Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/odCJOobSvBwlSmKuvQ-J8GE7jP0.roa
File:                     odCJOobSvBwlSmKuvQ-J8GE7jP0.roa (raw, json)
Hash identifier:          UXOWAbs4DCaIpG+3ZtWRhip702J436R5EdT1Fx8eSh0=
Subject key identifier:   A1:D0:89:3A:86:D2:BC:1C:25:4A:62:AE:BD:0F:89:F0:61:3B:8C:FD
Certificate issuer:       /CN=c2e24a9da6be0754eddc1478d694e6da9e15a258
Certificate serial:       018CC49303A4C53F3C88FBF60D40F58063D5
Authority key identifier: C2:E2:4A:9D:A6:BE:07:54:ED:DC:14:78:D6:94:E6:DA:9E:15:A2:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wuJKnaa-B1Tt3BR41pTm2p4Volg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/odCJOobSvBwlSmKuvQ-J8GE7jP0.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206619
IP address blocks:        185.181.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/wuJKnaa-B1Tt3BR41pTm2p4Volg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/wuJKnaa-B1Tt3BR41pTm2p4Volg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wuJKnaa-B1Tt3BR41pTm2p4Volg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:03:a4:c5:3f:3c:88:fb:f6:0d:40:f5:80:63:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2e24a9da6be0754eddc1478d694e6da9e15a258
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1d0893a86d2bc1c254a62aebd0f89f0613b8cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5e:6c:3d:db:61:87:52:8c:a9:0c:b9:d5:8e:
                    6b:fb:95:1f:30:1c:95:cf:78:5a:c1:f1:71:92:24:
                    81:32:8c:e4:79:65:ec:e7:71:ff:6c:ca:ca:30:9b:
                    b2:c2:e2:76:ea:49:b4:de:d0:9d:51:a6:de:bf:90:
                    76:68:9f:e7:0b:59:19:e2:1a:cf:7d:db:0d:74:ff:
                    b0:be:47:4f:a8:bf:34:a0:86:fa:19:02:2f:b8:0c:
                    42:68:95:de:51:a0:57:f9:d9:c0:f2:9f:bc:3b:c3:
                    42:93:5e:83:39:c9:a2:07:97:36:4a:9d:33:07:5f:
                    2f:cf:38:21:d2:56:8a:59:a9:dd:b8:a7:45:30:1d:
                    bc:48:0d:b4:35:e7:e3:4d:7b:ad:c5:b2:72:f3:d9:
                    b6:d8:67:8a:7f:6c:c7:f8:f2:03:44:89:f9:ae:cd:
                    5c:9a:e3:aa:d9:4d:50:4b:61:74:7b:29:a4:53:8b:
                    13:46:69:b4:61:43:d8:b2:0c:92:c8:1d:5c:62:6f:
                    29:54:95:0c:d3:35:08:a9:c8:99:b6:1f:4f:cf:ff:
                    22:2c:63:47:b0:8e:fb:dd:1e:21:87:39:05:b9:c7:
                    56:3e:42:3e:b7:68:57:de:52:cb:84:97:d8:8d:bb:
                    cb:78:0b:2d:00:b9:9b:b9:0d:a7:37:af:bf:b8:e3:
                    c7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D0:89:3A:86:D2:BC:1C:25:4A:62:AE:BD:0F:89:F0:61:3B:8C:FD
            X509v3 Authority Key Identifier:
                keyid:C2:E2:4A:9D:A6:BE:07:54:ED:DC:14:78:D6:94:E6:DA:9E:15:A2:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wuJKnaa-B1Tt3BR41pTm2p4Volg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/odCJOobSvBwlSmKuvQ-J8GE7jP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4e59f2-be7a-42d9-9e60-50e2533fcd4e/1/wuJKnaa-B1Tt3BR41pTm2p4Volg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:8e:99:ba:27:28:5f:07:b3:14:46:99:e5:20:7a:ce:da:9a:
         e4:98:a4:ba:23:6f:94:83:a4:ac:1a:47:1a:f2:55:38:9e:8d:
         43:48:48:b6:a3:c6:16:9f:1a:64:b0:44:cf:48:62:52:87:36:
         c0:2f:95:d1:8e:1d:f7:f3:04:7b:93:2b:88:22:30:ae:68:e9:
         8e:51:3a:32:80:16:fd:5a:c9:40:02:08:1c:6e:5d:95:86:cc:
         af:76:92:fa:72:ad:b7:9c:6c:c9:e9:de:d2:91:8f:7d:cd:5a:
         c7:43:fc:d9:96:36:f2:a8:ea:6c:a1:08:54:ed:77:49:c1:ce:
         9a:6d:91:b4:44:d1:14:29:b5:36:7f:8a:39:fb:51:95:ed:c2:
         64:c0:2c:cb:7f:bb:df:98:ff:6d:81:ad:c7:33:f7:c4:75:a7:
         eb:45:e2:2a:25:95:09:3c:50:00:d9:c6:cf:d8:47:b8:d1:39:
         2f:57:29:0f:37:9b:e3:c7:5d:6c:51:24:a5:cc:76:40:fb:fc:
         62:fe:27:9e:82:da:96:5f:cd:74:6e:96:c0:49:e1:48:04:6d:
         dd:0f:d6:c1:7b:df:a6:94:bf:29:2c:9a:1b:05:35:f7:72:48:
         f0:d8:af:e1:ac:e3:71:5a:85:74:68:f6:c1:f9:63:c4:14:19:
         f7:6b:e9:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwOkxT88iPv2DUD1gGPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZTI0YTlkYTZiZTA3NTRlZGRjMTQ3OGQ2OTRlNmRhOWUx
NWEyNTgwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQwODkzYTg2ZDJiYzFjMjU0YTYyYWViZDBmODlmMDYxM2I4Y2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1l5sPdthh1KMqQy51Y5r+5UfMByV
z3hawfFxkiSBMozkeWXs53H/bMrKMJuywuJ26km03tCdUabev5B2aJ/nC1kZ4hrP
fdsNdP+wvkdPqL80oIb6GQIvuAxCaJXeUaBX+dnA8p+8O8NCk16DOcmiB5c2Sp0z
B18vzzgh0laKWanduKdFMB28SA20NefjTXutxbJy89m22GeKf2zH+PIDRIn5rs1c
muOq2U1QS2F0eymkU4sTRmm0YUPYsgySyB1cYm8pVJUM0zUIqciZth9Pz/8iLGNH
sI773R4hhzkFucdWPkI+t2hX3lLLhJfYjbvLeAstALmbuQ2nN6+/uOPHtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHQiTqG0rwcJUpirr0PifBhO4z9MB8GA1UdIwQY
MBaAFMLiSp2mvgdU7dwUeNaU5tqeFaJYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3VKS25hYS1CMVR0M0JSNDFwVG0ycDRWb2xnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny80ZTU5ZjItYmU3YS00MmQ5LTllNjAt
NTBlMjUzM2ZjZDRlLzEvb2RDSk9vYlN2QndsU21LdXZRLUo4R0U3alAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny80ZTU5ZjItYmU3YS00MmQ5LTllNjAtNTBlMjUzM2ZjZDRl
LzEvd3VKS25hYS1CMVR0M0JSNDFwVG0ycDRWb2xnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubVMMA0G
CSqGSIb3DQEBCwUAA4IBAQB9jpm6JyhfB7MURpnlIHrO2prkmKS6I2+Ug6SsGkca
8lU4no1DSEi2o8YWnxpksETPSGJShzbAL5XRjh338wR7kyuIIjCuaOmOUToygBb9
WslAAggcbl2VhsyvdpL6cq23nGzJ6d7SkY99zVrHQ/zZljbyqOpsoQhU7XdJwc6a
bZG0RNEUKbU2f4o5+1GV7cJkwCzLf7vfmP9tga3HM/fEdafrReIqJZUJPFAA2cbP
2Ee40TkvVykPN5vjx11sUSSlzHZA+/xi/ieegtqWX810bpbASeFIBG3dD9bBe9+m
lL8pLJobBTX3ckjw2K/hrONxWoV0aPbB+WPEFBn3a+mh
-----END CERTIFICATE-----