Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/5Grtd8EjB8TA9OMGKBFL9EBnemc.roa
File:                     5Grtd8EjB8TA9OMGKBFL9EBnemc.roa (raw, json)
Hash identifier:          exjb4sg0wNk6L7EvwKbwTbj3lb9nbnZupEgfy7vMABM=
Subject key identifier:   E4:6A:ED:77:C1:23:07:C4:C0:F4:E3:06:28:11:4B:F4:40:67:7A:67
Certificate issuer:       /CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
Certificate serial:       018E5178A5AE07AE23CCD71177565E3D18B6
Authority key identifier: 8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/5Grtd8EjB8TA9OMGKBFL9EBnemc.roa
Signing time:             Mon 18 Mar 2024 12:10:45 +0000
ROA not before:           Mon 18 Mar 2024 12:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203690
IP address blocks:        185.184.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:78:a5:ae:07:ae:23:cc:d7:11:77:56:5e:3d:18:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
        Validity
            Not Before: Mar 18 12:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e46aed77c12307c4c0f4e30628114bf440677a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:9b:01:84:cd:66:cc:b0:76:b3:f3:ea:fa:
                    39:c7:10:14:e7:a7:55:c6:7a:8b:07:5b:1d:12:82:
                    51:e9:5d:87:e1:86:69:6f:06:79:e1:9a:88:3b:70:
                    66:5c:c4:54:8e:4f:86:3e:f2:9f:86:c9:52:92:bb:
                    80:aa:09:09:60:7c:4a:01:66:d8:13:35:4b:2e:2b:
                    c7:06:aa:1c:d9:4e:d7:71:a4:11:82:64:53:cf:8f:
                    0a:1b:b3:4f:52:19:b1:01:e0:b8:bc:bb:0d:fd:f1:
                    71:34:59:a4:b3:96:59:d2:38:91:36:80:57:09:bf:
                    20:59:b1:db:59:c5:44:6e:fd:b7:58:26:b6:7e:11:
                    07:7a:8f:8c:a3:eb:f2:6a:c8:d0:bc:93:ff:18:51:
                    fd:45:8f:ff:38:2d:4c:97:40:bb:cb:c9:a9:22:c6:
                    52:97:1d:73:16:af:d3:47:14:bf:ef:5e:65:55:02:
                    64:3c:bf:49:37:71:09:05:9a:62:24:cc:c1:e1:f6:
                    09:3e:a9:98:04:b8:77:e4:64:98:b8:13:af:6d:0e:
                    3d:91:58:bc:29:d1:19:2b:36:4c:6e:e3:c0:f3:cc:
                    39:7d:ca:f5:60:b1:9b:af:5d:49:d8:4a:82:f6:f7:
                    f4:ea:10:c4:a0:24:11:4d:38:de:4a:10:e7:df:4b:
                    eb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6A:ED:77:C1:23:07:C4:C0:F4:E3:06:28:11:4B:F4:40:67:7A:67
            X509v3 Authority Key Identifier:
                keyid:8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/5Grtd8EjB8TA9OMGKBFL9EBnemc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:2a:52:10:0c:fd:45:d2:02:fd:72:f9:1b:9b:6f:b4:fa:f0:
         ac:14:c5:bf:d1:42:5a:89:b6:19:61:e1:d7:7f:30:9b:07:61:
         d5:36:02:df:c4:30:b7:c6:26:ea:41:3d:2e:4f:8f:8a:a5:45:
         a3:10:63:93:fa:8e:73:bf:09:ac:5a:f6:19:43:5d:00:de:36:
         58:37:06:b9:68:e7:34:f4:e5:0a:9d:d2:73:ef:8e:c1:89:95:
         4a:a4:28:bb:bd:05:ff:53:7e:2c:b1:60:45:be:95:b9:e1:f0:
         85:67:df:6e:91:af:0b:76:6e:e1:d5:2b:83:11:41:11:1d:df:
         e3:29:5c:a1:7c:f7:47:38:98:a5:00:04:c6:9e:cd:b1:be:b3:
         0e:a0:5a:f1:5b:f9:f9:c2:bc:87:de:f0:23:03:c0:b2:56:f9:
         ca:ae:d4:12:c4:fc:58:6c:6c:e3:c5:ae:95:ff:2b:ff:fe:d9:
         d1:90:6d:6c:22:a2:1d:fc:82:e2:81:02:3e:be:47:e5:fe:f7:
         27:93:4e:60:b3:f6:32:58:39:ac:25:c2:75:24:e7:14:09:9e:
         2b:44:b2:be:1a:37:24:ed:90:b5:25:96:17:62:c3:82:2f:6c:
         18:aa:a3:3e:92:cb:f2:58:a2:fe:5d:3d:32:ce:be:de:ef:6d:
         ae:61:76:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5ReKWuB64jzNcRd1ZePRi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGQ4MWYzZTBmMmQxOGYzYjU5MGRjYzUzNmQ1ZTk0Y2Zl
MDcwMTIwHhcNMjQwMzE4MTIxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZhZWQ3N2MxMjMwN2M0YzBmNGUzMDYyODExNGJmNDQwNjc3YTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBmbAYTNZsywdrPz6vo5xxAU56dV
xnqLB1sdEoJR6V2H4YZpbwZ54ZqIO3BmXMRUjk+GPvKfhslSkruAqgkJYHxKAWbY
EzVLLivHBqoc2U7XcaQRgmRTz48KG7NPUhmxAeC4vLsN/fFxNFmks5ZZ0jiRNoBX
Cb8gWbHbWcVEbv23WCa2fhEHeo+Mo+vyasjQvJP/GFH9RY//OC1Ml0C7y8mpIsZS
lx1zFq/TRxS/715lVQJkPL9JN3EJBZpiJMzB4fYJPqmYBLh35GSYuBOvbQ49kVi8
KdEZKzZMbuPA88w5fcr1YLGbr11J2EqC9vf06hDEoCQRTTjeShDn30vrmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORq7XfBIwfEwPTjBigRS/RAZ3pnMB8GA1UdIwQY
MBaAFIsNgfPg8tGPO1kNzFNtXpTP4HASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXcyQjgtRHkwWTg3V1EzTVUyMWVsTV9nY0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wNTE3ZjktOWExZS00NjAwLWIwNDMt
ZjY1NDFmNzc4NTg1LzEvNUdydGQ4RWpCOFRBOU9NR0tCRkw5RUJuZW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wNTE3ZjktOWExZS00NjAwLWIwNDMtZjY1NDFmNzc4NTg1
LzEvaXcyQjgtRHkwWTg3V1EzTVUyMWVsTV9nY0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubgKMA0G
CSqGSIb3DQEBCwUAA4IBAQAgKlIQDP1F0gL9cvkbm2+0+vCsFMW/0UJaibYZYeHX
fzCbB2HVNgLfxDC3xibqQT0uT4+KpUWjEGOT+o5zvwmsWvYZQ10A3jZYNwa5aOc0
9OUKndJz747BiZVKpCi7vQX/U34ssWBFvpW54fCFZ99uka8Ldm7h1SuDEUERHd/j
KVyhfPdHOJilAATGns2xvrMOoFrxW/n5wryH3vAjA8CyVvnKrtQSxPxYbGzjxa6V
/yv//tnRkG1sIqId/ILigQI+vkfl/vcnk05gs/YyWDmsJcJ1JOcUCZ4rRLK+Gjck
7ZC1JZYXYsOCL2wYqqM+ksvyWKL+XT0yzr7e722uYXZV
-----END CERTIFICATE-----