Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nEY2KlMhADREfQ85e2udlqkvFko.roa
File:                     nEY2KlMhADREfQ85e2udlqkvFko.roa (raw, json)
Hash identifier:          7VqjOvKv/jaQOSFEVAWBJo6yWA8qvsJ3HGGdTGmlrGc=
Subject key identifier:   9C:46:36:2A:53:21:00:34:44:7D:0F:39:7B:6B:9D:96:A9:2F:16:4A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E13B10B8AC04086E8B6BE24B2A453
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nEY2KlMhADREfQ85e2udlqkvFko.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60711
IP address blocks:        185.226.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:b1:0b:8a:c0:40:86:e8:b6:be:24:b2:a4:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c46362a53210034447d0f397b6b9d96a92f164a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:01:dd:bd:13:5c:37:c3:97:05:a0:16:ad:89:
                    c7:70:d0:57:ab:6e:93:ff:ff:db:a0:6a:ff:12:42:
                    6d:8f:08:79:1e:e2:da:73:a8:6c:cf:cd:e2:a6:1a:
                    b4:12:08:18:0a:7c:de:ad:17:46:17:62:e5:02:30:
                    49:86:ea:8f:a0:71:ed:be:f2:95:1d:cf:ec:39:9f:
                    cc:d3:9c:a5:6b:27:1b:91:92:f9:a8:ae:14:87:4b:
                    8f:02:f0:0c:a4:47:60:86:5b:b7:20:f5:9b:a6:99:
                    4d:ae:12:cd:cc:1e:cd:db:76:bd:8c:ff:d0:43:b1:
                    70:ad:d0:a2:31:48:d4:dc:3a:48:20:dd:9b:3b:c5:
                    20:73:05:f1:0c:10:df:ed:2f:84:a3:c7:93:ce:16:
                    1c:39:84:e4:de:ce:97:23:4d:24:b7:62:4e:50:af:
                    52:0c:42:01:9f:07:ee:9a:a3:9d:29:bc:d7:fd:45:
                    32:e6:1c:7a:b9:f1:ea:b0:21:a2:84:87:0f:0e:b8:
                    01:b4:d4:6f:64:16:3f:06:2d:c2:b2:f8:41:d0:da:
                    f8:71:30:86:24:a4:ec:3f:b2:6c:4c:fc:4c:9b:86:
                    65:51:fd:45:ff:49:9f:b2:c8:55:50:36:64:60:7d:
                    78:3b:b7:b3:69:45:f7:f9:d4:13:23:ec:2b:84:e7:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:46:36:2A:53:21:00:34:44:7D:0F:39:7B:6B:9D:96:A9:2F:16:4A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/nEY2KlMhADREfQ85e2udlqkvFko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:92:d2:02:6e:57:4c:4b:61:97:11:ef:94:16:52:5f:aa:27:
         64:ee:7f:42:3a:9d:a6:1d:e4:95:75:7a:3f:a7:64:d0:37:c4:
         0e:4c:e7:03:2f:6a:03:ae:5c:31:50:28:55:98:4c:dc:93:eb:
         eb:42:26:df:af:7b:69:c0:1d:8b:de:08:28:6b:20:f5:22:f0:
         40:27:e8:51:df:6d:32:45:41:17:4f:c1:70:51:8f:fb:64:60:
         ae:9b:f5:3a:13:90:6c:60:fd:83:f6:b8:fe:26:29:3a:03:f3:
         38:06:4d:0f:7a:58:6e:e6:0f:15:39:40:67:b2:b8:3a:78:0c:
         fa:fa:3a:52:6a:c5:91:37:f3:30:23:69:6a:8f:15:68:be:7c:
         07:b2:4a:2c:37:7e:1c:02:f1:88:6a:55:74:f9:d7:f3:d9:c5:
         7a:36:fd:91:0a:ba:e8:b8:13:08:02:f2:f7:04:30:7d:84:2e:
         1d:8e:9b:f3:ea:f7:a8:e3:35:22:f0:09:e3:d3:9b:3a:69:cc:
         f0:12:ee:d0:87:a9:ea:d0:1c:80:35:69:b2:00:0c:3f:ef:31:
         7c:80:d5:3a:bf:50:2b:d0:4f:54:9b:cc:dd:70:19:ca:9a:1a:
         3a:18:72:a0:2c:b2:db:35:d0:ee:8b:1b:d0:db:14:dd:d9:70:
         c0:ca:f9:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhOxC4rAQIbotr4ksqRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQ2MzYyYTUzMjEwMDM0NDQ3ZDBmMzk3YjZiOWQ5NmE5MmYxNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgHdvRNcN8OXBaAWrYnHcNBXq26T
///boGr/EkJtjwh5HuLac6hsz83iphq0EggYCnzerRdGF2LlAjBJhuqPoHHtvvKV
Hc/sOZ/M05ylaycbkZL5qK4Uh0uPAvAMpEdghlu3IPWbpplNrhLNzB7N23a9jP/Q
Q7FwrdCiMUjU3DpIIN2bO8UgcwXxDBDf7S+Eo8eTzhYcOYTk3s6XI00kt2JOUK9S
DEIBnwfumqOdKbzX/UUy5hx6ufHqsCGihIcPDrgBtNRvZBY/Bi3CsvhB0Nr4cTCG
JKTsP7JsTPxMm4ZlUf1F/0mfsshVUDZkYH14O7ezaUX3+dQTI+wrhOfzHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxGNipTIQA0RH0POXtrnZapLxZKMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbkVZMktsTWhBRFJFZlE4NWUydWRscWt2RmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueLCMA0G
CSqGSIb3DQEBCwUAA4IBAQALktICbldMS2GXEe+UFlJfqidk7n9COp2mHeSVdXo/
p2TQN8QOTOcDL2oDrlwxUChVmEzck+vrQibfr3tpwB2L3ggoayD1IvBAJ+hR320y
RUEXT8FwUY/7ZGCum/U6E5BsYP2D9rj+Jik6A/M4Bk0Pelhu5g8VOUBnsrg6eAz6
+jpSasWRN/MwI2lqjxVovnwHskosN34cAvGIalV0+dfz2cV6Nv2RCrrouBMIAvL3
BDB9hC4djpvz6veo4zUi8Anj05s6aczwEu7Qh6nq0ByANWmyAAw/7zF8gNU6v1Ar
0E9Um8zdcBnKmho6GHKgLLLbNdDuixvQ2xTd2XDAyvmR
-----END CERTIFICATE-----