Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/Dn4pmDyTEk71iTwWt1FslcoBmyE.roa
File:                     Dn4pmDyTEk71iTwWt1FslcoBmyE.roa (raw, json)
Hash identifier:          Wrq9goq2ggGK0Jjks3kuzpCj/c4karWQ/wmp9x+/Cmo=
Subject key identifier:   0E:7E:29:98:3C:93:12:4E:F5:89:3C:16:B7:51:6C:95:CA:01:9B:21
Certificate issuer:       /CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
Certificate serial:       018CC793F1615C70AAF9288C75B5434E850D
Authority key identifier: 28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/Dn4pmDyTEk71iTwWt1FslcoBmyE.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.119.223.0/24 maxlen: 24
                          185.119.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f1:61:5c:70:aa:f9:28:8c:75:b5:43:4e:85:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e7e29983c93124ef5893c16b7516c95ca019b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e6:76:2f:30:72:f7:ab:e8:85:12:5c:b0:98:
                    e7:f8:b9:fd:2f:a1:37:c2:f9:19:b2:cf:1b:ac:b2:
                    27:3d:31:da:60:50:0b:d0:a9:7e:88:ca:96:ed:8d:
                    64:2f:82:46:71:dd:94:8e:e1:c0:c8:f0:7c:b1:71:
                    e9:27:d0:80:17:6f:0c:db:f6:b9:53:a2:a3:1c:e7:
                    c0:ec:5b:99:7e:7f:63:c3:33:05:c1:ef:97:8e:53:
                    06:9b:df:40:ba:54:5f:63:4d:50:21:de:b0:6b:cc:
                    cd:8f:41:1a:5d:96:c8:ec:51:f9:cb:60:3f:91:c6:
                    72:e1:74:e5:89:48:fb:46:69:7a:a8:db:39:4c:1a:
                    8d:d6:96:18:e8:1f:95:e7:30:40:ec:53:3b:49:64:
                    09:e7:1b:87:1e:33:ca:26:f0:be:49:b8:6d:c1:8e:
                    47:64:0b:dd:86:5b:e0:3f:70:37:03:7a:42:2b:73:
                    c7:1f:b0:d4:4e:0b:ff:c9:05:56:91:c1:4e:09:d2:
                    f4:00:bf:d1:3a:26:f1:ed:32:bc:3f:21:fe:de:31:
                    2c:fa:79:28:dd:d8:78:c2:2a:1a:85:45:21:8b:88:
                    09:df:0b:dd:98:a0:08:d7:3f:00:51:f0:ab:76:ef:
                    ab:31:76:18:35:d3:03:74:8d:80:6b:4b:13:12:d6:
                    5a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7E:29:98:3C:93:12:4E:F5:89:3C:16:B7:51:6C:95:CA:01:9B:21
            X509v3 Authority Key Identifier:
                keyid:28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/Dn4pmDyTEk71iTwWt1FslcoBmyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.221.0/24
                  185.119.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:99:f3:db:b9:b5:7f:24:3c:c8:80:7f:9e:eb:64:c8:da:42:
         89:dd:74:67:e9:5f:c6:50:4f:ea:7b:78:09:d6:45:76:c8:45:
         ee:cc:ea:cd:37:15:a3:f5:2e:87:78:74:a3:2a:d5:2e:2a:0a:
         f8:07:7c:1e:4e:14:93:7d:27:84:d1:a1:0b:b8:0a:42:40:7c:
         5d:e8:35:e7:cc:cd:0b:c0:61:f4:15:11:07:cd:f4:80:4e:91:
         a9:63:f0:b8:2e:80:bc:eb:f7:ac:06:db:87:8e:52:85:b6:30:
         f0:1b:05:ab:b4:b9:2b:12:ce:59:9d:04:2a:12:39:6e:37:aa:
         d5:8e:a7:7b:9d:96:cd:b6:19:05:ed:b1:e2:f5:fb:d0:51:12:
         9d:19:5e:62:29:22:a4:14:ab:69:f9:b9:fd:b1:66:4a:2f:73:
         c9:59:b1:7c:9a:77:cb:4e:a4:ed:4f:48:7a:d0:01:ab:69:a7:
         ef:0c:59:19:44:2d:d3:0e:ad:b4:c5:36:07:85:f4:df:f1:4a:
         f2:ca:a6:03:4e:0c:ea:6d:28:d5:a4:37:e3:ba:95:a8:4a:5e:
         6c:7d:c7:be:6d:35:e3:9f:81:34:ac:64:dc:d4:dd:4b:43:80:
         b9:89:7a:88:b7:26:c2:aa:a0:fe:9c:5d:ca:a0:2a:1a:5e:63:
         93:58:3f:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk/FhXHCq+SiMdbVDToUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YjBmZjc5OThjYTg4NTRjZTdjNDc1YTk3MmVkMWQ1MmE1
YzYwY2QwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTdlMjk5ODNjOTMxMjRlZjU4OTNjMTZiNzUxNmM5NWNhMDE5YjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquZ2LzBy96vohRJcsJjn+Ln9L6E3
wvkZss8brLInPTHaYFAL0Kl+iMqW7Y1kL4JGcd2UjuHAyPB8sXHpJ9CAF28M2/a5
U6KjHOfA7FuZfn9jwzMFwe+XjlMGm99AulRfY01QId6wa8zNj0EaXZbI7FH5y2A/
kcZy4XTliUj7Rml6qNs5TBqN1pYY6B+V5zBA7FM7SWQJ5xuHHjPKJvC+SbhtwY5H
ZAvdhlvgP3A3A3pCK3PHH7DUTgv/yQVWkcFOCdL0AL/ROibx7TK8PyH+3jEs+nko
3dh4wioahUUhi4gJ3wvdmKAI1z8AUfCrdu+rMXYYNdMDdI2Aa0sTEtZazQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5+KZg8kxJO9Yk8FrdRbJXKAZshMB8GA1UdIwQY
MBaAFCiw/3mYyohUznxHWpcu0dUqXGDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDIt
MjY3NTQ3ZWExZTM1LzEvRG40cG1EeVRFazcxaVR3V3QxRnNsY29CbXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDItMjY3NTQ3ZWExZTM1
LzEvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXfdAwQA
uXffMA0GCSqGSIb3DQEBCwUAA4IBAQCjmfPbubV/JDzIgH+e62TI2kKJ3XRn6V/G
UE/qe3gJ1kV2yEXuzOrNNxWj9S6HeHSjKtUuKgr4B3weThSTfSeE0aELuApCQHxd
6DXnzM0LwGH0FREHzfSATpGpY/C4LoC86/esBtuHjlKFtjDwGwWrtLkrEs5ZnQQq
EjluN6rVjqd7nZbNthkF7bHi9fvQURKdGV5iKSKkFKtp+bn9sWZKL3PJWbF8mnfL
TqTtT0h60AGraafvDFkZRC3TDq20xTYHhfTf8UryyqYDTgzqbSjVpDfjupWoSl5s
fce+bTXjn4E0rGTc1N1LQ4C5iXqItybCqqD+nF3KoCoaXmOTWD/H
-----END CERTIFICATE-----