Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/YVRtEYaRwVo1Iyhv5LQOR6CQ43Y.roa
File:                     YVRtEYaRwVo1Iyhv5LQOR6CQ43Y.roa (raw, json)
Hash identifier:          mh3XpYZA8TuKW7ZZqzrCPvRXCsqGU1aJxOrGgVlkl1g=
Subject key identifier:   61:54:6D:11:86:91:C1:5A:35:23:28:6F:E4:B4:0E:47:A0:90:E3:76
Certificate issuer:       /CN=e618eff923e35bf83792353c4633ca2300f75b6c
Certificate serial:       0190D98CC193844776CB22D58A304A715034
Authority key identifier: E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/YVRtEYaRwVo1Iyhv5LQOR6CQ43Y.roa
Signing time:             Mon 22 Jul 2024 08:26:38 +0000
ROA not before:           Mon 22 Jul 2024 08:26:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        185.218.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:8c:c1:93:84:47:76:cb:22:d5:8a:30:4a:71:50:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e618eff923e35bf83792353c4633ca2300f75b6c
        Validity
            Not Before: Jul 22 08:26:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61546d118691c15a3523286fe4b40e47a090e376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f3:aa:83:96:2f:f9:ea:7a:57:ee:44:3f:40:
                    49:75:07:ce:d3:33:3b:29:62:aa:0c:17:93:e0:d5:
                    d0:46:49:78:71:28:12:c8:0f:ef:a7:bc:2c:c2:8c:
                    5b:ca:d4:e0:d2:2e:f9:e8:4c:34:0f:39:7b:31:d2:
                    fa:41:f9:60:29:2b:7c:95:bb:f1:5f:c7:65:a4:35:
                    a1:02:24:d3:60:e6:5f:25:30:1c:b1:08:6c:f9:dd:
                    7a:58:7b:13:b0:90:46:13:5a:78:f9:3b:8c:f1:66:
                    1c:09:b0:46:e3:d9:4d:02:38:0f:d6:16:9c:81:da:
                    75:cc:09:2a:64:f5:0e:6d:c4:11:68:47:47:c0:53:
                    52:0f:a2:01:f9:8a:10:4e:bf:30:ec:2e:60:5d:39:
                    d5:8b:18:7a:70:c6:96:3a:65:4a:4e:9b:0e:d0:e7:
                    f2:2e:82:7d:b9:b6:9a:39:b8:d5:7d:82:0c:e7:b7:
                    b2:30:e9:10:f4:bf:66:2d:22:3d:1e:b7:b2:06:e9:
                    c3:81:06:2d:95:0a:dd:ec:d6:66:ea:2c:2f:ef:43:
                    f1:aa:3b:c9:b9:0f:8b:75:a0:69:4b:a2:9c:80:90:
                    d6:5c:c7:bc:e3:fe:7e:d5:70:da:82:5c:27:3c:28:
                    7a:0a:71:88:35:1c:bc:55:42:73:f4:36:47:9a:2b:
                    11:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:54:6D:11:86:91:C1:5A:35:23:28:6F:E4:B4:0E:47:A0:90:E3:76
            X509v3 Authority Key Identifier:
                keyid:E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/YVRtEYaRwVo1Iyhv5LQOR6CQ43Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c7:1d:62:d9:d7:43:8b:e1:e4:bb:97:eb:b8:17:a2:9a:d6:
         2a:9f:44:87:ba:0a:e9:6b:0a:e0:8c:f0:bf:d6:a2:3a:d4:64:
         2e:bc:f5:9b:23:fe:ec:d2:3f:2f:8f:2b:c3:79:fe:1f:34:c5:
         ea:56:5b:74:00:c8:de:62:1c:c9:17:2e:00:a0:43:72:de:b4:
         16:1e:69:7e:2e:88:31:3f:81:63:2d:7a:f8:9c:ae:ee:fb:68:
         38:48:7a:74:1b:7c:17:db:ec:9d:6e:73:ca:71:4f:49:5e:36:
         84:d5:24:ac:d6:63:2e:8b:71:8a:02:23:ff:b3:9f:55:0c:89:
         e5:a8:f1:09:dc:35:cf:e8:1c:c0:93:25:3c:99:d2:7b:17:13:
         7e:a2:23:9a:db:f4:56:ce:32:19:44:a3:90:94:11:b0:bb:18:
         b4:b4:2d:c7:1b:6b:f2:c9:24:b2:b8:48:fb:97:69:95:b9:55:
         b9:81:42:d6:98:83:f4:0d:b5:08:ba:08:12:03:93:a1:f5:3f:
         2e:b7:d7:a6:64:8b:e6:83:fa:a7:0d:3a:e8:6c:f1:17:a9:59:
         04:d9:e4:13:18:9a:f9:b4:f8:6f:f5:56:56:d9:00:45:5c:38:
         82:5b:1d:63:e0:af:2d:e2:a7:de:64:bb:d2:e0:a0:16:52:92:
         b4:5d:66:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZjMGThEd2yyLVijBKcVA0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MThlZmY5MjNlMzViZjgzNzkyMzUzYzQ2MzNjYTIzMDBm
NzViNmMwHhcNMjQwNzIyMDgyNjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTU0NmQxMTg2OTFjMTVhMzUyMzI4NmZlNGI0MGU0N2EwOTBlMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vOqg5Yv+ep6V+5EP0BJdQfO0zM7
KWKqDBeT4NXQRkl4cSgSyA/vp7wswoxbytTg0i756Ew0Dzl7MdL6QflgKSt8lbvx
X8dlpDWhAiTTYOZfJTAcsQhs+d16WHsTsJBGE1p4+TuM8WYcCbBG49lNAjgP1hac
gdp1zAkqZPUObcQRaEdHwFNSD6IB+YoQTr8w7C5gXTnVixh6cMaWOmVKTpsO0Ofy
LoJ9ubaaObjVfYIM57eyMOkQ9L9mLSI9HreyBunDgQYtlQrd7NZm6iwv70PxqjvJ
uQ+LdaBpS6KcgJDWXMe84/5+1XDaglwnPCh6CnGINRy8VUJz9DZHmisR4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFUbRGGkcFaNSMob+S0DkegkON2MB8GA1UdIwQY
MBaAFOYY7/kj41v4N5I1PEYzyiMA91tsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUt
ZGVkYzVhNjk2NGZjLzEvWVZSdEVZYVJ3Vm8xSXlodjVMUU9SNkNRNDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUtZGVkYzVhNjk2NGZj
LzEvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqOMA0G
CSqGSIb3DQEBCwUAA4IBAQAExx1i2ddDi+Hku5fruBeimtYqn0SHugrpawrgjPC/
1qI61GQuvPWbI/7s0j8vjyvDef4fNMXqVlt0AMjeYhzJFy4AoENy3rQWHml+Logx
P4FjLXr4nK7u+2g4SHp0G3wX2+ydbnPKcU9JXjaE1SSs1mMui3GKAiP/s59VDInl
qPEJ3DXP6BzAkyU8mdJ7FxN+oiOa2/RWzjIZRKOQlBGwuxi0tC3HG2vyySSyuEj7
l2mVuVW5gULWmIP0DbUIuggSA5Oh9T8ut9emZIvmg/qnDTrobPEXqVkE2eQTGJr5
tPhv9VZW2QBFXDiCWx1j4K8t4qfeZLvS4KAWUpK0XWZB
-----END CERTIFICATE-----