Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/lU2IsUOEjm0fm6x1yuUA4tl6NbE.roa
File:                     lU2IsUOEjm0fm6x1yuUA4tl6NbE.roa (raw, json)
Hash identifier:          83lQkY0NOtgGgcubGvE5n5buopt73RkN9GcVwCxPoNU=
Subject key identifier:   95:4D:88:B1:43:84:8E:6D:1F:9B:AC:75:CA:E5:00:E2:D9:7A:35:B1
Certificate issuer:       /CN=e2344ba6340961da5eeb4ae239e9a06267793e2e
Certificate serial:       018CC50152E9C86985F373861E39FE7C559D
Authority key identifier: E2:34:4B:A6:34:09:61:DA:5E:EB:4A:E2:39:E9:A0:62:67:79:3E:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4jRLpjQJYdpe60riOemgYmd5Pi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/lU2IsUOEjm0fm6x1yuUA4tl6NbE.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57717
IP address blocks:        185.237.100.0/24 maxlen: 24
                          185.225.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/4jRLpjQJYdpe60riOemgYmd5Pi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/4jRLpjQJYdpe60riOemgYmd5Pi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4jRLpjQJYdpe60riOemgYmd5Pi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:52:e9:c8:69:85:f3:73:86:1e:39:fe:7c:55:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2344ba6340961da5eeb4ae239e9a06267793e2e
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=954d88b143848e6d1f9bac75cae500e2d97a35b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:72:b5:7a:b9:22:10:b5:db:4e:bc:18:ea:e0:
                    dc:92:5f:d7:fd:bb:bf:ec:29:7a:5a:a9:ca:9a:ca:
                    cc:eb:42:e4:77:dc:3e:e8:d0:fd:4b:84:27:a1:79:
                    59:35:e1:2b:8d:ae:2d:eb:54:24:5c:a9:22:e9:e0:
                    55:14:56:48:19:b0:41:52:46:94:25:e4:67:1c:f1:
                    90:88:44:cd:f2:3c:bc:81:1e:4a:ed:a1:13:26:cd:
                    57:48:48:a9:dd:fd:c6:7c:5b:02:20:f2:c3:bc:95:
                    d7:77:ad:d5:64:5c:01:ad:fd:a6:38:35:7e:e6:46:
                    dc:dd:40:53:a2:ba:32:1a:a7:29:d7:af:e9:20:44:
                    aa:b0:3f:e6:e2:84:b8:5a:da:c5:1e:2c:d9:2e:34:
                    4b:50:4f:17:88:3b:37:bf:98:d3:26:a4:ab:4a:e7:
                    e6:f5:03:aa:49:a8:45:ce:d1:bf:8d:5f:77:6c:ba:
                    f1:91:4c:0f:e5:80:d4:f1:e2:b0:75:cb:d4:a9:19:
                    7f:2b:d8:4d:ed:e0:be:39:45:65:a4:1e:ca:09:57:
                    a5:8c:38:32:ac:88:28:5e:62:65:80:1f:8d:93:ce:
                    19:04:74:86:c0:97:84:43:17:a5:df:53:c1:30:ee:
                    2d:f2:42:1b:bc:06:ff:79:3e:48:8a:39:a0:54:30:
                    71:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4D:88:B1:43:84:8E:6D:1F:9B:AC:75:CA:E5:00:E2:D9:7A:35:B1
            X509v3 Authority Key Identifier:
                keyid:E2:34:4B:A6:34:09:61:DA:5E:EB:4A:E2:39:E9:A0:62:67:79:3E:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4jRLpjQJYdpe60riOemgYmd5Pi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/lU2IsUOEjm0fm6x1yuUA4tl6NbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/44ec43-5935-4ab2-b13d-02eb9a412637/1/4jRLpjQJYdpe60riOemgYmd5Pi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.112.0/24
                  185.237.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:03:64:77:01:99:cd:c4:76:73:57:a9:a8:81:03:05:16:47:
         c7:e5:b2:a6:72:75:cb:b8:13:e9:b4:b4:93:82:80:04:a3:e5:
         c8:90:31:5e:61:c1:7b:85:2e:be:28:15:7d:29:6e:b3:f8:59:
         c3:0e:2d:aa:e2:25:fa:c8:ba:d5:a4:85:56:f4:cb:61:70:e2:
         d1:6e:e4:65:d5:e7:46:eb:4c:0f:57:35:0e:37:f5:e4:c7:29:
         68:55:55:5e:a0:2c:e2:e4:55:ce:dc:9b:ce:1c:c8:76:e0:df:
         b3:e6:74:a7:72:c3:54:a3:15:aa:88:5f:1f:88:d8:9a:91:7d:
         15:c1:d5:8e:d7:1f:0c:54:99:a8:6d:be:c4:3e:b3:4b:d4:2a:
         27:c3:01:c8:b3:e1:ca:59:a4:9d:e2:81:a6:d5:da:bc:63:37:
         bf:17:44:b4:14:3b:ed:51:7b:c6:3a:04:df:c3:88:ff:32:bc:
         00:2e:35:71:27:fd:d4:79:fa:38:dd:d3:ea:1c:87:bb:88:af:
         b7:e6:3d:c2:2c:a9:11:2b:97:8e:1e:9e:78:72:d5:a3:b8:77:
         21:76:fd:bf:72:39:c3:8a:c8:f2:9c:db:12:49:9a:48:dc:45:
         10:a0:d5:0d:86:eb:94:ab:06:09:e2:de:ad:f6:3c:d5:b2:49:
         83:c3:3a:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAVLpyGmF83OGHjn+fFWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMzQ0YmE2MzQwOTYxZGE1ZWViNGFlMjM5ZTlhMDYyNjc3
OTNlMmUwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRkODhiMTQzODQ4ZTZkMWY5YmFjNzVjYWU1MDBlMmQ5N2EzNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknK1erkiELXbTrwY6uDckl/X/bu/
7Cl6WqnKmsrM60Lkd9w+6ND9S4QnoXlZNeErja4t61QkXKki6eBVFFZIGbBBUkaU
JeRnHPGQiETN8jy8gR5K7aETJs1XSEip3f3GfFsCIPLDvJXXd63VZFwBrf2mODV+
5kbc3UBToroyGqcp16/pIESqsD/m4oS4WtrFHizZLjRLUE8XiDs3v5jTJqSrSufm
9QOqSahFztG/jV93bLrxkUwP5YDU8eKwdcvUqRl/K9hN7eC+OUVlpB7KCVeljDgy
rIgoXmJlgB+Nk84ZBHSGwJeEQxel31PBMO4t8kIbvAb/eT5IijmgVDBxBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJVNiLFDhI5tH5usdcrlAOLZejWxMB8GA1UdIwQY
MBaAFOI0S6Y0CWHaXutK4jnpoGJneT4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGpSTHBqUUpZZHBlNjByaU9lbWdZbWQ1UGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NGVjNDMtNTkzNS00YWIyLWIxM2Qt
MDJlYjlhNDEyNjM3LzEvbFUySXNVT0VqbTBmbTZ4MXl1VUE0dGw2TmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NGVjNDMtNTkzNS00YWIyLWIxM2QtMDJlYjlhNDEyNjM3
LzEvNGpSTHBqUUpZZHBlNjByaU9lbWdZbWQ1UGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueFwAwQA
ue1kMA0GCSqGSIb3DQEBCwUAA4IBAQB4A2R3AZnNxHZzV6mogQMFFkfH5bKmcnXL
uBPptLSTgoAEo+XIkDFeYcF7hS6+KBV9KW6z+FnDDi2q4iX6yLrVpIVW9MthcOLR
buRl1edG60wPVzUON/XkxyloVVVeoCzi5FXO3JvOHMh24N+z5nSncsNUoxWqiF8f
iNiakX0VwdWO1x8MVJmobb7EPrNL1ConwwHIs+HKWaSd4oGm1dq8Yze/F0S0FDvt
UXvGOgTfw4j/MrwALjVxJ/3Uefo43dPqHIe7iK+35j3CLKkRK5eOHp54ctWjuHch
dv2/cjnDisjynNsSSZpI3EUQoNUNhuuUqwYJ4t6t9jzVskmDwzoQ
-----END CERTIFICATE-----