Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/0LAAzjVpkFF8g1luipuyKC7tmPI.roa
File:                     0LAAzjVpkFF8g1luipuyKC7tmPI.roa (raw, json)
Hash identifier:          H3iefpYfTYUDiSMZDCw04IN6h02NhhRaXWBf7wTuWEk=
Subject key identifier:   D0:B0:00:CE:35:69:90:51:7C:83:59:6E:8A:9B:B2:28:2E:ED:98:F2
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       018CC56E1FF4EC7C28D3B0B3FC959006B009
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/0LAAzjVpkFF8g1luipuyKC7tmPI.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208229
IP address blocks:        185.250.196.0/23 maxlen: 23
                          89.29.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1f:f4:ec:7c:28:d3:b0:b3:fc:95:90:06:b0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0b000ce356990517c83596e8a9bb2282eed98f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:15:46:d7:1e:7f:9d:cb:a5:29:54:b2:60:05:
                    89:5c:21:e6:12:ed:6a:fb:d0:36:dd:fe:0c:21:eb:
                    31:8b:3d:82:b5:a7:ee:64:d1:2a:6c:be:69:c2:55:
                    e2:d0:ec:b5:55:7b:8d:e8:91:39:f4:6b:37:f4:be:
                    ce:76:35:1d:5e:6d:c5:10:46:90:fb:ab:3d:88:03:
                    08:65:8d:d2:07:36:cc:8b:d7:dd:c1:02:e2:e2:25:
                    4e:0f:c8:56:67:51:f7:d8:1e:82:c4:6d:c8:fd:0e:
                    f4:ee:82:57:71:24:28:81:c1:72:fa:25:63:5a:3b:
                    9d:63:06:42:9a:a6:5f:63:f1:5d:a3:05:db:01:c5:
                    40:20:9e:80:e0:b8:fb:c9:35:61:da:53:59:ef:82:
                    4f:3d:4a:31:21:5d:d9:c6:9a:3e:9d:95:0c:db:5d:
                    41:c5:06:cf:7b:ab:17:e0:0e:36:a1:e5:9b:1a:d5:
                    19:f6:45:20:63:43:e8:a7:74:c7:f3:fc:ee:53:aa:
                    72:d7:1d:2c:40:f0:b3:47:7e:14:1b:65:ef:66:ca:
                    df:fd:bd:55:52:2c:59:6c:ca:d4:40:e5:74:b3:7c:
                    b7:9d:ea:6c:27:4d:7d:a0:f1:0e:77:b7:88:cd:b3:
                    d0:2c:5d:88:02:58:4f:3b:1b:b8:8e:a6:48:00:dd:
                    81:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B0:00:CE:35:69:90:51:7C:83:59:6E:8A:9B:B2:28:2E:ED:98:F2
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/0LAAzjVpkFF8g1luipuyKC7tmPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.250.0/23
                  185.250.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:8b:6c:89:70:f6:07:87:5e:31:31:8a:7b:95:fd:52:e1:73:
         57:19:90:76:be:92:65:e4:c5:49:ba:9e:dd:2a:fa:9f:a8:9f:
         06:60:6b:ab:8d:ab:04:b9:79:aa:74:90:29:f3:6f:5d:aa:3f:
         39:22:65:b0:0d:f1:16:62:51:f8:df:70:5b:44:02:aa:a4:d7:
         ae:68:9d:d6:ee:1f:15:58:20:9a:73:f2:e4:df:b8:d6:86:4c:
         2e:61:77:d0:31:4c:3c:8b:df:7f:61:51:62:ba:14:37:cc:20:
         59:41:41:56:62:3d:50:0d:85:bc:d6:36:fa:8d:d7:92:c7:0b:
         c7:79:d3:7d:63:3e:df:09:b8:a9:b8:9d:ea:7e:fa:8c:af:e5:
         c6:d9:e0:60:c8:38:6e:01:d5:04:9d:b7:cc:a2:6d:a5:da:0e:
         54:43:5d:93:1c:ba:e3:c9:7c:78:08:bb:ef:e3:43:85:97:4a:
         0c:99:f2:ff:aa:16:11:72:c7:cd:21:89:4d:76:51:61:b5:33:
         a0:48:f0:b5:36:0a:5b:11:c1:f8:78:b5:a7:36:4d:13:88:8b:
         5d:a4:64:95:b5:f6:9b:91:78:a2:42:f6:1d:79:d9:b7:a6:c5:
         1a:89:b3:b2:24:bd:90:fb:82:b0:39:4a:e1:06:05:f3:f1:98:
         34:36:b1:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbh/07Hwo07Cz/JWQBrAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGIwMDBjZTM1Njk5MDUxN2M4MzU5NmU4YTliYjIyODJlZWQ5OGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRVG1x5/nculKVSyYAWJXCHmEu1q
+9A23f4MIesxiz2CtafuZNEqbL5pwlXi0Oy1VXuN6JE59Gs39L7OdjUdXm3FEEaQ
+6s9iAMIZY3SBzbMi9fdwQLi4iVOD8hWZ1H32B6CxG3I/Q707oJXcSQogcFy+iVj
WjudYwZCmqZfY/FdowXbAcVAIJ6A4Lj7yTVh2lNZ74JPPUoxIV3Zxpo+nZUM211B
xQbPe6sX4A42oeWbGtUZ9kUgY0Pop3TH8/zuU6py1x0sQPCzR34UG2XvZsrf/b1V
UixZbMrUQOV0s3y3nepsJ019oPEOd7eIzbPQLF2IAlhPOxu4jqZIAN2BBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNCwAM41aZBRfINZboqbsigu7ZjyMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvMExBQXpqVnBrRkY4ZzFsdWlwdXlLQzd0bVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWR36AwQB
ufrEMA0GCSqGSIb3DQEBCwUAA4IBAQCZi2yJcPYHh14xMYp7lf1S4XNXGZB2vpJl
5MVJup7dKvqfqJ8GYGurjasEuXmqdJAp829dqj85ImWwDfEWYlH433BbRAKqpNeu
aJ3W7h8VWCCac/Lk37jWhkwuYXfQMUw8i99/YVFiuhQ3zCBZQUFWYj1QDYW81jb6
jdeSxwvHedN9Yz7fCbipuJ3qfvqMr+XG2eBgyDhuAdUEnbfMom2l2g5UQ12THLrj
yXx4CLvv40OFl0oMmfL/qhYRcsfNIYlNdlFhtTOgSPC1NgpbEcH4eLWnNk0TiItd
pGSVtfabkXiiQvYdedm3psUaibOyJL2Q+4KwOUrhBgXz8Zg0NrGf
-----END CERTIFICATE-----