Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/DcVOPXvfAllmEkC90AsxfGrWcv0.roa
File:                     DcVOPXvfAllmEkC90AsxfGrWcv0.roa (raw, json)
Hash identifier:          qu99TSehH027xwGFls+vNsNU0d9TFUTuLUnVP1oypQA=
Subject key identifier:   0D:C5:4E:3D:7B:DF:02:59:66:12:40:BD:D0:0B:31:7C:6A:D6:72:FD
Certificate issuer:       /CN=b0bfb0fc298965476bc10f58792bf286c14d9ff1
Certificate serial:       018CC802D66A8F35DD03F2F935B7CC5B73AE
Authority key identifier: B0:BF:B0:FC:29:89:65:47:6B:C1:0F:58:79:2B:F2:86:C1:4D:9F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/DcVOPXvfAllmEkC90AsxfGrWcv0.roa
Signing time:             Tue 02 Jan 2024 02:31:18 +0000
ROA not before:           Tue 02 Jan 2024 02:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203904
IP address blocks:        185.118.44.0/24 maxlen: 24
                          185.118.47.0/24 maxlen: 24
                          185.118.46.0/24 maxlen: 24
                          185.118.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d6:6a:8f:35:dd:03:f2:f9:35:b7:cc:5b:73:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0bfb0fc298965476bc10f58792bf286c14d9ff1
        Validity
            Not Before: Jan  2 02:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dc54e3d7bdf0259661240bdd00b317c6ad672fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cf:91:47:0a:8a:3d:17:5e:01:5f:d0:6c:4d:
                    d7:f0:da:a0:fd:20:51:fc:33:07:fe:85:d1:c4:67:
                    c3:a6:07:a0:bd:87:f3:25:b7:63:ef:61:bd:25:55:
                    ee:4e:7b:e7:a2:12:68:fc:e1:86:0e:ac:60:00:f8:
                    df:a3:98:ef:4d:2e:01:cf:88:af:f6:a1:93:22:0e:
                    94:a4:89:ce:be:d3:7e:02:ef:57:2d:ef:94:31:11:
                    f5:e6:38:e0:65:b4:fd:61:0b:2c:78:95:23:e9:e4:
                    da:38:83:d5:29:24:df:16:81:f8:bd:09:94:30:81:
                    b0:d2:2d:7b:ac:87:b1:f2:41:00:1f:9b:bf:d1:79:
                    ec:d1:ac:71:5d:f4:a4:ea:d8:46:c1:10:37:be:99:
                    c8:a4:b3:7b:74:c3:8a:66:86:96:66:36:15:58:34:
                    02:a3:57:5a:e3:1b:05:05:21:4f:c0:3f:b6:c5:83:
                    c1:69:7c:4c:35:23:49:70:4f:45:b7:b8:75:c5:13:
                    c2:8b:5d:b5:56:75:4c:d6:94:95:4b:f8:1a:fb:9c:
                    6e:ea:84:27:57:5f:f9:cb:5f:2d:68:5e:e9:21:76:
                    e6:88:db:04:02:67:9f:61:af:7b:cf:91:f6:23:c2:
                    a4:ef:0c:54:f5:36:3b:26:0d:0c:6e:7a:09:0e:21:
                    40:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C5:4E:3D:7B:DF:02:59:66:12:40:BD:D0:0B:31:7C:6A:D6:72:FD
            X509v3 Authority Key Identifier:
                keyid:B0:BF:B0:FC:29:89:65:47:6B:C1:0F:58:79:2B:F2:86:C1:4D:9F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/DcVOPXvfAllmEkC90AsxfGrWcv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/7e67d0-ecb7-4c66-99b8-85b0e7478856/1/sL-w_CmJZUdrwQ9YeSvyhsFNn_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:c5:3e:35:dc:15:5b:f5:7f:35:84:5c:66:7a:33:79:26:90:
         97:9e:86:c5:e8:b9:cd:82:ae:3d:9a:8a:6f:84:80:fa:d0:63:
         bc:05:08:60:7c:f3:eb:10:a4:bb:04:ab:1f:36:dc:00:4a:cb:
         b1:54:60:fb:3e:b2:ea:0e:f4:44:11:8c:af:e7:9a:68:d8:48:
         c5:1e:53:4a:7a:b0:9b:ca:ac:e0:03:94:82:75:f0:d1:f0:eb:
         7b:8e:d5:0e:32:ed:ae:83:25:67:49:bb:dd:1b:50:fe:7c:50:
         76:cc:9b:0c:bf:4e:e9:4e:58:4f:f2:46:e8:82:c1:ba:8f:d5:
         79:95:77:5b:84:43:64:d9:62:f0:50:e2:bd:da:25:d1:a8:34:
         a7:96:5a:dd:e2:75:12:a0:63:ea:d8:e7:70:6e:d5:7b:87:ca:
         82:e6:bf:fa:f6:e9:af:3d:78:2b:7a:f4:ca:bd:96:b0:76:85:
         34:70:54:d5:11:2b:15:28:55:36:8c:cd:80:10:40:37:47:aa:
         52:cc:83:0a:1b:25:b9:5b:27:4b:6d:b0:d4:b2:56:0a:d1:dc:
         bb:f5:4c:ff:ff:ca:63:de:f9:70:ce:16:e2:f8:66:6b:c6:af:
         2b:ff:e8:2d:23:9b:76:c1:72:a5:4e:68:98:74:04:0e:26:92:
         80:74:e2:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAtZqjzXdA/L5NbfMW3OuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYmZiMGZjMjk4OTY1NDc2YmMxMGY1ODc5MmJmMjg2YzE0
ZDlmZjEwHhcNMjQwMTAyMDIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGM1NGUzZDdiZGYwMjU5NjYxMjQwYmRkMDBiMzE3YzZhZDY3MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc+RRwqKPRdeAV/QbE3X8Nqg/SBR
/DMH/oXRxGfDpgegvYfzJbdj72G9JVXuTnvnohJo/OGGDqxgAPjfo5jvTS4Bz4iv
9qGTIg6UpInOvtN+Au9XLe+UMRH15jjgZbT9YQsseJUj6eTaOIPVKSTfFoH4vQmU
MIGw0i17rIex8kEAH5u/0Xns0axxXfSk6thGwRA3vpnIpLN7dMOKZoaWZjYVWDQC
o1da4xsFBSFPwD+2xYPBaXxMNSNJcE9Ft7h1xRPCi121VnVM1pSVS/ga+5xu6oQn
V1/5y18taF7pIXbmiNsEAmefYa97z5H2I8Kk7wxU9TY7Jg0MbnoJDiFAgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3FTj173wJZZhJAvdALMXxq1nL9MB8GA1UdIwQY
MBaAFLC/sPwpiWVHa8EPWHkr8obBTZ/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0wtd19DbUpaVWRyd1E5WWVTdnloc0ZObl9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi83ZTY3ZDAtZWNiNy00YzY2LTk5Yjgt
ODViMGU3NDc4ODU2LzEvRGNWT1BYdmZBbGxtRWtDOTBBc3hmR3JXY3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi83ZTY3ZDAtZWNiNy00YzY2LTk5YjgtODViMGU3NDc4ODU2
LzEvc0wtd19DbUpaVWRyd1E5WWVTdnloc0ZObl9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXYsMA0G
CSqGSIb3DQEBCwUAA4IBAQBYxT413BVb9X81hFxmejN5JpCXnobF6LnNgq49mopv
hID60GO8BQhgfPPrEKS7BKsfNtwASsuxVGD7PrLqDvREEYyv55po2EjFHlNKerCb
yqzgA5SCdfDR8Ot7jtUOMu2ugyVnSbvdG1D+fFB2zJsMv07pTlhP8kbogsG6j9V5
lXdbhENk2WLwUOK92iXRqDSnllrd4nUSoGPq2OdwbtV7h8qC5r/69umvPXgrevTK
vZawdoU0cFTVESsVKFU2jM2AEEA3R6pSzIMKGyW5WydLbbDUslYK0dy79Uz//8pj
3vlwzhbi+GZrxq8r/+gtI5t2wXKlTmiYdAQOJpKAdOIR
-----END CERTIFICATE-----