Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/NODr96TvuCcJqZWPS4HJSQXTy0g.roa
File:                     NODr96TvuCcJqZWPS4HJSQXTy0g.roa (raw, json)
Hash identifier:          lIdqWDAbvbQqXdp6OEMAtYVb/8XHSZUDKB8kO1lDgKw=
Subject key identifier:   34:E0:EB:F7:A4:EF:B8:27:09:A9:95:8F:4B:81:C9:49:05:D3:CB:48
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       018CC795222E00AB05EEF17A0C51B15F4C46
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/NODr96TvuCcJqZWPS4HJSQXTy0g.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        185.245.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:22:2e:00:ab:05:ee:f1:7a:0c:51:b1:5f:4c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34e0ebf7a4efb82709a9958f4b81c94905d3cb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e0:fa:eb:46:6f:fc:64:fb:06:e4:d1:df:b2:
                    7d:46:ee:a3:2d:6f:d6:22:18:d3:57:26:e7:82:cd:
                    c4:eb:8a:19:a1:3a:40:e0:f1:6e:8b:20:26:50:d4:
                    e9:f1:a8:28:b0:ed:33:2d:fd:e3:5f:68:61:bc:3a:
                    5b:4c:10:6e:38:22:75:0b:74:e4:0c:a5:60:88:e8:
                    8d:85:46:71:9f:d3:76:b1:68:42:78:fb:54:a4:d3:
                    18:83:63:82:fb:9e:61:b4:e3:b4:1e:79:4b:dd:ac:
                    49:50:66:21:d8:d3:66:d0:0f:63:1f:4e:2c:9e:b7:
                    6d:83:b9:63:c3:1f:1b:75:c7:e4:c1:65:3b:4f:fd:
                    88:da:0e:0f:db:22:e8:35:b2:ba:8f:92:4e:5e:4e:
                    c3:f8:ce:9b:58:c1:43:fc:d8:ba:a9:d2:1f:d8:21:
                    83:dc:7a:bb:e7:e4:62:2f:8f:8f:25:e6:15:2e:be:
                    20:2b:9b:8e:00:88:96:19:8d:6b:42:a1:26:d0:6a:
                    6a:05:4c:43:7a:10:92:47:ef:32:ea:3c:ef:c9:f4:
                    49:7c:a3:c7:39:db:7b:96:2e:f1:c5:ba:b0:22:03:
                    bf:21:5d:d8:b5:d1:5a:ca:b5:29:36:0f:c3:78:93:
                    ab:3a:dc:20:fd:a9:d1:21:0a:06:11:88:60:17:80:
                    25:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E0:EB:F7:A4:EF:B8:27:09:A9:95:8F:4B:81:C9:49:05:D3:CB:48
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/NODr96TvuCcJqZWPS4HJSQXTy0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f8:ea:3b:6e:e0:11:5e:cc:0a:74:4d:38:aa:e0:02:bb:83:
         c3:79:f1:b3:0a:2f:1b:ac:ba:78:ed:86:b2:f1:70:31:65:24:
         8a:55:78:46:0f:20:22:5e:25:f6:0a:32:24:ce:11:2b:53:78:
         81:80:47:74:3e:5f:97:67:40:29:85:41:15:e2:0f:8d:d7:af:
         85:9b:0a:d8:85:8e:ab:e1:f2:5c:8d:d6:ca:d0:94:62:f9:cd:
         19:6d:b5:31:15:17:33:23:ff:47:72:ab:f2:88:ff:a4:23:e1:
         9c:85:7f:39:be:91:95:99:df:21:96:de:f5:15:a1:ae:11:85:
         b4:72:34:43:3a:01:9d:94:04:e6:ce:e2:14:c6:86:4e:2c:6f:
         d2:eb:a3:87:fa:6e:08:37:d6:19:ac:70:67:3a:df:46:1b:aa:
         96:3d:e2:18:61:c3:8b:ab:e7:b6:21:58:63:eb:fc:e1:ea:46:
         06:82:6b:bf:7d:d7:47:ce:e8:2e:3e:06:16:5e:82:98:82:d7:
         fc:93:87:1e:48:dd:a1:3f:0f:6d:e8:1c:55:b8:c3:d8:da:98:
         2f:95:7d:fa:58:6a:a9:28:8b:1d:c3:90:83:3a:01:65:38:2f:
         e9:b7:94:cb:ee:ec:6a:bc:06:0e:b5:fd:28:94:85:ed:25:b0:
         8e:1c:30:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSIuAKsF7vF6DFGxX0xGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGIwZGNiNmFkMGNhODE2ZDJiZDIwNGUxM2YxZWFmMTEw
NDI3NGMwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGUwZWJmN2E0ZWZiODI3MDlhOTk1OGY0YjgxYzk0OTA1ZDNjYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOD660Zv/GT7BuTR37J9Ru6jLW/W
IhjTVybngs3E64oZoTpA4PFuiyAmUNTp8agosO0zLf3jX2hhvDpbTBBuOCJ1C3Tk
DKVgiOiNhUZxn9N2sWhCePtUpNMYg2OC+55htOO0HnlL3axJUGYh2NNm0A9jH04s
nrdtg7ljwx8bdcfkwWU7T/2I2g4P2yLoNbK6j5JOXk7D+M6bWMFD/Ni6qdIf2CGD
3Hq75+RiL4+PJeYVLr4gK5uOAIiWGY1rQqEm0GpqBUxDehCSR+8y6jzvyfRJfKPH
Odt7li7xxbqwIgO/IV3YtdFayrUpNg/DeJOrOtwg/anRIQoGEYhgF4AlBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTg6/ek77gnCamVj0uByUkF08tIMB8GA1UdIwQY
MBaAFA4LDctq0MqBbSvSBOE/Hq8RBCdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMt
N2ZlMzk1MWE3MzViLzEvTk9Ecjk2VHZ1Q2NKcVpXUFM0SEpTUVhUeTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMtN2ZlMzk1MWE3MzVi
LzEvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufVkMA0G
CSqGSIb3DQEBCwUAA4IBAQBP+Oo7buARXswKdE04quACu4PDefGzCi8brLp47Yay
8XAxZSSKVXhGDyAiXiX2CjIkzhErU3iBgEd0Pl+XZ0AphUEV4g+N16+FmwrYhY6r
4fJcjdbK0JRi+c0ZbbUxFRczI/9HcqvyiP+kI+GchX85vpGVmd8hlt71FaGuEYW0
cjRDOgGdlATmzuIUxoZOLG/S66OH+m4IN9YZrHBnOt9GG6qWPeIYYcOLq+e2IVhj
6/zh6kYGgmu/fddHzuguPgYWXoKYgtf8k4ceSN2hPw9t6BxVuMPY2pgvlX36WGqp
KIsdw5CDOgFlOC/pt5TL7uxqvAYOtf0olIXtJbCOHDCO
-----END CERTIFICATE-----