Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/Dc2_2WsX5e8J8gLXurJD8jDI48E.roa
File:                     Dc2_2WsX5e8J8gLXurJD8jDI48E.roa (raw, json)
Hash identifier:          aFynEetzXAmDXTVkAaOHH/14NdyuOqpW9BRKvAJcrFY=
Subject key identifier:   0D:CD:BF:D9:6B:17:E5:EF:09:F2:02:D7:BA:B2:43:F2:30:C8:E3:C1
Certificate issuer:       /CN=5c29cba2dacf0ef9fa22090032bb159a109140f0
Certificate serial:       018CC42511E2FF78E2D7FA343A7B59927E2E
Authority key identifier: 5C:29:CB:A2:DA:CF:0E:F9:FA:22:09:00:32:BB:15:9A:10:91:40:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XCnLotrPDvn6IgkAMrsVmhCRQPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/Dc2_2WsX5e8J8gLXurJD8jDI48E.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57292
IP address blocks:        185.130.79.0/24 maxlen: 24
                          185.130.77.0/24 maxlen: 24
                          185.130.78.0/24 maxlen: 24
                          185.130.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/XCnLotrPDvn6IgkAMrsVmhCRQPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/XCnLotrPDvn6IgkAMrsVmhCRQPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XCnLotrPDvn6IgkAMrsVmhCRQPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:11:e2:ff:78:e2:d7:fa:34:3a:7b:59:92:7e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c29cba2dacf0ef9fa22090032bb159a109140f0
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dcdbfd96b17e5ef09f202d7bab243f230c8e3c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:27:6e:47:50:a8:83:c3:99:26:ff:6a:6a:3d:
                    28:8d:2e:7e:de:a5:32:aa:8f:6b:9c:a8:ec:3e:1a:
                    43:a8:64:6b:df:08:fd:4d:0b:36:d4:6f:04:a8:86:
                    cb:c5:fc:8e:f1:a1:cb:07:2a:99:61:2e:42:78:fe:
                    ad:21:0b:24:0d:f4:29:29:24:d2:fe:db:c3:b5:9c:
                    7c:ed:d6:a4:b6:52:75:0e:5a:b3:d4:d3:90:43:6a:
                    23:41:4d:ce:bf:fd:57:85:33:43:80:66:41:5e:19:
                    a7:ca:57:45:56:35:12:4d:80:5b:9a:b1:05:b6:f1:
                    fc:a4:5f:76:13:fa:ec:67:ab:ea:e3:46:f6:62:4f:
                    3d:ef:16:62:e0:e8:f1:64:7b:b3:34:4a:fb:a9:0a:
                    e3:ea:3c:68:49:d8:69:fb:61:3e:95:9b:98:ff:34:
                    5d:04:5d:60:15:62:56:5f:7c:0d:40:c8:67:c0:b0:
                    fe:b0:ff:33:cb:4c:97:9b:bb:a7:4d:72:4c:02:aa:
                    86:08:9e:f2:69:7a:09:91:4f:06:f7:74:76:2a:63:
                    ff:5b:57:eb:6c:76:43:0c:82:3a:33:e7:2d:b9:ed:
                    cb:b8:94:57:c7:5d:86:a5:bf:55:48:58:e3:51:be:
                    9c:c0:20:6b:b1:d2:c9:f7:54:23:b6:58:55:2c:3e:
                    13:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:CD:BF:D9:6B:17:E5:EF:09:F2:02:D7:BA:B2:43:F2:30:C8:E3:C1
            X509v3 Authority Key Identifier:
                keyid:5C:29:CB:A2:DA:CF:0E:F9:FA:22:09:00:32:BB:15:9A:10:91:40:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XCnLotrPDvn6IgkAMrsVmhCRQPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/Dc2_2WsX5e8J8gLXurJD8jDI48E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/729fda-d852-4aca-9aff-6d1fa42d0b80/1/XCnLotrPDvn6IgkAMrsVmhCRQPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:e2:3e:d3:bb:a6:16:10:bb:b8:ad:a0:2f:63:d7:2c:9e:e1:
         fa:b3:e8:2d:ed:b1:87:b8:fc:b9:70:a2:14:e2:60:ad:51:89:
         ac:88:33:0d:c1:a2:69:7e:98:80:b5:75:f9:3b:4b:c3:74:7d:
         16:a7:07:c0:30:fd:c1:8c:8b:db:c9:95:14:9f:53:c9:c2:4c:
         41:9f:5f:90:40:e8:f3:6b:7d:87:0e:1d:85:6c:c0:d2:cb:c7:
         56:5b:8b:34:92:71:86:4a:cb:05:a8:54:9b:ec:19:94:7f:44:
         e4:f7:a2:d6:70:d3:c5:a7:aa:62:0f:8f:60:bb:62:92:9a:3e:
         cc:bf:db:d8:4b:d7:a0:9e:59:ed:7d:21:6a:5c:70:86:dc:b9:
         b3:38:8b:c3:32:c0:5e:84:ea:04:36:7b:bc:22:01:4c:35:98:
         6b:58:bf:96:25:83:95:80:64:36:fe:31:59:2c:61:1b:c4:f6:
         45:98:4e:ea:09:6d:70:c0:15:80:c2:c8:78:10:19:34:e7:b9:
         2f:1a:43:8a:92:5d:48:82:b4:a3:f9:22:d9:5c:d1:24:92:05:
         bf:ad:cc:7b:a4:fa:49:b9:34:16:28:8c:87:ad:73:57:d9:73:
         f4:dd:cd:ca:cb:d9:d4:7c:d5:5a:c5:6c:91:3a:4c:ef:fb:dd:
         f1:84:55:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRHi/3ji1/o0OntZkn4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMjljYmEyZGFjZjBlZjlmYTIyMDkwMDMyYmIxNTlhMTA5
MTQwZjAwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGNkYmZkOTZiMTdlNWVmMDlmMjAyZDdiYWIyNDNmMjMwYzhlM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSduR1Cog8OZJv9qaj0ojS5+3qUy
qo9rnKjsPhpDqGRr3wj9TQs21G8EqIbLxfyO8aHLByqZYS5CeP6tIQskDfQpKSTS
/tvDtZx87daktlJ1Dlqz1NOQQ2ojQU3Ov/1XhTNDgGZBXhmnyldFVjUSTYBbmrEF
tvH8pF92E/rsZ6vq40b2Yk897xZi4OjxZHuzNEr7qQrj6jxoSdhp+2E+lZuY/zRd
BF1gFWJWX3wNQMhnwLD+sP8zy0yXm7unTXJMAqqGCJ7yaXoJkU8G93R2KmP/W1fr
bHZDDII6M+ctue3LuJRXx12Gpb9VSFjjUb6cwCBrsdLJ91QjtlhVLD4TVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3Nv9lrF+XvCfIC17qyQ/IwyOPBMB8GA1UdIwQY
MBaAFFwpy6Lazw75+iIJADK7FZoQkUDwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWENuTG90clBEdm42SWdrQU1yc1ZtaENSUVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MjlmZGEtZDg1Mi00YWNhLTlhZmYt
NmQxZmE0MmQwYjgwLzEvRGMyXzJXc1g1ZThKOGdMWHVySkQ4akRJNDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MjlmZGEtZDg1Mi00YWNhLTlhZmYtNmQxZmE0MmQwYjgw
LzEvWENuTG90clBEdm42SWdrQU1yc1ZtaENSUVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYJMMA0G
CSqGSIb3DQEBCwUAA4IBAQAW4j7Tu6YWELu4raAvY9csnuH6s+gt7bGHuPy5cKIU
4mCtUYmsiDMNwaJpfpiAtXX5O0vDdH0WpwfAMP3BjIvbyZUUn1PJwkxBn1+QQOjz
a32HDh2FbMDSy8dWW4s0knGGSssFqFSb7BmUf0Tk96LWcNPFp6piD49gu2KSmj7M
v9vYS9egnlntfSFqXHCG3LmzOIvDMsBehOoENnu8IgFMNZhrWL+WJYOVgGQ2/jFZ
LGEbxPZFmE7qCW1wwBWAwsh4EBk057kvGkOKkl1IgrSj+SLZXNEkkgW/rcx7pPpJ
uTQWKIyHrXNX2XP03c3Ky9nUfNVaxWyROkzv+93xhFWH
-----END CERTIFICATE-----