYjZhZTBiNTY5NWUwYWM2ZWIxNmM1NzMzZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkzgsVaik0KkDMJQpA9fzupiE81s
jHwLDvKwXLqDmVFti0yy+hlvklls2ec8rAuo+oGNQI2JMKvbwmTa+7RGYquAq4uZ
XSAOciyn1AlYxun28ODeZnZVF49d17VDl6CkIHneTcjhfBc1cADgoLlOjZI2RxUK
EF/7QXB+uQ+KDSNbdLwpCSIa+fW431QAZpL1PiB2WXlyTT0KWiYfnTpx4Tkyp4gB
MOPgAYma1wzeMGHAiYfj+cC8/X1P8IhT674srdvby9L9KHbvFoZymo3QQ9InD1PN
Nm0qkbQmaFcI3XpQCW7UWEk45+7wIF0ikNQzBL+JV9VgWMov11RLMTG9uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHZoZoR6aAtq4LVpXgrG6xbFcz3DMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvZG1obWhIcG9DMnJndFdsZUNzYnJGc1Z6UGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFU9rAAwQG
WZVAMA0GCSqGSIb3DQEBCwUAA4IBAQCGKh0ytjD8gbHLuqsC1xdhwWkG9CJ2v1/o
2xhRKHxb56R+35G7JjvvmqMrJcle9qAYqsAW4J9ENp7j75z5DqkBquNWDVlY3sFe
ufASt3JpaF7DOogGm2X3pq9I5/c440vsETslRVb9DEJu5Ny2wyHlA42Z71+fKcDP
wl7Q9QGpObeLgTquOm/SJJnqxC7mS8+VO3u9wl/Au0ClfA6QKIcElzvOdqJx+zma
og701akA4mYW0amCNIWoVE+ZD3rR71hx32QM3rbgmdvTFBpTZ8G+LUrSNZR/5D5+
U0pbfJMJ0snV+GLIBVPHeFT5zXhQm0Djc8FI/1FcitObtjyL3elO
-----END CERTIFICATE-----