Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/hG_ek3_tiD2bxTyTREAmTz3vm6M.roa
File:                     hG_ek3_tiD2bxTyTREAmTz3vm6M.roa (raw, json)
Hash identifier:          YglkZAUlGKzksaioKp//mNsUnTsZ4O4poRp4SVJU7jE=
Subject key identifier:   84:6F:DE:93:7F:ED:88:3D:9B:C5:3C:93:44:40:26:4F:3D:EF:9B:A3
Certificate issuer:       /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial:       018CC5DBFC3B2462CE490E362552999B2A24
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/hG_ek3_tiD2bxTyTREAmTz3vm6M.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        185.229.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fc:3b:24:62:ce:49:0e:36:25:52:99:9b:2a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=846fde937fed883d9bc53c934440264f3def9ba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7a:0f:bb:ea:00:82:d0:8b:13:a6:cf:ea:e5:
                    56:c2:43:44:4c:43:67:f9:33:7f:4f:1e:c2:12:06:
                    32:f1:ef:d7:31:23:6d:43:27:79:08:61:cc:3d:42:
                    39:e9:37:09:76:1d:30:8b:db:f3:29:21:54:ba:e4:
                    1b:f7:62:0d:0c:63:d3:7b:70:d5:bb:2b:14:ba:da:
                    23:4c:28:71:c3:ee:06:57:00:5f:8d:f4:27:a2:50:
                    3f:3f:99:fd:ed:f6:b1:a0:5a:2b:65:31:91:8e:94:
                    68:a0:0a:98:65:15:c2:93:55:c1:6e:60:0e:6f:20:
                    f1:06:ef:36:65:ac:25:fe:d7:1e:bf:b1:b6:40:3a:
                    a8:df:6f:99:72:30:8d:0b:5e:9f:db:32:32:c6:7b:
                    b3:12:00:81:13:ac:bc:c8:65:0f:a8:8f:90:10:bf:
                    57:6a:2f:3b:17:01:40:73:0c:4f:2d:6c:87:b3:00:
                    07:1a:80:ca:9f:97:03:77:c2:40:a2:6a:5f:3c:e5:
                    6e:6b:bf:ba:12:0f:9c:79:db:d6:c7:8d:86:b5:58:
                    c4:9c:54:09:75:eb:91:86:c7:af:4b:7f:83:a6:26:
                    4b:52:ae:fc:a0:ac:14:a3:7d:aa:9e:b4:ef:e4:e2:
                    b5:88:d1:bb:6f:aa:ff:4e:28:02:2a:e1:ff:56:ee:
                    7a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6F:DE:93:7F:ED:88:3D:9B:C5:3C:93:44:40:26:4F:3D:EF:9B:A3
            X509v3 Authority Key Identifier:
                keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/hG_ek3_tiD2bxTyTREAmTz3vm6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3b:f1:f4:d0:87:85:e7:19:31:b0:22:fd:c3:79:40:60:c8:
         2a:bc:23:c7:77:97:50:e8:aa:66:9d:af:26:52:b5:84:ab:42:
         eb:1b:14:67:1c:d9:80:31:64:07:90:60:0e:48:e4:2b:d2:36:
         d0:18:2f:bc:44:07:5a:f0:2f:2f:df:06:93:9d:8c:31:d6:2a:
         c2:ce:c3:45:30:8b:1f:74:3a:ec:9c:bd:93:d5:c3:35:6d:62:
         53:10:ec:25:ba:30:e9:c1:fc:e1:4e:03:25:9d:d1:b1:41:31:
         b6:e2:b7:72:9a:b9:50:2b:eb:ed:44:03:c4:8a:24:7a:c8:a2:
         14:50:4f:3c:6e:43:c3:f5:9d:67:d3:94:9b:9d:d0:7e:eb:82:
         39:a5:fa:49:f5:ad:d0:06:cd:90:61:17:bf:ba:87:9d:65:55:
         b7:9f:b9:4b:fd:02:a5:c8:8c:1e:8a:96:b7:5f:8f:47:76:0e:
         b6:84:b0:8f:05:c2:42:4f:93:ee:89:d2:68:47:4d:92:c5:eb:
         4b:22:c4:ad:c5:39:58:da:74:15:e6:bd:3a:38:23:95:3b:59:
         d6:ad:39:ae:aa:65:68:b7:ec:46:05:d0:62:2d:35:45:95:c2:
         99:76:4f:00:fe:81:7d:d2:6d:a1:7c:c0:be:ae:c6:2e:57:18:
         c5:7d:61:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/w7JGLOSQ42JVKZmyokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZmZGU5MzdmZWQ4ODNkOWJjNTNjOTM0NDQwMjY0ZjNkZWY5YmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHoPu+oAgtCLE6bP6uVWwkNETENn
+TN/Tx7CEgYy8e/XMSNtQyd5CGHMPUI56TcJdh0wi9vzKSFUuuQb92INDGPTe3DV
uysUutojTChxw+4GVwBfjfQnolA/P5n97faxoForZTGRjpRooAqYZRXCk1XBbmAO
byDxBu82Zawl/tcev7G2QDqo32+ZcjCNC16f2zIyxnuzEgCBE6y8yGUPqI+QEL9X
ai87FwFAcwxPLWyHswAHGoDKn5cDd8JAompfPOVua7+6Eg+cedvWx42GtVjEnFQJ
deuRhsevS3+DpiZLUq78oKwUo32qnrTv5OK1iNG7b6r/TigCKuH/Vu56zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRv3pN/7Yg9m8U8k0RAJk8975ujMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvaEdfZWszX3RpRDJieFR5VFJFQW1UejN2bTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUdMA0G
CSqGSIb3DQEBCwUAA4IBAQAGO/H00IeF5xkxsCL9w3lAYMgqvCPHd5dQ6Kpmna8m
UrWEq0LrGxRnHNmAMWQHkGAOSOQr0jbQGC+8RAda8C8v3waTnYwx1irCzsNFMIsf
dDrsnL2T1cM1bWJTEOwlujDpwfzhTgMlndGxQTG24rdymrlQK+vtRAPEiiR6yKIU
UE88bkPD9Z1n05SbndB+64I5pfpJ9a3QBs2QYRe/uoedZVW3n7lL/QKlyIweipa3
X49Hdg62hLCPBcJCT5PuidJoR02SxetLIsStxTlY2nQV5r06OCOVO1nWrTmuqmVo
t+xGBdBiLTVFlcKZdk8A/oF90m2hfMC+rsYuVxjFfWH4
-----END CERTIFICATE-----