Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/KEuqI5HOdYyE5iOu9j6lBp-_GJs.roa
File:                     KEuqI5HOdYyE5iOu9j6lBp-_GJs.roa (raw, json)
Hash identifier:          Pe2i8hPsFnHK6/V7sLunFlz+n3D9GQUCx7R6inr53mg=
Subject key identifier:   28:4B:AA:23:91:CE:75:8C:84:E6:23:AE:F6:3E:A5:06:9F:BF:18:9B
Certificate issuer:       /CN=cebf65e0069dbcc76b7b556e8c1d705889df27e9
Certificate serial:       018CC7956507AF73C32CFF77E823DD1A68C2
Authority key identifier: CE:BF:65:E0:06:9D:BC:C7:6B:7B:55:6E:8C:1D:70:58:89:DF:27:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/KEuqI5HOdYyE5iOu9j6lBp-_GJs.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        185.119.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:65:07:af:73:c3:2c:ff:77:e8:23:dd:1a:68:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cebf65e0069dbcc76b7b556e8c1d705889df27e9
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=284baa2391ce758c84e623aef63ea5069fbf189b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:02:2f:04:77:4d:94:99:80:ce:0c:11:10:36:
                    11:15:ef:45:75:d3:7d:51:7e:f5:ba:67:cc:86:db:
                    c1:0f:93:81:07:fc:a1:dc:51:57:7e:ba:81:d0:89:
                    ae:fe:70:92:d7:9a:4f:e1:74:aa:0c:ef:58:77:79:
                    93:8e:e0:21:b5:cd:7a:de:b8:1f:c8:81:93:8e:e5:
                    2a:73:3f:c9:aa:dc:71:45:0b:91:7e:ab:be:3e:0c:
                    b7:9f:e5:61:68:35:c1:2e:31:d8:ef:d0:1b:69:25:
                    25:8d:5d:5a:81:cd:3f:55:5f:77:d0:33:9f:88:09:
                    8a:8f:7a:b9:46:dd:6b:c4:4f:93:0f:f7:77:4f:9a:
                    f3:fa:9f:c5:ce:08:2e:fc:43:09:2c:80:85:8a:84:
                    96:eb:33:da:ed:0b:ce:2c:c6:ef:34:b0:9f:4b:8e:
                    dd:d6:5c:54:89:2d:0d:fe:a5:30:4b:7a:c1:ed:cd:
                    1f:4b:d8:b8:59:19:26:dd:ef:bd:f1:66:bc:62:e5:
                    36:be:d8:49:b9:87:84:57:5b:c3:bd:51:47:77:50:
                    d5:19:2c:82:ec:e7:c7:a4:1d:47:26:5f:d7:a5:0f:
                    4d:54:17:4a:30:32:7b:eb:48:8d:d2:82:64:b3:d4:
                    23:bb:15:f4:6e:32:52:27:c4:25:d3:21:b9:60:73:
                    ca:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4B:AA:23:91:CE:75:8C:84:E6:23:AE:F6:3E:A5:06:9F:BF:18:9B
            X509v3 Authority Key Identifier:
                keyid:CE:BF:65:E0:06:9D:BC:C7:6B:7B:55:6E:8C:1D:70:58:89:DF:27:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zr9l4AadvMdre1VujB1wWInfJ-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/KEuqI5HOdYyE5iOu9j6lBp-_GJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ead79a-d8a1-4e87-bacf-23ba4a91a105/1/zr9l4AadvMdre1VujB1wWInfJ-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e4:73:92:cd:b8:23:d5:2f:d8:ed:36:d0:da:36:59:1b:2d:
         f9:f0:d4:52:3d:78:06:00:78:7e:34:3c:bc:07:a2:a3:2e:01:
         60:35:73:56:da:fe:21:fe:de:af:37:d5:d1:a2:e6:df:ed:a8:
         3f:1e:7e:69:53:b1:58:21:22:bf:82:fe:a9:c4:d9:ec:d0:6f:
         05:de:c7:4c:ff:c5:09:d9:3e:f5:da:5a:28:3d:29:3c:2f:52:
         74:71:c9:fb:4e:16:52:cb:23:17:6c:d1:9a:e7:b8:00:71:62:
         2f:df:aa:41:ab:88:7f:02:6b:e4:30:69:f2:71:ff:ea:11:05:
         8f:61:56:81:05:5b:9e:36:11:05:3c:f1:13:02:8b:a0:64:bc:
         ed:76:ed:6f:8a:1d:ee:2b:37:be:c7:f7:ac:d5:5b:a3:24:89:
         6d:24:9b:bb:b5:2f:a6:db:0c:29:c7:b7:f8:c4:14:87:30:2d:
         53:0a:ba:24:6f:8b:53:6c:3f:ca:f3:3c:42:bb:d8:b0:61:7d:
         1a:ac:2c:30:03:4b:65:d2:1e:3b:86:26:5c:af:4b:23:bb:38:
         2a:6d:e3:2a:ea:70:bf:29:5e:ad:6c:2b:3c:2a:32:c2:a5:de:
         fe:45:a6:26:7c:40:a0:93:cc:c6:c3:c3:1d:5a:84:41:70:e8:
         9e:16:3e:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWUHr3PDLP936CPdGmjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYmY2NWUwMDY5ZGJjYzc2YjdiNTU2ZThjMWQ3MDU4ODlk
ZjI3ZTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODRiYWEyMzkxY2U3NThjODRlNjIzYWVmNjNlYTUwNjlmYmYxODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwIvBHdNlJmAzgwREDYRFe9FddN9
UX71umfMhtvBD5OBB/yh3FFXfrqB0Imu/nCS15pP4XSqDO9Yd3mTjuAhtc163rgf
yIGTjuUqcz/JqtxxRQuRfqu+Pgy3n+VhaDXBLjHY79AbaSUljV1agc0/VV930DOf
iAmKj3q5Rt1rxE+TD/d3T5rz+p/Fzggu/EMJLICFioSW6zPa7QvOLMbvNLCfS47d
1lxUiS0N/qUwS3rB7c0fS9i4WRkm3e+98Wa8YuU2vthJuYeEV1vDvVFHd1DVGSyC
7OfHpB1HJl/XpQ9NVBdKMDJ760iN0oJks9QjuxX0bjJSJ8Ql0yG5YHPKFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChLqiORznWMhOYjrvY+pQafvxibMB8GA1UdIwQY
MBaAFM6/ZeAGnbzHa3tVbowdcFiJ3yfpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenI5bDRBYWR2TWRyZTFWdWpCMXdXSW5mSi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lYWQ3OWEtZDhhMS00ZTg3LWJhY2Yt
MjNiYTRhOTFhMTA1LzEvS0V1cUk1SE9kWXlFNWlPdTlqNmxCcC1fR0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lYWQ3OWEtZDhhMS00ZTg3LWJhY2YtMjNiYTRhOTFhMTA1
LzEvenI5bDRBYWR2TWRyZTFWdWpCMXdXSW5mSi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXduMA0G
CSqGSIb3DQEBCwUAA4IBAQCg5HOSzbgj1S/Y7TbQ2jZZGy358NRSPXgGAHh+NDy8
B6KjLgFgNXNW2v4h/t6vN9XRoubf7ag/Hn5pU7FYISK/gv6pxNns0G8F3sdM/8UJ
2T712looPSk8L1J0ccn7ThZSyyMXbNGa57gAcWIv36pBq4h/AmvkMGnycf/qEQWP
YVaBBVueNhEFPPETAougZLztdu1vih3uKze+x/es1VujJIltJJu7tS+m2wwpx7f4
xBSHMC1TCrokb4tTbD/K8zxCu9iwYX0arCwwA0tl0h47hiZcr0sjuzgqbeMq6nC/
KV6tbCs8KjLCpd7+RaYmfECgk8zGw8MdWoRBcOieFj6f
-----END CERTIFICATE-----