Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/dPO8KIWpIbuWOoVMz01WfhMGyjg.roa
File:                     dPO8KIWpIbuWOoVMz01WfhMGyjg.roa (raw, json)
Hash identifier:          W0sAIpeOczBt8Ho9DSv+D0Bnuxgt9hGmLyNMLWiqpas=
Subject key identifier:   74:F3:BC:28:85:A9:21:BB:96:3A:85:4C:CF:4D:56:7E:13:06:CA:38
Certificate issuer:       /CN=d959676fe138d4eb2aae19bb6731fee6292d793d
Certificate serial:       018CC86FCE6C11EAC2C5D27D74483CC46D84
Authority key identifier: D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/dPO8KIWpIbuWOoVMz01WfhMGyjg.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28931
IP address blocks:        185.103.188.0/22 maxlen: 23
                          2a00:f400::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ce:6c:11:ea:c2:c5:d2:7d:74:48:3c:c4:6d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d959676fe138d4eb2aae19bb6731fee6292d793d
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74f3bc2885a921bb963a854ccf4d567e1306ca38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0e:98:dd:5f:e5:90:b3:06:d4:75:8e:e5:58:
                    4a:5f:50:d7:b5:39:97:11:4d:46:23:78:ae:1d:0b:
                    c4:e4:c9:f1:a2:3e:f8:d0:c4:89:d0:1f:bf:6f:ef:
                    c4:19:49:17:f4:5a:e9:27:98:d0:a6:57:f9:0d:ef:
                    d3:5e:8d:92:0f:26:63:aa:57:a2:f0:3f:13:97:98:
                    82:63:0d:8b:30:ec:54:c8:1f:75:35:3e:26:07:38:
                    3d:7d:36:5c:c4:33:1f:2a:bb:2d:94:49:17:b7:dd:
                    b8:cd:06:9d:c0:30:ee:21:15:30:66:33:3d:6a:f1:
                    fb:ee:11:40:00:30:4f:73:c8:de:5b:2c:38:ef:2b:
                    b8:8c:6b:24:58:da:3a:58:63:04:40:ca:a9:71:76:
                    27:72:f6:0f:be:e0:ad:73:cd:0a:2f:93:8c:db:2a:
                    63:e2:a7:a9:69:42:a8:c4:47:d2:be:53:f5:9c:6c:
                    5c:00:1d:76:7b:72:ad:70:00:74:48:c5:96:b4:73:
                    cd:04:79:0e:64:b5:03:4e:76:76:ef:74:cb:6b:58:
                    92:d1:59:57:b1:c3:2d:4a:c7:51:05:15:00:3e:7a:
                    08:c8:7c:7c:bd:b1:d3:ee:d5:17:6a:4b:d5:65:52:
                    d6:72:17:83:ca:32:c5:8c:00:7c:0d:84:43:ed:11:
                    5a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F3:BC:28:85:A9:21:BB:96:3A:85:4C:CF:4D:56:7E:13:06:CA:38
            X509v3 Authority Key Identifier:
                keyid:D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/dPO8KIWpIbuWOoVMz01WfhMGyjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.188.0/22
                IPv6:
                  2a00:f400::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:9e:99:fb:27:1c:a7:66:e1:26:b8:ed:a2:7b:06:ad:1c:f5:
         57:c6:c6:30:9c:c7:d7:2a:1b:a4:a5:08:21:20:32:44:0e:25:
         54:33:b7:69:ee:dd:10:b1:51:00:2f:67:e7:87:7c:84:fb:35:
         6d:75:af:b0:62:18:7b:45:35:da:df:8d:1f:30:b1:f2:14:af:
         ea:00:f2:38:e1:1d:57:03:a7:7d:42:4a:41:98:5a:eb:f3:a1:
         81:a8:b0:2d:c6:a2:8e:46:be:88:f9:a3:1f:18:8b:71:38:c8:
         b7:1b:9f:2f:65:36:92:19:72:2f:72:bc:b2:97:4b:a8:88:49:
         f0:c4:3a:3b:df:99:a3:f5:58:f2:13:70:64:24:aa:d3:0b:d4:
         5e:7f:1c:53:5d:59:48:16:6e:38:49:33:d9:67:c3:a3:a2:7f:
         d3:c2:54:30:21:a2:52:19:04:8d:97:73:fe:23:f3:8e:12:82:
         ac:5d:eb:ea:36:ec:bc:e2:1f:d8:7e:6b:d0:0d:05:61:2a:2d:
         ed:b7:0d:e1:4d:fe:d9:d3:1e:50:33:14:08:cc:08:81:52:b7:
         2b:5a:dd:49:4f:7a:06:e1:3a:84:68:ef:2b:a8:25:65:97:a3:
         0f:c3:3f:c4:ea:1a:01:f3:fa:e0:ed:e1:5a:23:dc:10:5e:3f:
         5a:63:bc:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb85sEerCxdJ9dEg8xG2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTk2NzZmZTEzOGQ0ZWIyYWFlMTliYjY3MzFmZWU2Mjky
ZDc5M2QwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGYzYmMyODg1YTkyMWJiOTYzYTg1NGNjZjRkNTY3ZTEzMDZjYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q6Y3V/lkLMG1HWO5VhKX1DXtTmX
EU1GI3iuHQvE5Mnxoj740MSJ0B+/b+/EGUkX9FrpJ5jQplf5De/TXo2SDyZjqlei
8D8Tl5iCYw2LMOxUyB91NT4mBzg9fTZcxDMfKrstlEkXt924zQadwDDuIRUwZjM9
avH77hFAADBPc8jeWyw47yu4jGskWNo6WGMEQMqpcXYncvYPvuCtc80KL5OM2ypj
4qepaUKoxEfSvlP1nGxcAB12e3KtcAB0SMWWtHPNBHkOZLUDTnZ273TLa1iS0VlX
scMtSsdRBRUAPnoIyHx8vbHT7tUXakvVZVLWcheDyjLFjAB8DYRD7RFa/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHTzvCiFqSG7ljqFTM9NVn4TBso4MB8GA1UdIwQY
MBaAFNlZZ2/hONTrKq4Zu2cx/uYpLXk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEt
NGM3NGQzMzJlYTU4LzEvZFBPOEtJV3BJYnVXT29WTXowMVdmaE1HeWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEtNGM3NGQzMzJlYTU4
LzEvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWe8MA0E
AgACMAcDBQAqAPQAMA0GCSqGSIb3DQEBCwUAA4IBAQCHnpn7JxynZuEmuO2iewat
HPVXxsYwnMfXKhukpQghIDJEDiVUM7dp7t0QsVEAL2fnh3yE+zVtda+wYhh7RTXa
340fMLHyFK/qAPI44R1XA6d9QkpBmFrr86GBqLAtxqKORr6I+aMfGItxOMi3G58v
ZTaSGXIvcryyl0uoiEnwxDo735mj9VjyE3BkJKrTC9RefxxTXVlIFm44STPZZ8Oj
on/TwlQwIaJSGQSNl3P+I/OOEoKsXevqNuy84h/YfmvQDQVhKi3ttw3hTf7Z0x5Q
MxQIzAiBUrcrWt1JT3oG4TqEaO8rqCVll6MPwz/E6hoB8/rg7eFaI9wQXj9aY7wr
-----END CERTIFICATE-----