Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/2eiBe-YvumNiX53d4cu8M055i-E.roa
File:                     2eiBe-YvumNiX53d4cu8M055i-E.roa (raw, json)
Hash identifier:          EP36YLWN1HyMZ46/gLn5uEJ3Pk+dywnfnNeYJrL+PNM=
Subject key identifier:   D9:E8:81:7B:E6:2F:BA:63:62:5F:9D:DD:E1:CB:BC:33:4E:79:8B:E1
Certificate issuer:       /CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
Certificate serial:       018CCA2B69A4F1379C7647969F131CA09750
Authority key identifier: 0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/2eiBe-YvumNiX53d4cu8M055i-E.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.230.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:69:a4:f1:37:9c:76:47:96:9f:13:1c:a0:97:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9e8817be62fba63625f9ddde1cbbc334e798be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4b:05:53:f2:4f:f8:a0:9a:e8:13:27:54:44:
                    f6:11:90:2a:58:83:6c:05:4b:90:26:56:3d:2b:58:
                    7c:d7:42:34:eb:2a:e3:ab:d4:02:2f:6b:2f:52:40:
                    0a:e1:4d:6c:37:50:54:41:8a:62:9d:a5:8b:d9:46:
                    87:cf:d7:17:01:55:ee:10:3d:77:ee:31:fe:4f:83:
                    5e:82:24:46:7f:4b:52:40:f8:21:a3:9e:f5:26:20:
                    e8:08:5d:ee:bc:1c:e9:5e:bd:b4:86:f1:80:34:7d:
                    72:65:3b:4f:69:47:48:08:d8:cb:84:41:1a:f2:81:
                    44:f0:48:69:cf:e2:df:f7:42:db:95:9a:31:79:07:
                    e2:17:36:8a:dd:af:a4:f4:b0:21:5f:16:78:09:5b:
                    2b:bb:be:38:86:94:f6:44:85:27:f3:0f:3f:36:b1:
                    b6:c7:e2:81:1c:df:a2:33:f3:c1:62:c2:b6:f9:ab:
                    54:be:01:ab:a3:c2:82:fa:50:50:ce:70:31:91:c5:
                    b3:2f:ed:cb:be:80:be:7f:6b:ce:06:56:6c:8f:50:
                    08:5b:e5:d4:e8:b2:e7:8a:a4:89:4a:53:b4:17:32:
                    68:b4:0e:df:07:b0:93:8f:32:4f:ed:f5:42:24:cc:
                    bf:04:a1:9b:72:c8:2e:4b:85:5f:89:60:0f:e7:e4:
                    80:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E8:81:7B:E6:2F:BA:63:62:5F:9D:DD:E1:CB:BC:33:4E:79:8B:E1
            X509v3 Authority Key Identifier:
                keyid:0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/2eiBe-YvumNiX53d4cu8M055i-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:67:92:90:35:53:91:73:f8:ec:f1:0a:0c:3b:8f:d1:9f:e5:
         80:c7:21:fc:82:0c:65:fc:de:34:ff:79:e5:13:77:e1:b1:83:
         1c:60:0e:32:6b:49:e2:69:b3:dd:ac:bb:c4:cd:e8:95:ed:70:
         72:e4:70:50:d6:fa:27:0c:d8:60:4e:b7:41:66:f6:22:2b:bf:
         da:a3:e2:9c:11:de:3e:8d:ab:f9:e9:d9:d9:c7:74:3b:c4:b0:
         78:5b:28:38:25:e9:c8:56:a1:8b:d7:94:cb:53:17:fb:c9:00:
         78:7f:93:81:c5:c9:b0:c6:b8:34:86:37:6d:59:a5:69:ff:0c:
         8a:72:da:36:5a:0f:fa:07:0f:83:5f:04:29:96:02:d0:7c:76:
         87:23:b1:2f:a1:b1:97:ff:03:f3:9b:d9:24:66:8d:51:af:d9:
         23:a3:54:ce:28:c9:0e:f8:46:ca:0a:c8:58:f6:93:5f:31:0d:
         4f:f7:80:d8:c1:97:80:d2:bd:27:4b:0f:81:d2:52:f8:fa:c3:
         13:26:6c:b0:7d:3b:ad:9f:ff:ab:f5:07:a3:c6:bd:0b:3d:c1:
         29:90:5a:9d:f9:a1:19:4d:d1:f8:59:45:ea:64:f6:a0:85:29:
         72:ac:3e:e4:f6:39:fa:9c:54:61:ef:17:46:66:c2:80:aa:ad:
         e4:2c:a9:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2mk8TecdkeWnxMcoJdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlODMxZmQ3MGM2YmQzN2EyYTc1ZDdhMGVhYzAzMWM5MmRh
OGUxODUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU4ODE3YmU2MmZiYTYzNjI1ZjlkZGRlMWNiYmMzMzRlNzk4YmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEsFU/JP+KCa6BMnVET2EZAqWINs
BUuQJlY9K1h810I06yrjq9QCL2svUkAK4U1sN1BUQYpinaWL2UaHz9cXAVXuED13
7jH+T4NegiRGf0tSQPgho571JiDoCF3uvBzpXr20hvGANH1yZTtPaUdICNjLhEEa
8oFE8Ehpz+Lf90LblZoxeQfiFzaK3a+k9LAhXxZ4CVsru744hpT2RIUn8w8/NrG2
x+KBHN+iM/PBYsK2+atUvgGro8KC+lBQznAxkcWzL+3LvoC+f2vOBlZsj1AIW+XU
6LLniqSJSlO0FzJotA7fB7CTjzJP7fVCJMy/BKGbcsguS4VfiWAP5+SACwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnogXvmL7pjYl+d3eHLvDNOeYvhMB8GA1UdIwQY
MBaAFA6DH9cMa9N6KnXXoOrAMcktqOGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEt
ZTY3NTgyZjIzMDk3LzEvMmVpQmUtWXZ1bU5pWDUzZDRjdThNMDU1aS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEtZTY3NTgyZjIzMDk3
LzEvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueZnMA0G
CSqGSIb3DQEBCwUAA4IBAQBsZ5KQNVORc/js8QoMO4/Rn+WAxyH8ggxl/N40/3nl
E3fhsYMcYA4ya0niabPdrLvEzeiV7XBy5HBQ1vonDNhgTrdBZvYiK7/ao+KcEd4+
jav56dnZx3Q7xLB4Wyg4JenIVqGL15TLUxf7yQB4f5OBxcmwxrg0hjdtWaVp/wyK
cto2Wg/6Bw+DXwQplgLQfHaHI7EvobGX/wPzm9kkZo1Rr9kjo1TOKMkO+EbKCshY
9pNfMQ1P94DYwZeA0r0nSw+B0lL4+sMTJmywfTutn/+r9Qejxr0LPcEpkFqd+aEZ
TdH4WUXqZPaghSlyrD7k9jn6nFRh7xdGZsKAqq3kLKlW
-----END CERTIFICATE-----