Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/Lfqi2MybHHcxNp1u3Cq7LTdY9-I.roa
File:                     Lfqi2MybHHcxNp1u3Cq7LTdY9-I.roa (raw, json)
Hash identifier:          qgV4c4wlnvjkIvX1RKI+Yi/+fQkzx06X+sAUww1eesU=
Subject key identifier:   2D:FA:A2:D8:CC:9B:1C:77:31:36:9D:6E:DC:2A:BB:2D:37:58:F7:E2
Certificate issuer:       /CN=e0cde2c1fce3d6fe2185347dd89dcfd13ebbb151
Certificate serial:       018CC9BC88160FD12B471639A928343C782F
Authority key identifier: E0:CD:E2:C1:FC:E3:D6:FE:21:85:34:7D:D8:9D:CF:D1:3E:BB:B1:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4M3iwfzj1v4hhTR92J3P0T67sVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/Lfqi2MybHHcxNp1u3Cq7LTdY9-I.roa
Signing time:             Tue 02 Jan 2024 10:33:45 +0000
ROA not before:           Tue 02 Jan 2024 10:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        185.141.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/4M3iwfzj1v4hhTR92J3P0T67sVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/4M3iwfzj1v4hhTR92J3P0T67sVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4M3iwfzj1v4hhTR92J3P0T67sVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:88:16:0f:d1:2b:47:16:39:a9:28:34:3c:78:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0cde2c1fce3d6fe2185347dd89dcfd13ebbb151
        Validity
            Not Before: Jan  2 10:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dfaa2d8cc9b1c7731369d6edc2abb2d3758f7e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:96:6e:44:d1:cc:e7:0c:2c:78:b2:3a:b0:7e:
                    37:db:90:ae:b8:8b:9b:a5:b2:f8:2d:70:1f:b8:d8:
                    c9:f0:72:c4:36:09:cb:bb:8c:dc:34:39:f4:f2:6e:
                    72:81:fc:67:64:7f:d0:19:a6:89:a5:ce:d7:b6:69:
                    bc:f7:20:2f:e9:fb:9c:b2:7c:d4:27:79:6f:c1:07:
                    77:58:fb:34:d8:e6:9d:8c:43:44:89:fb:73:43:50:
                    04:b0:36:e7:e2:11:02:2d:fb:42:c2:59:21:26:84:
                    02:d0:8e:70:47:8a:e6:a8:2d:18:f6:df:1b:18:8a:
                    b3:c8:72:16:3d:39:98:14:03:dc:53:cf:4b:c5:7b:
                    9d:77:e5:73:68:fc:fb:6f:9a:ee:31:b7:21:24:d7:
                    6d:eb:52:7c:eb:c8:41:bb:b5:49:db:0f:2f:e3:98:
                    53:2c:bc:13:c0:ed:07:15:11:fd:fe:58:1f:65:02:
                    96:d8:d0:9e:62:d2:36:5c:11:1f:8d:18:f6:7c:58:
                    a6:a3:bc:63:92:78:ce:49:14:b8:5c:0f:57:39:69:
                    68:5e:ba:02:cd:1a:f9:20:fb:2a:fe:2c:f4:e4:32:
                    16:c8:b0:1d:8d:bf:8f:07:86:a4:89:f3:53:f9:4e:
                    f4:bd:82:6c:94:d1:76:da:34:d8:b5:8f:47:d6:89:
                    25:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FA:A2:D8:CC:9B:1C:77:31:36:9D:6E:DC:2A:BB:2D:37:58:F7:E2
            X509v3 Authority Key Identifier:
                keyid:E0:CD:E2:C1:FC:E3:D6:FE:21:85:34:7D:D8:9D:CF:D1:3E:BB:B1:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4M3iwfzj1v4hhTR92J3P0T67sVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/Lfqi2MybHHcxNp1u3Cq7LTdY9-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/ecdd93-1aa0-4b9a-b6aa-ecb3126fc8ed/1/4M3iwfzj1v4hhTR92J3P0T67sVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:82:c5:74:fb:6c:3f:4b:84:63:15:6a:b8:6f:5e:c4:31:2f:
         75:f0:15:35:b4:db:fa:9a:48:ac:ff:21:45:27:42:aa:6f:4e:
         40:74:c8:e1:2d:b5:b6:13:d4:27:5a:35:d5:ec:7a:9e:a3:6d:
         c0:cf:67:d0:8e:fb:d0:9d:14:cb:ab:e0:d3:60:ca:a9:df:95:
         21:e1:a9:a2:d9:2e:6a:0a:c1:fb:1f:71:c3:de:dd:ba:94:8a:
         79:07:db:7f:38:f8:21:91:6d:1d:03:2d:02:5d:b0:7c:61:7d:
         ad:ae:2a:d5:2f:b1:9a:42:bf:63:e2:01:e2:7f:42:ce:9e:3b:
         43:28:d8:45:0d:a5:cb:7a:80:e6:14:4c:e7:c9:aa:99:a3:eb:
         d1:43:ab:40:fb:8a:17:e2:66:f7:2c:8e:5f:8f:05:f5:0d:30:
         55:9d:72:0d:18:64:e3:53:27:20:dc:56:61:0c:ea:ae:b5:85:
         da:b9:3c:82:06:8f:48:2a:a1:a4:d3:da:0f:79:04:21:67:fd:
         4d:77:ed:38:6f:72:ed:2e:3b:4a:74:4b:93:1c:89:2e:c7:fd:
         98:a5:b1:fe:5d:0f:f2:da:51:19:6e:01:5b:a8:2e:f6:44:bc:
         64:f9:7d:4e:c5:e4:fa:b4:dd:14:5a:3d:b2:83:42:bb:fb:d8:
         7f:fa:ba:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIgWD9ErRxY5qSg0PHgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwY2RlMmMxZmNlM2Q2ZmUyMTg1MzQ3ZGQ4OWRjZmQxM2Vi
YmIxNTEwHhcNMjQwMTAyMTAzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGZhYTJkOGNjOWIxYzc3MzEzNjlkNmVkYzJhYmIyZDM3NThmN2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JZuRNHM5wwseLI6sH4325CuuIub
pbL4LXAfuNjJ8HLENgnLu4zcNDn08m5ygfxnZH/QGaaJpc7Xtmm89yAv6fucsnzU
J3lvwQd3WPs02OadjENEiftzQ1AEsDbn4hECLftCwlkhJoQC0I5wR4rmqC0Y9t8b
GIqzyHIWPTmYFAPcU89LxXudd+VzaPz7b5ruMbchJNdt61J868hBu7VJ2w8v45hT
LLwTwO0HFRH9/lgfZQKW2NCeYtI2XBEfjRj2fFimo7xjknjOSRS4XA9XOWloXroC
zRr5IPsq/iz05DIWyLAdjb+PB4akifNT+U70vYJslNF22jTYtY9H1oklDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC36otjMmxx3MTadbtwquy03WPfiMB8GA1UdIwQY
MBaAFODN4sH849b+IYU0fdidz9E+u7FRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE0zaXdmemoxdjRoaFRSOTJKM1AwVDY3c1ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lY2RkOTMtMWFhMC00YjlhLWI2YWEt
ZWNiMzEyNmZjOGVkLzEvTGZxaTJNeWJISGN4TnAxdTNDcTdMVGRZOS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lY2RkOTMtMWFhMC00YjlhLWI2YWEtZWNiMzEyNmZjOGVk
LzEvNE0zaXdmemoxdjRoaFRSOTJKM1AwVDY3c1ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY1uMA0G
CSqGSIb3DQEBCwUAA4IBAQBYgsV0+2w/S4RjFWq4b17EMS918BU1tNv6mkis/yFF
J0Kqb05AdMjhLbW2E9QnWjXV7Hqeo23Az2fQjvvQnRTLq+DTYMqp35Uh4ami2S5q
CsH7H3HD3t26lIp5B9t/OPghkW0dAy0CXbB8YX2trirVL7GaQr9j4gHif0LOnjtD
KNhFDaXLeoDmFEznyaqZo+vRQ6tA+4oX4mb3LI5fjwX1DTBVnXINGGTjUycg3FZh
DOqutYXauTyCBo9IKqGk09oPeQQhZ/1Nd+04b3LtLjtKdEuTHIkux/2YpbH+XQ/y
2lEZbgFbqC72RLxk+X1OxeT6tN0UWj2yg0K7+9h/+roO
-----END CERTIFICATE-----