Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/0NCBB1EVTJYHifgmM7E7rBOVhWE.roa
File:                     0NCBB1EVTJYHifgmM7E7rBOVhWE.roa (raw, json)
Hash identifier:          xXtvRZ+O4A6Lgj7z0RgWOmE79cvAliXW5idwtaE71is=
Subject key identifier:   D0:D0:81:07:51:15:4C:96:07:89:F8:26:33:B1:3B:AC:13:95:85:61
Certificate issuer:       /CN=2b003e583bdb2511ff57ab7a32fce741334b343b
Certificate serial:       0194206838712980A41A088DCC981211AF36
Authority key identifier: 2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/0NCBB1EVTJYHifgmM7E7rBOVhWE.roa
Signing time:             Wed 01 Jan 2025 05:48:08 +0000
ROA not before:           Wed 01 Jan 2025 05:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200989
IP address blocks:        185.83.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 11:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:38:71:29:80:a4:1a:08:8d:cc:98:12:11:af:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b003e583bdb2511ff57ab7a32fce741334b343b
        Validity
            Not Before: Jan  1 05:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0d0810751154c960789f82633b13bac13958561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d3:71:cd:ab:5c:cd:2a:2f:ce:03:d0:1f:ab:
                    73:fe:c4:9b:02:e6:d3:1b:12:48:7b:ff:a0:0b:bb:
                    f8:d5:5d:3d:b0:59:a4:78:b5:7e:e5:e1:cc:92:65:
                    4a:0c:51:31:df:50:af:95:61:70:3a:6b:e5:25:d8:
                    d8:d7:79:32:0b:03:76:c7:6c:01:7e:40:80:0d:6f:
                    0f:09:e7:44:6d:18:5d:21:2e:35:82:a9:12:90:9d:
                    84:84:8a:92:d7:af:05:de:3d:9c:2c:88:91:4a:95:
                    bd:24:5b:3e:8f:2e:ba:69:1c:85:7f:ad:c7:35:9d:
                    09:e8:c5:df:c6:cf:7c:a3:04:48:61:ed:4a:a6:63:
                    d8:10:bf:a8:73:0f:63:db:0d:dc:be:db:c4:49:42:
                    7d:69:1f:a8:9d:bb:23:bc:21:16:10:51:ad:db:08:
                    71:37:aa:fc:ba:52:0b:b3:3a:e8:8e:da:67:ca:ad:
                    e0:bf:23:23:a1:83:7d:e9:f5:82:0e:6d:e2:84:d0:
                    71:1f:1f:eb:88:20:0f:78:1e:0b:0e:d9:2e:9c:cd:
                    d2:8f:5c:25:ef:4d:e7:19:c0:22:d5:bf:fb:cb:1a:
                    16:96:fd:44:fe:c2:54:48:0b:ec:c4:e1:4a:9b:fe:
                    d8:d1:6b:9b:85:23:62:91:2f:22:38:d4:a1:36:9c:
                    81:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D0:81:07:51:15:4C:96:07:89:F8:26:33:B1:3B:AC:13:95:85:61
            X509v3 Authority Key Identifier:
                keyid:2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/0NCBB1EVTJYHifgmM7E7rBOVhWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:b5:4e:8e:81:54:b4:39:de:8f:44:d2:f0:4e:df:32:ad:f1:
         a1:b2:38:6c:9f:27:d5:a2:e7:f5:eb:18:0c:62:bb:0f:07:d2:
         6c:1e:c9:10:06:f9:3c:41:6c:63:f2:a8:7b:48:64:cc:05:25:
         43:00:cf:d9:f9:16:f3:05:52:08:41:48:86:dd:60:c0:97:b4:
         6a:46:c8:6a:8c:7d:a3:57:98:73:73:87:b4:ad:ed:44:56:03:
         55:b2:67:7f:c8:3d:45:1b:dd:84:6c:a6:4e:d9:ef:88:31:a5:
         17:05:7b:11:c5:bb:ef:97:92:ba:a5:2b:5e:08:69:58:52:e9:
         9f:2f:9b:e9:07:0c:b6:a4:be:f5:97:d2:86:ea:f3:e4:11:23:
         16:b6:0b:d3:cc:ed:69:b0:91:e8:52:7d:4d:4a:f0:62:24:41:
         df:51:b6:b4:43:32:c7:47:2e:40:bd:91:41:0d:4e:2e:40:98:
         87:3b:f3:82:cb:d3:ff:a1:d5:b3:1c:7e:16:f4:0d:70:64:2b:
         25:bf:b2:dd:01:b4:d1:c3:5e:7c:53:0f:74:49:47:f7:e3:52:
         01:12:de:58:d9:6f:9a:60:ae:dd:91:16:46:06:ff:44:a3:2a:
         0d:46:96:3a:3e:79:44:46:b7:19:ee:9f:cd:f8:de:41:b2:a5:
         14:66:31:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDhxKYCkGgiNzJgSEa82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDAzZTU4M2JkYjI1MTFmZjU3YWI3YTMyZmNlNzQxMzM0
YjM0M2IwHhcNMjUwMTAxMDU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQwODEwNzUxMTU0Yzk2MDc4OWY4MjYzM2IxM2JhYzEzOTU4NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9NxzatczSovzgPQH6tz/sSbAubT
GxJIe/+gC7v41V09sFmkeLV+5eHMkmVKDFEx31CvlWFwOmvlJdjY13kyCwN2x2wB
fkCADW8PCedEbRhdIS41gqkSkJ2EhIqS168F3j2cLIiRSpW9JFs+jy66aRyFf63H
NZ0J6MXfxs98owRIYe1KpmPYEL+ocw9j2w3cvtvESUJ9aR+onbsjvCEWEFGt2whx
N6r8ulILszrojtpnyq3gvyMjoYN96fWCDm3ihNBxHx/riCAPeB4LDtkunM3Sj1wl
703nGcAi1b/7yxoWlv1E/sJUSAvsxOFKm/7Y0WubhSNikS8iONShNpyBtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDQgQdRFUyWB4n4JjOxO6wTlYVhMB8GA1UdIwQY
MBaAFCsAPlg72yUR/1erejL850EzSzQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEt
MDU4YmJmOWQ1ZTI3LzEvME5DQkIxRVZUSllIaWZnbU03RTdyQk9WaFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEtMDU4YmJmOWQ1ZTI3
LzEvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVMFMA0G
CSqGSIb3DQEBCwUAA4IBAQAStU6OgVS0Od6PRNLwTt8yrfGhsjhsnyfVouf16xgM
YrsPB9JsHskQBvk8QWxj8qh7SGTMBSVDAM/Z+RbzBVIIQUiG3WDAl7RqRshqjH2j
V5hzc4e0re1EVgNVsmd/yD1FG92EbKZO2e+IMaUXBXsRxbvvl5K6pSteCGlYUumf
L5vpBwy2pL71l9KG6vPkESMWtgvTzO1psJHoUn1NSvBiJEHfUba0QzLHRy5AvZFB
DU4uQJiHO/OCy9P/odWzHH4W9A1wZCslv7LdAbTRw158Uw90SUf341IBEt5Y2W+a
YK7dkRZGBv9EoyoNRpY6PnlERrcZ7p/N+N5BsqUUZjEw
-----END CERTIFICATE-----