Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/T5N2mMfVc1lkhPvs2S6zR7QOjRE.roa
File:                     T5N2mMfVc1lkhPvs2S6zR7QOjRE.roa (raw, json)
Hash identifier:          jbQhSi1vsp8hi0XFp/sPTE7NjyVGxI5HucKFhBUw6GY=
Subject key identifier:   4F:93:76:98:C7:D5:73:59:64:84:FB:EC:D9:2E:B3:47:B4:0E:8D:11
Certificate issuer:       /CN=ab87734368d88315f11b329386cc5ef2bb875858
Certificate serial:       018CC94E653693576A8BBB33B851F4B423C4
Authority key identifier: AB:87:73:43:68:D8:83:15:F1:1B:32:93:86:CC:5E:F2:BB:87:58:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4dzQ2jYgxXxGzKThsxe8ruHWFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/T5N2mMfVc1lkhPvs2S6zR7QOjRE.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198167
IP address blocks:        185.108.30.0/24 maxlen: 24
                          185.108.29.0/24 maxlen: 24
                          185.108.28.0/24 maxlen: 24
                          185.108.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/q4dzQ2jYgxXxGzKThsxe8ruHWFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/q4dzQ2jYgxXxGzKThsxe8ruHWFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4dzQ2jYgxXxGzKThsxe8ruHWFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:65:36:93:57:6a:8b:bb:33:b8:51:f4:b4:23:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab87734368d88315f11b329386cc5ef2bb875858
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f937698c7d573596484fbecd92eb347b40e8d11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ad:0b:44:4c:66:ed:8f:2e:8f:f2:0a:c3:c0:
                    e5:93:78:4e:8f:fe:e4:bc:e8:72:b7:a5:b0:94:b7:
                    e1:99:dc:87:0d:2c:b5:af:39:98:4e:3f:0b:2b:95:
                    c3:9a:b1:c5:a1:e6:4e:03:c7:8e:6f:b4:0d:65:1f:
                    60:c1:62:95:e1:94:8b:3b:9d:a4:b3:ff:75:e1:fb:
                    9b:6d:4c:da:b1:f5:8c:f4:67:be:47:22:78:a3:84:
                    34:8c:1f:79:08:70:e3:fa:4f:6f:0c:28:dc:70:4b:
                    69:42:2d:bc:b5:bf:fd:9f:23:be:62:72:3e:26:b3:
                    d0:32:6e:16:9f:4b:c0:89:97:e3:64:f8:64:af:ab:
                    53:ca:ab:79:6c:f5:1f:fe:95:7f:30:a6:49:7f:ce:
                    02:bc:44:5d:50:46:a4:af:9d:cc:cf:12:5f:89:d5:
                    d6:aa:fe:5f:09:06:d5:f1:70:7c:57:46:67:58:1a:
                    19:eb:d0:97:66:38:be:c4:8a:e4:db:bd:f3:f5:14:
                    17:dd:f9:e4:82:39:79:a6:33:78:85:83:df:24:6c:
                    1b:ab:71:81:ce:98:38:fc:80:eb:7e:98:f5:80:41:
                    00:4b:8d:cf:10:1c:91:04:aa:4e:3f:ff:4b:46:1f:
                    9d:f0:f6:b3:44:13:13:72:25:07:02:d1:0a:68:cc:
                    1d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:93:76:98:C7:D5:73:59:64:84:FB:EC:D9:2E:B3:47:B4:0E:8D:11
            X509v3 Authority Key Identifier:
                keyid:AB:87:73:43:68:D8:83:15:F1:1B:32:93:86:CC:5E:F2:BB:87:58:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4dzQ2jYgxXxGzKThsxe8ruHWFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/T5N2mMfVc1lkhPvs2S6zR7QOjRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/562548-7b3d-40b3-9c05-18585ed94a98/1/q4dzQ2jYgxXxGzKThsxe8ruHWFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:0b:c8:e2:d0:dc:74:79:80:a6:e4:02:e2:53:87:e9:ab:00:
         b5:5e:b8:82:06:c1:8b:67:07:46:d7:86:d0:e5:b2:22:cd:5b:
         04:b5:c8:87:aa:48:26:cb:bd:48:e0:35:3f:81:e6:aa:12:0e:
         88:25:56:12:b2:6a:f2:ac:e4:24:42:b3:80:b0:5e:a7:f7:d4:
         2b:f0:cb:31:8f:98:31:db:11:80:f8:16:dd:57:ec:ab:08:3a:
         82:d4:c7:71:88:51:b4:7a:21:57:fe:dc:54:b3:fc:48:f2:1b:
         ef:db:c9:3a:31:b7:d4:95:03:36:08:44:19:43:4e:83:6c:15:
         a2:84:76:5d:0d:b5:2a:f2:dd:f6:5b:72:2e:6e:65:36:62:a5:
         89:61:27:ee:75:40:3e:f2:79:6d:cd:5e:aa:a9:ef:d2:46:7b:
         c1:6f:27:31:7d:81:b3:db:e1:b2:a8:78:87:01:a6:43:f2:c6:
         e8:dc:07:33:0a:00:9f:97:16:9a:4a:24:a0:1a:f8:5f:d7:da:
         0f:77:2a:21:ca:0d:f1:2b:d7:55:43:c8:c0:4d:3a:51:0d:d8:
         57:15:ff:4a:de:96:9d:86:57:21:39:0a:fa:14:4d:23:1f:4d:
         c9:79:e8:d8:b3:a0:44:6f:fd:8d:24:6a:cc:b4:9a:ec:37:4a:
         a6:de:49:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmU2k1dqi7szuFH0tCPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODc3MzQzNjhkODgzMTVmMTFiMzI5Mzg2Y2M1ZWYyYmI4
NzU4NTgwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjkzNzY5OGM3ZDU3MzU5NjQ4NGZiZWNkOTJlYjM0N2I0MGU4ZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK0LRExm7Y8uj/IKw8Dlk3hOj/7k
vOhyt6WwlLfhmdyHDSy1rzmYTj8LK5XDmrHFoeZOA8eOb7QNZR9gwWKV4ZSLO52k
s/914fubbUzasfWM9Ge+RyJ4o4Q0jB95CHDj+k9vDCjccEtpQi28tb/9nyO+YnI+
JrPQMm4Wn0vAiZfjZPhkr6tTyqt5bPUf/pV/MKZJf84CvERdUEakr53MzxJfidXW
qv5fCQbV8XB8V0ZnWBoZ69CXZji+xIrk273z9RQX3fnkgjl5pjN4hYPfJGwbq3GB
zpg4/IDrfpj1gEEAS43PEByRBKpOP/9LRh+d8PazRBMTciUHAtEKaMwdDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+TdpjH1XNZZIT77Nkus0e0Do0RMB8GA1UdIwQY
MBaAFKuHc0No2IMV8Rsyk4bMXvK7h1hYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRkelEyallneFh4R3pLVGhzeGU4cnVIV0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81NjI1NDgtN2IzZC00MGIzLTljMDUt
MTg1ODVlZDk0YTk4LzEvVDVOMm1NZlZjMWxraFB2czJTNnpSN1FPalJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81NjI1NDgtN2IzZC00MGIzLTljMDUtMTg1ODVlZDk0YTk4
LzEvcTRkelEyallneFh4R3pLVGhzeGU4cnVIV0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBfC8ji0Nx0eYCm5ALiU4fpqwC1XriCBsGLZwdG14bQ
5bIizVsEtciHqkgmy71I4DU/geaqEg6IJVYSsmryrOQkQrOAsF6n99Qr8Msxj5gx
2xGA+BbdV+yrCDqC1MdxiFG0eiFX/txUs/xI8hvv28k6MbfUlQM2CEQZQ06DbBWi
hHZdDbUq8t32W3IubmU2YqWJYSfudUA+8nltzV6qqe/SRnvBbycxfYGz2+GyqHiH
AaZD8sbo3AczCgCflxaaSiSgGvhf19oPdyohyg3xK9dVQ8jATTpRDdhXFf9K3pad
hlchOQr6FE0jH03JeejYs6BEb/2NJGrMtJrsN0qm3knZ
-----END CERTIFICATE-----