Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/DXBBPWF1OpE740Kt9ZomfJxJ0Hg.roa
File:                     DXBBPWF1OpE740Kt9ZomfJxJ0Hg.roa (raw, json)
Hash identifier:          KhRg4VP3rthyHkiOiKZhMgQ8dgl9izszU0XW0NXlX/g=
Subject key identifier:   0D:70:41:3D:61:75:3A:91:3B:E3:42:AD:F5:9A:26:7C:9C:49:D0:78
Certificate issuer:       /CN=304e59a223f4bcb823492fb1096c3a82310c03da
Certificate serial:       018CC86F0913ECFD2F67D18EF5217ABBE3E2
Authority key identifier: 30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/DXBBPWF1OpE740Kt9ZomfJxJ0Hg.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204418
IP address blocks:        185.119.105.0/24 maxlen: 24
                          2a06:8a01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:09:13:ec:fd:2f:67:d1:8e:f5:21:7a:bb:e3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304e59a223f4bcb823492fb1096c3a82310c03da
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d70413d61753a913be342adf59a267c9c49d078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:55:59:8b:d3:36:79:4c:a8:2f:5b:a3:03:
                    ac:25:6b:9d:ff:55:69:76:5d:b7:63:93:ec:bb:19:
                    58:d9:3e:8e:a1:b1:96:28:0e:49:99:7c:a2:01:79:
                    53:22:a8:e0:97:61:22:b4:36:34:e1:82:1b:a8:c3:
                    c9:54:7a:dc:a6:f4:7c:7d:2f:f1:ae:94:5d:6f:68:
                    03:7c:0a:00:92:d1:8f:ad:a8:f2:38:86:d7:08:0b:
                    f9:f8:e7:7a:c0:a6:b9:47:e1:f7:19:d1:ca:32:3b:
                    ea:15:90:39:55:7e:64:6d:85:21:6a:70:58:88:6c:
                    2d:6e:7f:fc:85:98:85:e6:cd:1f:59:5f:cd:df:8b:
                    92:73:1f:43:c3:54:eb:ba:be:ce:e9:79:86:28:42:
                    21:f3:52:07:2b:5e:82:aa:f6:55:02:a6:b2:5b:74:
                    16:2c:7c:bb:53:6f:49:34:23:12:55:5f:eb:42:f1:
                    78:6c:ae:b2:97:5c:bd:95:71:3c:56:3c:07:15:2d:
                    6f:c8:50:27:0f:a8:34:8b:5c:db:5d:8c:e2:df:35:
                    27:ef:80:4a:3c:4c:18:41:06:60:71:3b:b2:9a:af:
                    bd:e7:e4:f1:c1:ce:c0:e4:ee:47:9d:cc:10:66:d9:
                    03:b8:bb:62:14:46:25:04:aa:95:d7:aa:92:92:5f:
                    60:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:70:41:3D:61:75:3A:91:3B:E3:42:AD:F5:9A:26:7C:9C:49:D0:78
            X509v3 Authority Key Identifier:
                keyid:30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/DXBBPWF1OpE740Kt9ZomfJxJ0Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.105.0/24
                IPv6:
                  2a06:8a01::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:69:76:88:b4:6f:bb:79:68:99:99:58:52:82:c1:2b:1d:18:
         43:62:4e:14:85:aa:7e:3e:b4:05:ee:6a:8d:e1:77:74:b7:a2:
         f5:29:ab:68:1c:f7:c3:29:a9:00:64:ee:f3:04:f1:94:37:26:
         b5:a1:9a:70:19:75:ab:84:02:06:51:4a:fc:6d:0d:71:a1:5d:
         08:e2:32:cf:ba:d8:f9:2a:c9:54:dc:e8:28:31:75:ea:a5:bd:
         60:dd:c1:3c:1b:b8:b4:aa:8f:14:c4:0e:5c:36:e8:09:88:11:
         23:6f:66:30:2e:b3:a4:5a:d0:fb:d4:2b:ee:fd:ff:e2:4e:48:
         6a:e0:ee:03:17:ee:0a:50:b9:3d:6f:41:57:d9:4f:6c:80:7a:
         b7:8e:1b:1f:11:26:c1:61:43:98:23:03:19:40:df:95:4d:6d:
         c9:47:df:c3:7b:7f:63:4e:04:1d:e9:64:cf:d3:52:a7:d8:b4:
         4c:ae:42:ad:df:28:29:b4:e6:a2:c5:4b:65:45:17:b3:02:cc:
         56:d7:20:4f:7d:ad:2c:12:f4:cd:69:91:7c:d6:0b:3d:4e:c2:
         83:e5:ab:0c:86:8e:4a:9c:60:97:c6:5c:2e:7c:3f:17:89:7e:
         4f:26:8a:4b:f7:37:ef:76:d3:e8:0a:ba:15:f9:42:19:53:8b:
         12:75:11:20
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbwkT7P0vZ9GO9SF6u+PiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGU1OWEyMjNmNGJjYjgyMzQ5MmZiMTA5NmMzYTgyMzEw
YzAzZGEwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDcwNDEzZDYxNzUzYTkxM2JlMzQyYWRmNTlhMjY3YzljNDlkMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRZVWYvTNnlMqC9bowOsJWud/1Vp
dl23Y5PsuxlY2T6OobGWKA5JmXyiAXlTIqjgl2EitDY04YIbqMPJVHrcpvR8fS/x
rpRdb2gDfAoAktGPrajyOIbXCAv5+Od6wKa5R+H3GdHKMjvqFZA5VX5kbYUhanBY
iGwtbn/8hZiF5s0fWV/N34uScx9Dw1Trur7O6XmGKEIh81IHK16CqvZVAqayW3QW
LHy7U29JNCMSVV/rQvF4bK6yl1y9lXE8VjwHFS1vyFAnD6g0i1zbXYzi3zUn74BK
PEwYQQZgcTuymq+95+Txwc7A5O5HncwQZtkDuLtiFEYlBKqV16qSkl9g9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA1wQT1hdTqRO+NCrfWaJnycSdB4MB8GA1UdIwQY
MBaAFDBOWaIj9Ly4I0kvsQlsOoIxDAPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTct
MzQ0Y2M1MDJmMWJkLzEvRFhCQlBXRjFPcEU3NDBLdDlab21mSnhKMEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTctMzQ0Y2M1MDJmMWJk
LzEvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXdpMA0E
AgACMAcDBQAqBooBMA0GCSqGSIb3DQEBCwUAA4IBAQA5aXaItG+7eWiZmVhSgsEr
HRhDYk4Uhap+PrQF7mqN4Xd0t6L1KatoHPfDKakAZO7zBPGUNya1oZpwGXWrhAIG
UUr8bQ1xoV0I4jLPutj5KslU3OgoMXXqpb1g3cE8G7i0qo8UxA5cNugJiBEjb2Yw
LrOkWtD71Cvu/f/iTkhq4O4DF+4KULk9b0FX2U9sgHq3jhsfESbBYUOYIwMZQN+V
TW3JR9/De39jTgQd6WTP01Kn2LRMrkKt3ygptOaixUtlRRezAsxW1yBPfa0sEvTN
aZF81gs9TsKD5asMho5KnGCXxlwufD8XiX5PJopL9zfvdtPoCroV+UIZU4sSdREg
-----END CERTIFICATE-----