Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0FKhVhAow14sa58JpowTK-O3YXQ.roa
File:                     0FKhVhAow14sa58JpowTK-O3YXQ.roa (raw, json)
Hash identifier:          1u/PqmPBZSvmpSebdw+SZZQjCq9rbAcdlXCt4tWqalg=
Subject key identifier:   D0:52:A1:56:10:28:C3:5E:2C:6B:9F:09:A6:8C:13:2B:E3:B7:61:74
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A71EB612C39DD9504EBC9A82E784D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0FKhVhAow14sa58JpowTK-O3YXQ.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134413
IP address blocks:        185.248.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:71:eb:61:2c:39:dd:95:04:eb:c9:a8:2e:78:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d052a1561028c35e2c6b9f09a68c132be3b76174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:f8:f4:b7:3f:fb:31:54:c7:e0:4a:be:08:
                    1c:fd:86:0d:f8:1a:cc:74:8a:e0:bd:9e:55:ef:74:
                    ca:a4:2f:6f:35:72:3f:cd:34:bf:81:a8:2d:3c:d2:
                    1c:59:5c:26:d6:ec:f1:b0:9b:5c:e1:a0:de:61:da:
                    d6:b4:c3:96:8b:8f:27:12:6e:67:33:41:78:3e:43:
                    df:fc:45:92:51:72:bd:b9:35:dc:5f:79:32:c3:46:
                    40:0a:c0:15:9e:bc:8d:61:7b:4a:1e:2e:06:31:7e:
                    6b:41:be:c4:08:7c:52:21:02:49:bd:99:4c:26:7f:
                    bc:fc:ba:31:37:f0:c2:ae:e3:f6:60:90:f6:d1:0a:
                    11:a6:0b:ee:92:71:34:86:6c:9b:71:b2:0d:e2:39:
                    39:ac:f3:02:3e:62:37:6d:e5:6c:da:1b:bf:82:ca:
                    e3:a5:00:d0:2a:99:78:8c:33:a7:21:57:ac:a2:8d:
                    8d:0f:90:f9:71:4f:3c:1a:4b:94:91:d1:f4:10:87:
                    b5:40:fc:1d:d0:77:e1:d6:8d:27:75:8e:da:ed:d3:
                    86:2b:7a:73:1f:7b:3b:f2:e4:4f:80:a2:05:c0:93:
                    b8:d4:48:55:28:02:5c:91:03:cb:a6:34:90:f3:ac:
                    03:ab:66:29:58:b0:8d:8d:9a:b7:10:4c:28:f9:95:
                    35:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:52:A1:56:10:28:C3:5E:2C:6B:9F:09:A6:8C:13:2B:E3:B7:61:74
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0FKhVhAow14sa58JpowTK-O3YXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:73:b4:4c:c6:95:69:c8:4a:97:c3:3c:23:32:99:bd:fd:1d:
         3b:cc:f0:43:be:9f:57:a7:3e:79:13:82:72:6a:36:8a:79:9b:
         98:37:b7:d5:1f:8a:67:1f:81:61:e0:29:71:ad:58:d6:b4:a3:
         83:07:c1:4b:69:7d:f8:5f:c7:b0:aa:bf:a4:d2:93:9d:db:0a:
         e8:76:f3:14:25:e4:76:ae:99:f7:a4:46:c3:97:7d:56:0c:ca:
         34:01:95:36:90:75:e3:cf:3b:2c:4d:ae:b6:e0:f3:e7:c4:5e:
         f5:0f:34:92:ad:f0:a2:6b:15:e3:36:4b:f5:e6:9a:15:6a:08:
         aa:ee:a4:ab:96:2b:e6:86:d6:ae:33:e9:ff:a8:4a:c7:ce:f0:
         f4:f7:c7:90:cf:75:6f:ea:1c:85:4b:98:d1:8e:64:c3:c7:af:
         4d:a3:6a:a7:98:c6:f4:d1:52:45:0c:b0:6f:bf:20:eb:0d:88:
         53:62:f1:fe:2d:f0:8f:1d:15:57:c2:c0:da:e2:ed:9c:d9:f5:
         3e:6d:14:92:38:ca:cd:7c:a0:3a:d6:01:9c:3a:fc:7a:bf:6f:
         26:47:22:5c:44:da:ef:ed:06:42:b5:a1:a8:fc:3c:36:6c:4c:
         3f:fe:13:09:23:0d:f9:78:bf:be:0c:b5:f2:d7:a4:a3:0f:23:
         35:51:d7:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnHrYSw53ZUE68moLnhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDUyYTE1NjEwMjhjMzVlMmM2YjlmMDlhNjhjMTMyYmUzYjc2MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpf49Lc/+zFUx+BKvggc/YYN+BrM
dIrgvZ5V73TKpC9vNXI/zTS/gagtPNIcWVwm1uzxsJtc4aDeYdrWtMOWi48nEm5n
M0F4PkPf/EWSUXK9uTXcX3kyw0ZACsAVnryNYXtKHi4GMX5rQb7ECHxSIQJJvZlM
Jn+8/LoxN/DCruP2YJD20QoRpgvuknE0hmybcbIN4jk5rPMCPmI3beVs2hu/gsrj
pQDQKpl4jDOnIVesoo2ND5D5cU88GkuUkdH0EIe1QPwd0Hfh1o0ndY7a7dOGK3pz
H3s78uRPgKIFwJO41EhVKAJckQPLpjSQ86wDq2YpWLCNjZq3EEwo+ZU1PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBSoVYQKMNeLGufCaaMEyvjt2F0MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMEZLaFZoQW93MTRzYTU4SnBvd1RLLU8zWVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufi6MA0G
CSqGSIb3DQEBCwUAA4IBAQCpc7RMxpVpyEqXwzwjMpm9/R07zPBDvp9Xpz55E4Jy
ajaKeZuYN7fVH4pnH4Fh4ClxrVjWtKODB8FLaX34X8ewqr+k0pOd2wrodvMUJeR2
rpn3pEbDl31WDMo0AZU2kHXjzzssTa624PPnxF71DzSSrfCiaxXjNkv15poVagiq
7qSrlivmhtauM+n/qErHzvD098eQz3Vv6hyFS5jRjmTDx69No2qnmMb00VJFDLBv
vyDrDYhTYvH+LfCPHRVXwsDa4u2c2fU+bRSSOMrNfKA61gGcOvx6v28mRyJcRNrv
7QZCtaGo/Dw2bEw//hMJIw35eL++DLXy16SjDyM1UddB
-----END CERTIFICATE-----