Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/Ed40lhL1_58AJhUBIq9C8xb1UYY.roa
File:                     Ed40lhL1_58AJhUBIq9C8xb1UYY.roa (raw, json)
Hash identifier:          VozeE9xRGUsYGucaA02JGQEO3VJkzXZzwklmJwgzAqM=
Subject key identifier:   11:DE:34:96:12:F5:FF:9F:00:26:15:01:22:AF:42:F3:16:F5:51:86
Certificate issuer:       /CN=05f2748cb43862a104b56f8c6204b6209706558c
Certificate serial:       018CC2DAB449EA017878DBF02EF8DA975537
Authority key identifier: 05:F2:74:8C:B4:38:62:A1:04:B5:6F:8C:62:04:B6:20:97:06:55:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/Ed40lhL1_58AJhUBIq9C8xb1UYY.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211098
IP address blocks:        185.184.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b4:49:ea:01:78:78:db:f0:2e:f8:da:97:55:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f2748cb43862a104b56f8c6204b6209706558c
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11de349612f5ff9f0026150122af42f316f55186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ae:e1:e2:ba:b5:1b:2c:ca:f4:a0:aa:dc:60:
                    37:b2:e0:d6:1c:43:31:ea:0a:03:34:6f:ed:c0:6e:
                    06:70:4d:e1:f0:c2:b6:03:22:73:dd:d6:6c:56:1c:
                    6f:79:9e:59:71:33:b8:9b:7f:4b:b3:95:84:69:16:
                    0a:79:82:8d:c3:d2:c1:1f:9d:45:86:52:46:74:d7:
                    8a:dd:6b:42:4b:79:6c:0b:3c:f3:a6:2f:71:05:06:
                    a9:0e:24:c5:8a:92:ba:ec:a9:ef:b7:4c:99:a5:b6:
                    21:eb:d5:3d:a7:0e:48:c2:71:3f:7e:c0:52:65:a5:
                    40:ba:da:0f:46:6e:af:df:cd:d3:0f:dd:d5:d8:65:
                    69:26:b4:cd:c3:89:8c:e2:7a:9c:d6:ff:2e:08:92:
                    0f:2d:a2:92:d9:ba:25:62:e1:b0:c2:42:63:8b:40:
                    57:70:65:9b:11:ee:15:d1:9e:43:24:4e:c1:95:59:
                    cb:f1:2e:b7:fd:aa:0c:da:36:22:6d:f0:f3:41:23:
                    7e:f8:52:61:19:bf:81:17:4b:5f:46:02:1d:38:94:
                    08:2e:e7:d5:be:4a:1a:e0:72:cc:17:71:c8:7b:a2:
                    e3:ca:26:85:e2:e3:79:b5:71:53:d7:39:a0:8a:70:
                    72:3e:88:1e:e1:78:c8:7b:24:b4:58:ff:75:69:d7:
                    bf:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:DE:34:96:12:F5:FF:9F:00:26:15:01:22:AF:42:F3:16:F5:51:86
            X509v3 Authority Key Identifier:
                keyid:05:F2:74:8C:B4:38:62:A1:04:B5:6F:8C:62:04:B6:20:97:06:55:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/Ed40lhL1_58AJhUBIq9C8xb1UYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:23:57:b2:63:5e:42:fb:de:7c:67:a2:23:fa:c4:49:3c:7b:
         76:37:6f:08:be:82:39:3b:98:22:86:15:4d:05:00:c3:0a:e0:
         6d:64:fd:d8:f2:69:fb:d8:67:8d:ab:36:a0:f0:a2:6b:38:48:
         11:7f:ba:a5:b5:de:94:dd:6d:ac:35:bf:70:13:2e:63:9c:ce:
         2e:3c:0a:ba:1d:d1:22:81:b7:0e:b0:ea:00:73:14:a5:3f:7f:
         6b:02:53:2f:ae:0a:2f:3f:89:05:cc:c8:c7:e7:9f:de:27:1a:
         80:75:ef:6a:cc:4b:74:e9:66:f7:c2:8c:1e:cd:e9:21:6c:25:
         da:1a:1d:5d:d5:ee:79:29:eb:c6:dd:7c:a9:f8:4b:2e:b1:51:
         d4:e5:9f:f5:c2:a4:69:12:54:8d:1d:8f:9e:7d:f9:94:b5:01:
         59:a5:1f:8d:aa:f3:f0:81:fd:d5:60:79:6a:49:d6:9e:d2:e4:
         6e:3d:17:9e:06:38:bd:45:23:f1:31:14:ab:e1:00:9c:a2:ac:
         b3:89:19:95:7a:51:6a:58:ea:28:d8:7d:0f:c6:2a:46:fc:86:
         36:35:e1:bf:d7:ae:f2:c4:03:d3:c4:97:fa:4b:90:a4:1a:20:
         04:c5:cd:1e:c9:25:89:92:20:69:b7:bf:5d:3d:38:ee:d6:77:
         81:b4:6d:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rRJ6gF4eNvwLvjal1U3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjI3NDhjYjQzODYyYTEwNGI1NmY4YzYyMDRiNjIwOTcw
NjU1OGMwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWRlMzQ5NjEyZjVmZjlmMDAyNjE1MDEyMmFmNDJmMzE2ZjU1MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq7h4rq1GyzK9KCq3GA3suDWHEMx
6goDNG/twG4GcE3h8MK2AyJz3dZsVhxveZ5ZcTO4m39Ls5WEaRYKeYKNw9LBH51F
hlJGdNeK3WtCS3lsCzzzpi9xBQapDiTFipK67Knvt0yZpbYh69U9pw5IwnE/fsBS
ZaVAutoPRm6v383TD93V2GVpJrTNw4mM4nqc1v8uCJIPLaKS2bolYuGwwkJji0BX
cGWbEe4V0Z5DJE7BlVnL8S63/aoM2jYibfDzQSN++FJhGb+BF0tfRgIdOJQILufV
vkoa4HLMF3HIe6LjyiaF4uN5tXFT1zmginByPoge4XjIeyS0WP91ade/EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHeNJYS9f+fACYVASKvQvMW9VGGMB8GA1UdIwQY
MBaAFAXydIy0OGKhBLVvjGIEtiCXBlWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZKMGpMUTRZcUVFdFctTVlnUzJJSmNHVll3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80ODVmYjQtMzAyNy00NmNjLWJkNjct
ODA5YTRiN2FiNGI1LzEvRWQ0MGxoTDFfNThBSmhVQklxOUM4eGIxVVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80ODVmYjQtMzAyNy00NmNjLWJkNjctODA5YTRiN2FiNGI1
LzEvQmZKMGpMUTRZcUVFdFctTVlnUzJJSmNHVll3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjZMA0G
CSqGSIb3DQEBCwUAA4IBAQBtI1eyY15C+958Z6Ij+sRJPHt2N28IvoI5O5gihhVN
BQDDCuBtZP3Y8mn72GeNqzag8KJrOEgRf7qltd6U3W2sNb9wEy5jnM4uPAq6HdEi
gbcOsOoAcxSlP39rAlMvrgovP4kFzMjH55/eJxqAde9qzEt06Wb3wowezekhbCXa
Gh1d1e55KevG3Xyp+EsusVHU5Z/1wqRpElSNHY+effmUtQFZpR+NqvPwgf3VYHlq
Sdae0uRuPReeBji9RSPxMRSr4QCcoqyziRmVelFqWOoo2H0PxipG/IY2NeG/167y
xAPTxJf6S5CkGiAExc0eySWJkiBpt79dPTju1neBtG2L
-----END CERTIFICATE-----