Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/eYlapWnUhSg9-Qxqh9_ljL6aCoU.roa
File:                     eYlapWnUhSg9-Qxqh9_ljL6aCoU.roa (raw, json)
Hash identifier:          IW6WMrPrr0g6EoZrxkkj3Jd256jzfwa8vHozP6mCZC8=
Subject key identifier:   79:89:5A:A5:69:D4:85:28:3D:F9:0C:6A:87:DF:E5:8C:BE:9A:0A:85
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A79471194977B19357FC3AAC8B021
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/eYlapWnUhSg9-Qxqh9_ljL6aCoU.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213136
IP address blocks:        185.218.4.0/24 maxlen: 24
                          185.218.4.0/23 maxlen: 23
                          185.218.5.0/24 maxlen: 24
                          185.217.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:79:47:11:94:97:7b:19:35:7f:c3:aa:c8:b0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79895aa569d485283df90c6a87dfe58cbe9a0a85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:60:84:ad:d0:81:96:a0:50:2c:6b:9a:e4:02:
                    8d:3c:00:cd:d9:42:ce:3c:25:e7:7e:ae:84:e0:79:
                    3d:85:64:d0:3d:d3:fe:f9:36:6a:69:68:9a:98:c6:
                    72:7d:7e:6f:dc:9a:14:a6:63:42:57:b0:a9:5c:7d:
                    4e:72:75:0a:6a:3f:d9:4f:49:c0:e4:89:98:30:0a:
                    10:c1:36:d8:6e:27:37:a6:52:f7:5e:a2:e2:86:41:
                    c8:2d:15:0a:00:b3:1b:53:bf:95:7f:25:b2:55:4e:
                    51:f5:22:4a:35:a2:6f:e5:cb:02:7b:2f:2a:5f:10:
                    76:3f:75:d6:b1:b8:a2:51:7e:77:56:53:ee:24:57:
                    a3:98:ba:4e:a8:90:25:7d:ab:f4:df:3a:5a:d7:de:
                    66:4e:21:14:9e:30:fb:23:db:c3:c3:bc:1d:70:1d:
                    64:0a:ed:fb:69:4d:c4:02:cb:3e:2b:1b:c9:a0:90:
                    82:6c:0f:49:74:50:d5:a4:3c:f8:84:6f:bb:ed:a0:
                    1b:73:5b:15:70:ed:79:e2:da:9e:1d:34:a5:04:a9:
                    c1:ea:88:e9:27:b5:eb:c1:07:df:90:ff:50:56:a8:
                    aa:94:ab:14:a1:bc:02:d5:52:e2:8a:78:82:c8:37:
                    ad:25:79:a0:8e:d7:e1:91:7f:04:b7:cd:6b:39:e0:
                    b1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:89:5A:A5:69:D4:85:28:3D:F9:0C:6A:87:DF:E5:8C:BE:9A:0A:85
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/eYlapWnUhSg9-Qxqh9_ljL6aCoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.109.0/24
                  185.218.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:72:7d:26:37:41:0d:3b:a4:df:4e:e9:15:96:f3:c7:40:9c:
         41:a8:56:21:04:c9:dc:a6:e5:54:1d:9f:0b:ec:7c:80:67:b7:
         a7:04:f2:a7:16:29:1c:f1:dd:28:1f:df:67:f0:06:5c:9e:1c:
         dc:e0:4d:9b:5d:85:27:f8:ed:77:7a:67:8a:3f:0d:f3:f9:4e:
         a8:bd:70:0e:9f:aa:de:57:68:f0:a0:36:84:48:a6:47:bf:5b:
         49:c2:7c:4d:39:57:c2:bc:be:20:cf:f5:a8:d4:d9:c2:70:5e:
         41:d7:da:b8:49:50:5d:9f:eb:a6:19:cf:ca:2f:8f:57:a3:25:
         82:52:61:1b:de:b0:3f:a2:da:f3:8c:0f:92:12:e5:6b:bb:82:
         a0:0a:dc:f7:4a:b8:d3:be:39:55:35:93:c4:be:7d:2d:18:ba:
         b5:4d:e6:c9:cb:31:4c:96:d8:7d:c4:4e:0d:1e:ab:5d:19:d3:
         87:63:63:92:4b:45:a6:54:77:26:85:3d:30:83:25:1f:44:cd:
         2e:11:bf:7f:27:36:5c:a4:8e:e9:b2:78:b3:26:76:94:96:ff:
         7f:8b:9c:c3:18:14:d4:a5:43:08:6e:26:cd:42:a6:f3:01:4c:
         94:21:b8:ae:37:75:07:4e:98:f1:f7:8a:47:e8:13:9e:00:ba:
         dd:b4:90:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKnlHEZSXexk1f8OqyLAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTg5NWFhNTY5ZDQ4NTI4M2RmOTBjNmE4N2RmZTU4Y2JlOWEwYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmCErdCBlqBQLGua5AKNPADN2ULO
PCXnfq6E4Hk9hWTQPdP++TZqaWiamMZyfX5v3JoUpmNCV7CpXH1OcnUKaj/ZT0nA
5ImYMAoQwTbYbic3plL3XqLihkHILRUKALMbU7+VfyWyVU5R9SJKNaJv5csCey8q
XxB2P3XWsbiiUX53VlPuJFejmLpOqJAlfav03zpa195mTiEUnjD7I9vDw7wdcB1k
Cu37aU3EAss+KxvJoJCCbA9JdFDVpDz4hG+77aAbc1sVcO154tqeHTSlBKnB6ojp
J7XrwQffkP9QVqiqlKsUobwC1VLiiniCyDetJXmgjtfhkX8Et81rOeCx6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHmJWqVp1IUoPfkMaoff5Yy+mgqFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvZVlsYXBXblVoU2c5LVF4cWg5X2xqTDZhQ29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudltAwQB
udoEMA0GCSqGSIb3DQEBCwUAA4IBAQCdcn0mN0ENO6TfTukVlvPHQJxBqFYhBMnc
puVUHZ8L7HyAZ7enBPKnFikc8d0oH99n8AZcnhzc4E2bXYUn+O13emeKPw3z+U6o
vXAOn6reV2jwoDaESKZHv1tJwnxNOVfCvL4gz/Wo1NnCcF5B19q4SVBdn+umGc/K
L49XoyWCUmEb3rA/otrzjA+SEuVru4KgCtz3SrjTvjlVNZPEvn0tGLq1TebJyzFM
lth9xE4NHqtdGdOHY2OSS0WmVHcmhT0wgyUfRM0uEb9/JzZcpI7psnizJnaUlv9/
i5zDGBTUpUMIbibNQqbzAUyUIbiuN3UHTpjx94pH6BOeALrdtJCm
-----END CERTIFICATE-----