Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/rdGBxshekYdJ94UJZZAOQKvYZmQ.roa
File:                     rdGBxshekYdJ94UJZZAOQKvYZmQ.roa (raw, json)
Hash identifier:          LN5dmtQ+xMFR9NxLEpnZouuxPUwrPbzIMD0cmxVCLwo=
Subject key identifier:   AD:D1:81:C6:C8:5E:91:87:49:F7:85:09:65:90:0E:40:AB:D8:66:64
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       018CC795219B955A6207DB6DF8A7083E98E8
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/rdGBxshekYdJ94UJZZAOQKvYZmQ.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6724
IP address blocks:        185.127.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:21:9b:95:5a:62:07:db:6d:f8:a7:08:3e:98:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=add181c6c85e918749f7850965900e40abd86664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:65:93:9d:20:8c:9d:2a:6e:89:a1:43:fd:8e:
                    d3:b5:68:65:f7:78:21:4c:8e:71:12:d5:ae:4a:7a:
                    38:6c:2e:06:3d:f5:14:1f:47:ab:6e:3b:27:d7:c1:
                    d8:2e:a0:05:c9:95:cb:f2:b9:81:78:70:e5:f6:64:
                    6b:7d:70:b2:b8:f5:e7:13:b6:4b:b5:9e:32:06:87:
                    83:24:80:92:43:5c:70:18:18:78:7d:67:41:77:41:
                    1a:5b:03:7f:18:35:1f:de:01:fc:52:d8:48:7b:8f:
                    8a:79:b8:3f:a8:99:a3:0c:74:4a:f2:8f:6a:5e:5f:
                    04:89:04:16:f6:db:3b:a3:2e:6a:7c:99:2e:5f:f7:
                    9e:93:ee:0e:43:8e:03:a2:77:e2:6e:b2:3f:ff:bb:
                    7b:31:a1:c8:ee:e2:00:81:d4:7a:4d:62:1f:e9:6a:
                    cc:f6:50:42:aa:a6:01:cd:61:0f:b3:df:4a:98:39:
                    5b:5f:2c:9c:06:97:07:72:11:9e:35:e4:bb:2e:88:
                    d5:bb:cd:88:ca:d2:af:42:79:51:b8:f9:44:cc:d1:
                    70:e1:14:a0:86:2d:17:87:40:c8:cc:7a:67:56:2d:
                    bd:e7:a4:ce:33:61:cc:9a:4d:a3:38:b4:21:82:ce:
                    af:61:3c:c3:65:96:57:99:8b:ae:bb:48:32:0a:ca:
                    ce:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D1:81:C6:C8:5E:91:87:49:F7:85:09:65:90:0E:40:AB:D8:66:64
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/rdGBxshekYdJ94UJZZAOQKvYZmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:40:fc:d5:7f:85:36:89:f7:e5:59:f7:83:a6:9d:c9:2f:a9:
         5d:0f:b1:60:7f:bb:b2:71:9a:fc:b8:a5:7d:cb:94:b3:82:18:
         4b:f7:0e:3a:98:cd:71:36:56:bf:72:fd:96:04:c3:14:da:4e:
         17:c6:7f:f1:1c:59:e1:eb:25:fb:da:ce:47:45:d9:d5:be:d9:
         be:1f:b7:7d:15:a0:93:e6:a9:e0:ac:8e:df:36:22:28:c4:48:
         8c:de:0c:dc:94:b3:32:f0:39:83:b8:9e:8c:99:5c:1e:5f:da:
         5b:e9:71:4a:44:43:45:84:91:c0:b8:c5:6e:be:ef:27:e9:84:
         1d:f0:f1:3d:48:77:56:6b:99:f8:5b:a3:1a:a6:65:43:e7:81:
         ef:e7:b8:6d:5d:d2:9c:20:2f:08:fd:82:3d:67:b4:71:61:c5:
         ef:09:d1:ac:68:f0:76:3c:a4:e4:6f:07:19:67:3a:86:68:a5:
         24:9e:c3:4c:dd:89:81:b3:0f:aa:d4:ea:a1:eb:2e:68:e6:ca:
         7d:ea:5f:e6:ca:f9:e3:70:5c:60:19:d3:6c:a0:e3:3b:c3:9e:
         19:6f:c3:f5:0a:4c:d2:97:d5:08:64:37:35:fd:e5:a5:65:ba:
         59:96:f7:46:30:8c:7f:c0:3a:24:7d:b5:4f:df:b1:19:1a:1c:
         75:37:27:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSGblVpiB9tt+KcIPpjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGIwZGNiNmFkMGNhODE2ZDJiZDIwNGUxM2YxZWFmMTEw
NDI3NGMwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQxODFjNmM4NWU5MTg3NDlmNzg1MDk2NTkwMGU0MGFiZDg2NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGWTnSCMnSpuiaFD/Y7TtWhl93gh
TI5xEtWuSno4bC4GPfUUH0erbjsn18HYLqAFyZXL8rmBeHDl9mRrfXCyuPXnE7ZL
tZ4yBoeDJICSQ1xwGBh4fWdBd0EaWwN/GDUf3gH8UthIe4+Kebg/qJmjDHRK8o9q
Xl8EiQQW9ts7oy5qfJkuX/eek+4OQ44DonfibrI//7t7MaHI7uIAgdR6TWIf6WrM
9lBCqqYBzWEPs99KmDlbXyycBpcHchGeNeS7LojVu82IytKvQnlRuPlEzNFw4RSg
hi0Xh0DIzHpnVi2956TOM2HMmk2jOLQhgs6vYTzDZZZXmYuuu0gyCsrO9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3RgcbIXpGHSfeFCWWQDkCr2GZkMB8GA1UdIwQY
MBaAFA4LDctq0MqBbSvSBOE/Hq8RBCdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMt
N2ZlMzk1MWE3MzViLzEvcmRHQnhzaGVrWWRKOTRVSlpaQU9RS3ZZWm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMtN2ZlMzk1MWE3MzVi
LzEvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX8eMA0G
CSqGSIb3DQEBCwUAA4IBAQCUQPzVf4U2ifflWfeDpp3JL6ldD7Fgf7uycZr8uKV9
y5SzghhL9w46mM1xNla/cv2WBMMU2k4Xxn/xHFnh6yX72s5HRdnVvtm+H7d9FaCT
5qngrI7fNiIoxEiM3gzclLMy8DmDuJ6MmVweX9pb6XFKRENFhJHAuMVuvu8n6YQd
8PE9SHdWa5n4W6MapmVD54Hv57htXdKcIC8I/YI9Z7RxYcXvCdGsaPB2PKTkbwcZ
ZzqGaKUknsNM3YmBsw+q1Oqh6y5o5sp96l/myvnjcFxgGdNsoOM7w54Zb8P1CkzS
l9UIZDc1/eWlZbpZlvdGMIx/wDokfbVP37EZGhx1NyeB
-----END CERTIFICATE-----