Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2x0yUz4RIlAVTd1sznaZxEF5LmI.roa
File:                     2x0yUz4RIlAVTd1sznaZxEF5LmI.roa (raw, json)
Hash identifier:          WON5OkbnFf6rxos6cXmMEZGF2zgyDXjZBPzUZ2IcXFw=
Subject key identifier:   DB:1D:32:53:3E:11:22:50:15:4D:DD:6C:CE:76:99:C4:41:79:2E:62
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1561037306E3EAEF5B914D55160E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2x0yUz4RIlAVTd1sznaZxEF5LmI.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202813
IP address blocks:        185.28.48.0/24 maxlen: 24
                          185.242.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:15:61:03:73:06:e3:ea:ef:5b:91:4d:55:16:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db1d32533e112250154ddd6cce7699c441792e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:47:53:77:2d:09:14:43:81:15:3c:8c:b1:c4:
                    1a:56:5a:62:a5:32:cd:2b:1a:06:54:5c:19:e3:ed:
                    3c:93:a9:85:e4:cd:58:eb:b4:fe:9d:88:8a:f1:e5:
                    2b:ff:9f:77:15:e7:8e:a1:81:9d:a6:ce:b6:dd:a1:
                    99:e1:2f:51:83:e7:8f:3d:b3:37:66:3e:bd:a0:f8:
                    d4:95:5d:81:b9:02:e1:de:4e:26:f8:9e:06:28:ab:
                    d4:28:35:9c:6a:da:94:8d:b4:d4:be:ee:fb:a5:11:
                    19:a9:2d:26:77:30:1d:83:aa:87:18:64:25:64:bd:
                    1b:a3:77:e5:39:98:64:d4:7a:6f:71:c4:ed:4a:6a:
                    a5:e8:c6:25:ad:63:ae:da:5e:c9:9d:42:a4:bd:cf:
                    e3:96:70:a3:70:61:0c:d7:60:ef:39:d4:b0:a8:71:
                    c5:88:21:e9:fa:61:d6:8b:c9:92:6a:40:26:fe:56:
                    a2:36:57:b3:22:e2:19:33:84:80:ff:36:29:1b:68:
                    35:cc:69:d0:a8:f1:aa:2a:dd:e5:9d:02:f0:8d:74:
                    69:26:eb:dc:0f:98:1d:23:be:91:2d:e2:69:cc:f0:
                    ef:82:20:5a:c6:89:40:b9:ef:d4:26:55:89:16:ba:
                    a9:16:02:f9:40:37:30:50:49:4c:b2:a4:a0:10:98:
                    17:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1D:32:53:3E:11:22:50:15:4D:DD:6C:CE:76:99:C4:41:79:2E:62
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2x0yUz4RIlAVTd1sznaZxEF5LmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.48.0/24
                  185.242.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a4:fe:01:d6:0c:a2:e4:72:0a:b8:ba:e5:73:ca:a3:0b:eb:
         f7:5c:9d:ee:ad:d7:62:94:b6:07:0e:79:ab:c6:66:d7:fb:a4:
         6b:7e:e5:d6:8f:14:9f:a3:98:d5:1f:d9:d2:c4:ad:1b:02:88:
         8d:73:fe:48:4f:8b:49:86:a3:93:5a:3f:0b:4d:a4:b8:a4:5f:
         f6:34:7c:22:f4:74:fa:cd:e7:5b:8a:7e:9f:8c:45:65:e7:6c:
         fb:8a:b0:47:fc:88:ca:a2:c0:ad:a8:60:e4:56:52:35:8b:25:
         93:cf:34:20:09:22:af:23:ec:76:6f:86:c9:2a:c0:e3:5d:14:
         d8:0a:93:36:16:e0:f6:ba:3f:a4:10:51:57:53:4d:b0:90:77:
         77:73:70:89:cb:90:4d:5a:ce:9e:db:b2:ce:97:f6:bf:b4:8a:
         0e:76:c1:d7:9f:9b:ab:5e:9e:ee:ac:5d:a4:54:e1:cb:11:7f:
         f4:bf:1d:b1:01:87:62:e4:70:17:64:e4:fe:0a:4a:07:ed:b2:
         bc:ae:02:a9:ea:9f:c3:26:2c:bb:4b:67:4a:1a:54:bb:28:2f:
         e5:ef:ef:10:6a:92:13:f9:e8:ce:e2:3b:6f:7b:96:4f:cf:ff:
         c2:4e:ab:2f:36:48:c3:95:4e:c8:ac:11:29:27:c5:3b:bc:9c:
         32:99:70:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbhVhA3MG4+rvW5FNVRYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjFkMzI1MzNlMTEyMjUwMTU0ZGRkNmNjZTc2OTljNDQxNzkyZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEdTdy0JFEOBFTyMscQaVlpipTLN
KxoGVFwZ4+08k6mF5M1Y67T+nYiK8eUr/593FeeOoYGdps623aGZ4S9Rg+ePPbM3
Zj69oPjUlV2BuQLh3k4m+J4GKKvUKDWcatqUjbTUvu77pREZqS0mdzAdg6qHGGQl
ZL0bo3flOZhk1HpvccTtSmql6MYlrWOu2l7JnUKkvc/jlnCjcGEM12DvOdSwqHHF
iCHp+mHWi8mSakAm/laiNlezIuIZM4SA/zYpG2g1zGnQqPGqKt3lnQLwjXRpJuvc
D5gdI76RLeJpzPDvgiBaxolAue/UJlWJFrqpFgL5QDcwUElMsqSgEJgXxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNsdMlM+ESJQFU3dbM52mcRBeS5iMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMngweVV6NFJJbEFWVGQxc3puYVp4RUY1TG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRwwAwQA
ufKsMA0GCSqGSIb3DQEBCwUAA4IBAQCapP4B1gyi5HIKuLrlc8qjC+v3XJ3urddi
lLYHDnmrxmbX+6RrfuXWjxSfo5jVH9nSxK0bAoiNc/5IT4tJhqOTWj8LTaS4pF/2
NHwi9HT6zedbin6fjEVl52z7irBH/IjKosCtqGDkVlI1iyWTzzQgCSKvI+x2b4bJ
KsDjXRTYCpM2FuD2uj+kEFFXU02wkHd3c3CJy5BNWs6e27LOl/a/tIoOdsHXn5ur
Xp7urF2kVOHLEX/0vx2xAYdi5HAXZOT+CkoH7bK8rgKp6p/DJiy7S2dKGlS7KC/l
7+8QapIT+ejO4jtve5ZPz//CTqsvNkjDlU7IrBEpJ8U7vJwymXAK
-----END CERTIFICATE-----