Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xy2CE0c1yGLOrKbccUUymohABpg.roa
File:                     xy2CE0c1yGLOrKbccUUymohABpg.roa (raw, json)
Hash identifier:          ase6xehlUpBB4VXyEx/vXmj1NTV5t89ZQ91CJ2Gg7Zs=
Subject key identifier:   C7:2D:82:13:47:35:C8:62:CE:AC:A6:DC:71:45:32:9A:88:40:06:98
Certificate issuer:       /CN=ea1c951d61b87da19439784d23667a89cb3290a4
Certificate serial:       018CC500269AE230EA80EBBA109F0D9F8136
Authority key identifier: EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xy2CE0c1yGLOrKbccUUymohABpg.roa
Signing time:             Mon 01 Jan 2024 12:29:30 +0000
ROA not before:           Mon 01 Jan 2024 12:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203603
IP address blocks:        185.249.233.0/24 maxlen: 24
                          185.249.234.0/23 maxlen: 23
                          185.113.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:26:9a:e2:30:ea:80:eb:ba:10:9f:0d:9f:81:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea1c951d61b87da19439784d23667a89cb3290a4
        Validity
            Not Before: Jan  1 12:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c72d82134735c862ceaca6dc7145329a88400698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ff:0b:94:d2:d5:99:73:f2:1e:9b:e0:ac:a5:
                    6e:a6:57:62:e3:2d:4e:96:d5:32:0e:38:ff:5d:50:
                    7a:7e:1b:71:c9:ed:75:22:90:0a:5d:33:01:8e:ba:
                    a1:5c:7e:06:48:a2:ee:3b:85:be:04:ce:e7:8e:c0:
                    a4:51:97:f9:5f:7f:7d:8b:0e:7f:92:35:e8:82:01:
                    07:c7:91:bf:b6:7d:a2:00:14:3a:7a:e1:7d:3a:a3:
                    e0:fb:7f:3a:83:3c:32:ee:e2:87:f6:d6:c4:01:34:
                    78:df:cd:0f:3f:65:0b:9e:c2:fc:52:43:e4:f3:03:
                    fc:a8:57:5d:ac:47:d6:f1:89:0a:c1:e8:38:7f:3c:
                    66:d7:e3:d2:c5:71:b8:a9:c5:73:b4:ec:02:e7:ae:
                    e5:78:77:e1:59:f5:f9:80:77:71:f0:ec:79:eb:40:
                    b6:fd:d5:ae:32:20:1e:3d:93:ca:f2:23:67:0c:bb:
                    b8:b4:32:08:e6:37:8f:eb:6e:59:2e:40:95:36:86:
                    b6:e7:b1:ed:96:d3:2b:f3:60:6c:1b:62:a3:35:6d:
                    fc:79:ef:1b:59:5f:8e:38:ea:8e:f7:e4:1b:86:18:
                    28:b6:0e:74:f0:8a:76:8e:cf:a9:78:c6:57:4b:ce:
                    f4:ca:fd:ed:ff:32:2a:9c:65:8b:8e:fb:ec:bf:0f:
                    11:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2D:82:13:47:35:C8:62:CE:AC:A6:DC:71:45:32:9A:88:40:06:98
            X509v3 Authority Key Identifier:
                keyid:EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xy2CE0c1yGLOrKbccUUymohABpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.236.0/22
                  185.249.233.0-185.249.235.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:d4:99:b2:46:25:de:d7:51:46:5a:eb:c6:9a:08:78:33:43:
         0f:31:3b:3c:65:fa:42:5b:a3:af:65:65:2d:89:2c:06:51:db:
         8f:d6:ec:1e:12:ed:80:97:62:40:98:2b:ca:44:2a:71:5a:35:
         b1:a2:52:89:e1:33:29:4e:3d:38:ae:28:61:d9:5d:fd:88:b4:
         8c:c5:41:c2:6e:fd:86:ea:4a:fe:8f:46:87:d7:1b:42:71:09:
         d7:fd:5e:92:c4:c6:8d:fa:35:99:8b:7c:99:14:4e:30:3d:61:
         a4:25:50:6a:74:23:b9:77:49:e2:71:e4:ff:d4:3b:17:f1:b3:
         8b:7b:c2:cb:fc:bb:28:df:7f:8a:03:5d:84:e4:b1:f8:19:8c:
         8d:5f:a0:bb:c2:e2:da:71:f9:f1:38:ad:84:8c:77:8d:cb:15:
         ee:04:ee:43:d4:78:46:c5:3e:e3:2e:68:69:9e:40:b1:ad:65:
         ac:09:b4:5c:64:a9:83:b4:d0:83:9d:ac:c2:36:67:54:22:36:
         7e:d6:72:b6:8f:7c:99:2d:1e:5e:96:c0:9d:29:b2:76:d5:01:
         92:59:23:82:36:98:fc:cb:fb:67:b9:d0:73:6a:67:03:34:de:
         42:92:26:7f:c5:1e:ce:db:7f:34:73:54:53:03:b3:b1:7f:5d:
         ea:9b:ac:5e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFACaa4jDqgOu6EJ8Nn4E2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMWM5NTFkNjFiODdkYTE5NDM5Nzg0ZDIzNjY3YTg5Y2Iz
MjkwYTQwHhcNMjQwMTAxMTIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJkODIxMzQ3MzVjODYyY2VhY2E2ZGM3MTQ1MzI5YTg4NDAwNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/8LlNLVmXPyHpvgrKVupldi4y1O
ltUyDjj/XVB6fhtxye11IpAKXTMBjrqhXH4GSKLuO4W+BM7njsCkUZf5X399iw5/
kjXoggEHx5G/tn2iABQ6euF9OqPg+386gzwy7uKH9tbEATR4380PP2ULnsL8UkPk
8wP8qFddrEfW8YkKweg4fzxm1+PSxXG4qcVztOwC567leHfhWfX5gHdx8Ox560C2
/dWuMiAePZPK8iNnDLu4tDII5jeP625ZLkCVNoa257HtltMr82BsG2KjNW38ee8b
WV+OOOqO9+Qbhhgotg508Ip2js+peMZXS870yv3t/zIqnGWLjvvsvw8RSQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMctghNHNchizqym3HFFMpqIQAaYMB8GA1UdIwQY
MBaAFOoclR1huH2hlDl4TSNmeonLMpCkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMt
NzI0YjFhMDIxMmQ0LzEveHkyQ0UwYzF5R0xPcktiY2NVVXltb2hBQnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMtNzI0YjFhMDIxMmQ0
LzEvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuXHsMAwD
BAC5+ekDBAK5+egwDQYJKoZIhvcNAQELBQADggEBAD7UmbJGJd7XUUZa68aaCHgz
Qw8xOzxl+kJbo69lZS2JLAZR24/W7B4S7YCXYkCYK8pEKnFaNbGiUonhMylOPTiu
KGHZXf2ItIzFQcJu/YbqSv6PRofXG0JxCdf9XpLExo36NZmLfJkUTjA9YaQlUGp0
I7l3SeJx5P/UOxfxs4t7wsv8uyjff4oDXYTksfgZjI1foLvC4tpx+fE4rYSMd43L
Fe4E7kPUeEbFPuMuaGmeQLGtZawJtFxkqYO00IOdrMI2Z1QiNn7WcraPfJktHl6W
wJ0psnbVAZJZI4I2mPzL+2e50HNqZwM03kKSJn/FHs7bfzRzVFMDs7F/XeqbrF4=
-----END CERTIFICATE-----