Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/OCEkcjsyK7Bed_2yDfoNPuJOHzU.roa
File:                     OCEkcjsyK7Bed_2yDfoNPuJOHzU.roa (raw, json)
Hash identifier:          dLNAXRjp8r3c7Cv3pQ3sMlEx84O8sAORcPr414eu3O8=
Subject key identifier:   38:21:24:72:3B:32:2B:B0:5E:77:FD:B2:0D:FA:0D:3E:E2:4E:1F:35
Certificate issuer:       /CN=fbbe33c8d18e53bfd24822098dc748640550c504
Certificate serial:       018CCA2A2C5A8237C55D6DB0A678AECDB2B4
Authority key identifier: FB:BE:33:C8:D1:8E:53:BF:D2:48:22:09:8D:C7:48:64:05:50:C5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/OCEkcjsyK7Bed_2yDfoNPuJOHzU.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.118.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2c:5a:82:37:c5:5d:6d:b0:a6:78:ae:cd:b2:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbbe33c8d18e53bfd24822098dc748640550c504
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=382124723b322bb05e77fdb20dfa0d3ee24e1f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b1:59:03:75:a3:1c:5e:9e:e4:e8:7f:42:6f:
                    f0:ca:df:fc:e7:e8:6d:21:46:a1:ce:dc:39:5b:dd:
                    82:90:8d:0a:cd:88:2b:73:34:44:ce:b5:b6:4d:ae:
                    1c:6b:a2:90:aa:f5:cc:e4:53:43:30:e3:dc:c3:de:
                    13:15:c0:59:93:f5:75:8a:64:11:3a:b6:8b:33:84:
                    52:38:f2:6a:84:fe:9c:ba:ac:34:cf:cd:eb:f7:fd:
                    60:d8:15:50:9c:81:28:39:8e:bd:02:7f:46:32:c5:
                    a4:ef:21:7f:a4:d5:fa:26:de:23:f9:49:18:0b:7a:
                    2d:c8:de:53:9e:32:36:3a:bf:cd:6e:b2:d9:ea:13:
                    9a:59:ab:0b:7e:9d:f8:40:cd:a8:14:5c:c4:21:0b:
                    9b:b1:41:aa:45:04:63:3b:ec:a4:3d:b7:1e:1a:d5:
                    b3:4e:d0:e3:5f:e1:4c:b2:c7:6a:03:ef:46:fd:f0:
                    c4:c8:50:fa:6e:50:fe:50:e0:2b:0b:18:45:d3:27:
                    5c:72:c0:07:9e:af:09:fe:db:13:b8:1f:95:4f:c5:
                    9f:94:08:5d:8d:de:18:4d:18:d4:9b:99:e1:48:2f:
                    2b:5a:ca:57:f8:92:f6:29:20:f0:5f:47:e5:ef:cd:
                    f2:d5:d9:2d:50:e9:3f:b4:4c:e7:ac:f6:b6:78:7e:
                    28:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:21:24:72:3B:32:2B:B0:5E:77:FD:B2:0D:FA:0D:3E:E2:4E:1F:35
            X509v3 Authority Key Identifier:
                keyid:FB:BE:33:C8:D1:8E:53:BF:D2:48:22:09:8D:C7:48:64:05:50:C5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/OCEkcjsyK7Bed_2yDfoNPuJOHzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:eb:12:2e:81:71:17:a8:c2:36:4f:a5:90:8f:d4:a6:3d:81:
         82:5c:68:5a:10:8c:c2:4c:9d:7e:1a:84:ce:76:4d:06:eb:46:
         19:48:67:67:dc:69:95:73:a2:66:25:f8:02:ee:e5:60:67:bb:
         e3:e7:3f:88:5e:9a:fc:94:e5:27:ee:3f:62:75:66:77:d6:73:
         cb:40:d4:17:0d:db:81:c1:e6:5c:c4:03:29:26:1c:af:0a:3e:
         29:da:c7:29:d4:bf:b0:b7:dd:31:d4:68:84:fb:2b:c2:88:9a:
         fa:cc:21:da:bb:a3:0b:98:f6:68:e5:91:86:17:88:16:32:c4:
         4d:c6:16:65:d1:fc:9f:46:5e:0e:a7:c7:cb:71:65:5c:ab:38:
         91:57:1d:44:f7:2d:af:ea:bd:dc:08:c1:f0:b5:62:fa:e0:ed:
         d4:74:03:0c:cd:e9:eb:44:7f:ca:55:d9:21:b1:6c:b5:a8:f3:
         ac:7d:6a:5d:c1:9c:71:57:65:7d:a2:ad:12:8e:f4:ab:d3:9f:
         34:50:ef:c1:0d:72:b3:4d:ee:ed:fa:53:8a:76:80:18:89:33:
         9f:05:b1:30:1e:d5:0b:0e:5c:a4:43:00:c5:42:be:a8:14:e6:
         89:fe:ac:c0:1f:a8:9d:cb:79:af:a2:de:50:7a:ca:5a:40:d7:
         55:6f:36:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKixagjfFXW2wpniuzbK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYmUzM2M4ZDE4ZTUzYmZkMjQ4MjIwOThkYzc0ODY0MDU1
MGM1MDQwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODIxMjQ3MjNiMzIyYmIwNWU3N2ZkYjIwZGZhMGQzZWUyNGUxZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbFZA3WjHF6e5Oh/Qm/wyt/85+ht
IUahztw5W92CkI0KzYgrczREzrW2Ta4ca6KQqvXM5FNDMOPcw94TFcBZk/V1imQR
OraLM4RSOPJqhP6cuqw0z83r9/1g2BVQnIEoOY69An9GMsWk7yF/pNX6Jt4j+UkY
C3otyN5TnjI2Or/NbrLZ6hOaWasLfp34QM2oFFzEIQubsUGqRQRjO+ykPbceGtWz
TtDjX+FMssdqA+9G/fDEyFD6blD+UOArCxhF0ydccsAHnq8J/tsTuB+VT8WflAhd
jd4YTRjUm5nhSC8rWspX+JL2KSDwX0fl783y1dktUOk/tEznrPa2eH4oNQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDghJHI7MiuwXnf9sg36DT7iTh81MB8GA1UdIwQY
MBaAFPu+M8jRjlO/0kgiCY3HSGQFUMUEMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03NHp5TkdPVTdfU1NDSUpqY2RJWkFWUXhRUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAvOWNmZWU4LTk0NDYtNGY1ZS1hZDFl
LTA1NTQzMTFkODdiNS8xL09DRWtjanN5SzdCZWRfMnlEZm9OUHVKT0h6VS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzAvOWNmZWU4LTk0NDYtNGY1ZS1hZDFlLTA1NTQzMTFkODdi
NS8xLzEtNzR6eU5HT1U3X1NTQ0lKamNkSVpBVlF4UVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5dmkw
DQYJKoZIhvcNAQELBQADggEBACHrEi6BcReowjZPpZCP1KY9gYJcaFoQjMJMnX4a
hM52TQbrRhlIZ2fcaZVzomYl+ALu5WBnu+PnP4hemvyU5SfuP2J1ZnfWc8tA1BcN
24HB5lzEAykmHK8KPinaxynUv7C33THUaIT7K8KImvrMIdq7owuY9mjlkYYXiBYy
xE3GFmXR/J9GXg6nx8txZVyrOJFXHUT3La/qvdwIwfC1Yvrg7dR0AwzN6etEf8pV
2SGxbLWo86x9al3BnHFXZX2irRKO9KvTnzRQ78ENcrNN7u36U4p2gBiJM58FsTAe
1QsOXKRDAMVCvqgU5on+rMAfqJ3Lea+i3lB6ylpA11VvNps=
-----END CERTIFICATE-----