Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/PrLKGJObgxpdrSdqo6xtoQzwtjM.roa
File:                     PrLKGJObgxpdrSdqo6xtoQzwtjM.roa (raw, json)
Hash identifier:          wPNmU1jzga8lQhWb+ByOTIuOX07Xd64xG92XyjWV/6I=
Subject key identifier:   3E:B2:CA:18:93:9B:83:1A:5D:AD:27:6A:A3:AC:6D:A1:0C:F0:B6:33
Certificate issuer:       /CN=dac4cb51150802a4018cc256ad29f54720675ed5
Certificate serial:       018CC801393E9B2602085BAC50563A8D8D4D
Authority key identifier: DA:C4:CB:51:15:08:02:A4:01:8C:C2:56:AD:29:F5:47:20:67:5E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/PrLKGJObgxpdrSdqo6xtoQzwtjM.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211457
IP address blocks:        185.218.105.0/24 maxlen: 24
                          2a10:d3c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:39:3e:9b:26:02:08:5b:ac:50:56:3a:8d:8d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac4cb51150802a4018cc256ad29f54720675ed5
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3eb2ca18939b831a5dad276aa3ac6da10cf0b633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:8e:f1:dc:bd:05:b2:29:0d:77:76:82:ef:
                    25:50:87:b8:d7:e3:48:61:c9:2d:58:aa:72:79:13:
                    22:9c:be:b3:e7:8e:e4:bf:6c:eb:d4:37:b1:6c:97:
                    ae:64:ad:49:ee:6e:fa:00:50:54:91:60:41:98:a5:
                    f2:78:48:80:32:a2:af:a2:66:43:7b:48:7d:83:e1:
                    1d:09:fa:b4:16:97:47:66:31:09:b9:92:7c:9d:45:
                    c1:4f:fe:cd:f1:24:66:6c:3d:2e:b9:43:fa:b1:4a:
                    b9:2b:7e:78:d2:ec:e3:0e:fa:c5:ea:4e:91:41:60:
                    ff:7e:4e:c3:39:22:10:9a:c4:cb:85:a5:37:46:05:
                    6c:0d:a2:99:b7:70:f4:f9:58:0b:58:4d:72:06:81:
                    7d:e5:ba:9d:76:e7:92:cb:c4:c2:d1:82:e9:35:04:
                    f6:4d:39:37:4c:bd:c9:53:88:e0:2d:3d:10:22:eb:
                    0f:90:c8:77:0d:51:c2:29:6a:48:bb:0f:2b:5f:23:
                    63:c0:93:ff:d3:65:b8:53:bf:e8:ef:6e:f4:27:4d:
                    29:b8:64:00:44:57:4e:20:04:4d:b9:d5:ca:8e:6f:
                    a1:59:dc:f6:fe:f3:4d:08:5d:8f:77:d7:4b:d7:f5:
                    07:b7:57:39:b8:b4:86:7e:4e:96:5c:cc:61:bd:5c:
                    34:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B2:CA:18:93:9B:83:1A:5D:AD:27:6A:A3:AC:6D:A1:0C:F0:B6:33
            X509v3 Authority Key Identifier:
                keyid:DA:C4:CB:51:15:08:02:A4:01:8C:C2:56:AD:29:F5:47:20:67:5E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/PrLKGJObgxpdrSdqo6xtoQzwtjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.105.0/24
                IPv6:
                  2a10:d3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:79:b0:ef:9f:cb:fe:b7:48:b1:c8:61:38:33:23:53:97:f0:
         12:ae:7d:6f:de:d0:c7:e5:83:47:34:b8:b8:a6:01:85:9c:e1:
         f2:92:69:04:38:0f:a4:09:39:db:6b:f0:02:2b:c5:e5:2d:93:
         47:53:e7:62:9f:ef:b6:9c:25:95:8f:66:32:6f:e2:dc:ab:d0:
         63:80:15:de:47:18:9f:ff:f8:5e:52:50:03:80:10:ac:02:d2:
         a7:20:87:84:fb:f2:b7:b5:a8:72:73:08:0e:ef:5d:1d:d3:99:
         a9:84:30:e1:df:40:b6:ae:8a:22:11:5b:12:d7:01:c0:d6:44:
         51:f6:37:95:73:0b:6b:bc:b1:c5:d2:de:93:e6:d7:44:74:ff:
         64:41:f0:c4:24:a4:ef:fa:10:93:2f:0c:3f:15:f2:27:d9:a9:
         3c:38:71:83:a5:82:9f:f2:71:a0:ac:88:17:4b:96:0c:ad:67:
         23:7b:45:47:59:a1:1d:7c:4b:8a:df:f2:66:b6:41:fc:fb:55:
         6c:26:39:25:6c:39:9b:61:7b:1e:d0:34:74:f3:10:f6:db:a6:
         4f:84:e4:35:5a:75:2e:63:24:80:7e:ad:40:de:d3:d6:c5:34:
         c1:dd:61:11:c4:4e:23:fd:ac:76:0f:46:8d:bb:38:7c:34:5f:
         50:47:d8:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIATk+myYCCFusUFY6jY1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzRjYjUxMTUwODAyYTQwMThjYzI1NmFkMjlmNTQ3MjA2
NzVlZDUwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIyY2ExODkzOWI4MzFhNWRhZDI3NmFhM2FjNmRhMTBjZjBiNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwuO8dy9BbIpDXd2gu8lUIe41+NI
YcktWKpyeRMinL6z547kv2zr1DexbJeuZK1J7m76AFBUkWBBmKXyeEiAMqKvomZD
e0h9g+EdCfq0FpdHZjEJuZJ8nUXBT/7N8SRmbD0uuUP6sUq5K3540uzjDvrF6k6R
QWD/fk7DOSIQmsTLhaU3RgVsDaKZt3D0+VgLWE1yBoF95bqddueSy8TC0YLpNQT2
TTk3TL3JU4jgLT0QIusPkMh3DVHCKWpIuw8rXyNjwJP/02W4U7/o7270J00puGQA
RFdOIARNudXKjm+hWdz2/vNNCF2Pd9dL1/UHt1c5uLSGfk6WXMxhvVw0JQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD6yyhiTm4MaXa0naqOsbaEM8LYzMB8GA1UdIwQY
MBaAFNrEy1EVCAKkAYzCVq0p9UcgZ17VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNUTFVSVUlBcVFCak1KV3JTbjFSeUJuWHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zNmU4MzgtMWJiZi00Y2MwLWI1ZGEt
NDE4MGY5ZTMwOTQ1LzEvUHJMS0dKT2JneHBkclNkcW82eHRvUXp3dGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zNmU4MzgtMWJiZi00Y2MwLWI1ZGEtNDE4MGY5ZTMwOTQ1
LzEvMnNUTFVSVUlBcVFCak1KV3JTbjFSeUJuWHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudppMA0E
AgACMAcDBQMqENPAMA0GCSqGSIb3DQEBCwUAA4IBAQCuebDvn8v+t0ixyGE4MyNT
l/ASrn1v3tDH5YNHNLi4pgGFnOHykmkEOA+kCTnba/ACK8XlLZNHU+din++2nCWV
j2Yyb+Lcq9BjgBXeRxif//heUlADgBCsAtKnIIeE+/K3tahycwgO710d05mphDDh
30C2rooiEVsS1wHA1kRR9jeVcwtrvLHF0t6T5tdEdP9kQfDEJKTv+hCTLww/FfIn
2ak8OHGDpYKf8nGgrIgXS5YMrWcje0VHWaEdfEuK3/JmtkH8+1VsJjklbDmbYXse
0DR08xD226ZPhOQ1WnUuYySAfq1A3tPWxTTB3WERxE4j/ax2D0aNuzh8NF9QR9hk
-----END CERTIFICATE-----