Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/OwdGZ1AgjDFGCReMkA1z7YNmB6U.roa
File:                     OwdGZ1AgjDFGCReMkA1z7YNmB6U.roa (raw, json)
Hash identifier:          Bb/ivuP+adqpzsV0MXjT8YP9ajM7ZwSlLveu3KhabUo=
Subject key identifier:   3B:07:46:67:50:20:8C:31:46:09:17:8C:90:0D:73:ED:83:66:07:A5
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       019421B1ABFFB81EB61D06C5864B91DFD13C
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/OwdGZ1AgjDFGCReMkA1z7YNmB6U.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        185.232.18.0/24 maxlen: 24
                          185.232.19.0/24 maxlen: 24
                          185.246.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ab:ff:b8:1e:b6:1d:06:c5:86:4b:91:df:d1:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b07466750208c314609178c900d73ed836607a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5d:10:3c:e7:fb:cc:51:68:4b:13:a4:ab:14:
                    7b:eb:fb:e5:e1:b7:e8:ba:d4:56:ba:2f:20:69:24:
                    55:83:6b:aa:db:96:62:b1:22:7f:a4:e5:aa:04:c5:
                    54:c8:59:27:c4:29:45:49:e2:93:c1:79:e3:c7:84:
                    d1:42:87:1d:af:26:8b:37:22:1e:12:83:de:40:5a:
                    73:85:ef:43:b9:b9:b8:ee:71:08:88:9f:df:b0:06:
                    8e:05:d7:a4:2d:9b:67:bb:8c:7e:78:32:30:f3:26:
                    02:7b:54:78:06:c6:8f:54:5a:e8:aa:fb:73:0d:89:
                    c7:03:7b:62:7c:38:3c:a5:06:81:8e:8c:43:0a:23:
                    fd:90:6a:46:db:57:7c:75:f3:90:a8:87:14:93:e7:
                    b4:81:22:70:be:2e:6a:d1:4b:81:7d:d2:74:6c:f5:
                    09:b0:ee:98:dc:24:15:ac:fe:97:67:be:84:f7:51:
                    4c:73:ca:48:50:5c:28:71:ba:c5:17:03:ee:3e:92:
                    15:60:cf:61:f7:fb:80:7c:64:55:13:6a:19:17:6f:
                    14:72:26:e3:c0:61:56:b1:df:9d:94:3a:38:f9:9d:
                    6c:f3:13:b7:b2:6c:bf:7c:02:54:16:3e:3d:6b:44:
                    42:e1:a0:3a:97:ae:3e:84:12:7b:ce:15:5e:e7:bb:
                    a4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:07:46:67:50:20:8C:31:46:09:17:8C:90:0D:73:ED:83:66:07:A5
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/OwdGZ1AgjDFGCReMkA1z7YNmB6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.18.0/23
                  185.246.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:76:93:8c:a5:bf:c4:a0:d5:ef:05:1f:50:c4:5c:f2:25:a8:
         7b:c6:73:43:73:35:73:b2:20:10:65:a5:ef:66:de:74:fe:68:
         cf:d5:4b:42:67:5e:e1:e2:1f:90:a3:78:12:dd:06:43:9a:13:
         fb:54:3e:34:ca:a8:fe:72:9b:82:e7:91:b7:d9:ae:c3:04:a8:
         9b:0e:96:79:65:f2:ae:3b:40:94:48:52:11:31:f4:f0:2e:7a:
         91:06:fb:9b:18:19:e0:e2:34:06:96:fd:c1:36:d3:e4:9d:58:
         07:ee:8e:19:59:25:2a:07:4e:f6:44:b3:0d:77:10:a1:f0:a5:
         6f:af:47:55:a5:49:c8:32:75:cf:94:3e:b6:07:a4:01:dc:12:
         13:2f:38:c8:cd:8c:3a:58:26:34:b4:84:c3:23:69:27:db:9c:
         7c:9d:c4:1c:e7:c4:f3:57:16:2d:77:42:27:55:a6:85:2b:6b:
         91:63:ef:7f:66:24:39:34:94:92:17:ce:b0:23:ef:f0:38:b7:
         8a:e6:96:a2:05:8a:2c:76:ca:a4:f2:48:2a:86:a5:9b:99:1d:
         76:71:32:eb:70:fb:64:e8:e2:97:58:3a:1e:cb:b2:8e:38:1b:
         bd:5f:d1:b8:7b:1e:d2:35:0e:3d:75:72:07:df:aa:a5:0c:46:
         b7:c3:a9:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsav/uB62HQbFhkuR39E8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjA3NDY2NzUwMjA4YzMxNDYwOTE3OGM5MDBkNzNlZDgzNjYwN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyl0QPOf7zFFoSxOkqxR76/vl4bfo
utRWui8gaSRVg2uq25ZisSJ/pOWqBMVUyFknxClFSeKTwXnjx4TRQocdryaLNyIe
EoPeQFpzhe9Dubm47nEIiJ/fsAaOBdekLZtnu4x+eDIw8yYCe1R4BsaPVFroqvtz
DYnHA3tifDg8pQaBjoxDCiP9kGpG21d8dfOQqIcUk+e0gSJwvi5q0UuBfdJ0bPUJ
sO6Y3CQVrP6XZ76E91FMc8pIUFwocbrFFwPuPpIVYM9h9/uAfGRVE2oZF28Ucibj
wGFWsd+dlDo4+Z1s8xO3smy/fAJUFj49a0RC4aA6l64+hBJ7zhVe57ukGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDsHRmdQIIwxRgkXjJANc+2DZgelMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvT3dkR1oxQWdqREZHQ1JlTWtBMXo3WU5tQjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuegSAwQA
ufbYMA0GCSqGSIb3DQEBCwUAA4IBAQBedpOMpb/EoNXvBR9QxFzyJah7xnNDczVz
siAQZaXvZt50/mjP1UtCZ17h4h+Qo3gS3QZDmhP7VD40yqj+cpuC55G32a7DBKib
DpZ5ZfKuO0CUSFIRMfTwLnqRBvubGBng4jQGlv3BNtPknVgH7o4ZWSUqB072RLMN
dxCh8KVvr0dVpUnIMnXPlD62B6QB3BITLzjIzYw6WCY0tITDI2kn25x8ncQc58Tz
VxYtd0InVaaFK2uRY+9/ZiQ5NJSSF86wI+/wOLeK5paiBYosdsqk8kgqhqWbmR12
cTLrcPtk6OKXWDoey7KOOBu9X9G4ex7SNQ49dXIH36qlDEa3w6nq
-----END CERTIFICATE-----