Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/DnAotxnVt7a2OeX9UYRpQc7YVDw.roa
File:                     DnAotxnVt7a2OeX9UYRpQc7YVDw.roa (raw, json)
Hash identifier:          pal98otex1l0w8vJT9yPkWuua1LoIkDHbyBSIaIOmsM=
Subject key identifier:   0E:70:28:B7:19:D5:B7:B6:B6:39:E5:FD:51:84:69:41:CE:D8:54:3C
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       018CCA2BE6CA3F67B462F247855C822918C3
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/DnAotxnVt7a2OeX9UYRpQc7YVDw.roa
Signing time:             Tue 02 Jan 2024 12:35:23 +0000
ROA not before:           Tue 02 Jan 2024 12:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12357
IP address blocks:        185.111.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e6:ca:3f:67:b4:62:f2:47:85:5c:82:29:18:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  2 12:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e7028b719d5b7b6b639e5fd51846941ced8543c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f5:78:d9:4e:f3:3b:b5:76:1e:96:7d:f6:66:
                    28:50:cd:58:bb:7b:dc:25:bc:b4:cc:97:b9:a5:20:
                    b4:ef:e1:80:53:43:1c:da:e1:ab:5a:46:f2:cb:73:
                    63:d1:92:ae:38:18:b9:29:88:b7:f3:2b:8b:62:21:
                    7f:58:f9:ec:4f:1c:44:03:64:fb:fa:cc:77:45:b8:
                    b6:68:44:70:6b:7c:dd:f8:5f:57:05:b6:35:e6:d6:
                    18:bf:fe:16:ac:04:9b:67:f7:10:8f:e5:34:89:7a:
                    ab:28:7a:52:44:d3:9d:2f:e2:11:6f:08:6b:2c:09:
                    20:fe:c3:a9:68:60:90:a0:46:08:09:11:ab:93:60:
                    07:cb:f1:b0:97:bc:2d:5b:26:26:f6:32:d2:6d:26:
                    cc:c3:09:a6:bd:77:9a:29:91:8b:0a:44:05:b4:0b:
                    60:1e:6f:94:4f:37:6d:c1:a0:e9:0e:5d:15:e8:f2:
                    31:e1:b2:98:f4:68:d1:b9:50:fb:63:ba:49:15:26:
                    ce:f2:bd:4e:46:86:bf:ea:73:0d:c0:f5:70:4e:94:
                    75:59:2d:cf:b0:c5:76:18:d4:36:b1:a3:c0:e6:8d:
                    59:ca:2a:f1:e9:3a:5a:54:ac:74:1e:cb:e2:0a:00:
                    35:3d:75:66:79:99:0b:58:9e:62:96:9c:1d:66:ce:
                    c6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:70:28:B7:19:D5:B7:B6:B6:39:E5:FD:51:84:69:41:CE:D8:54:3C
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/DnAotxnVt7a2OeX9UYRpQc7YVDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:39:4f:94:46:ac:df:a9:15:d6:25:2e:4b:68:57:d0:01:41:
         ea:9a:41:e7:6e:b0:c7:7b:5a:5d:fb:8c:77:49:8d:0f:4e:55:
         0f:60:31:ba:76:be:d5:bc:b0:17:1c:d6:3b:d8:af:45:58:e1:
         48:4d:6b:d5:90:8b:95:fa:88:0f:95:5d:47:52:d9:2d:bb:2a:
         d2:49:86:08:c4:e8:ea:75:cd:b3:f8:5f:e4:6e:89:55:f6:46:
         02:0b:c0:ca:3c:6d:39:81:0f:5d:ac:e5:0c:9b:21:a3:3b:78:
         c5:b3:a9:5f:fd:3a:c1:43:1a:a2:e2:04:26:c4:2a:66:46:6a:
         5f:eb:6a:e5:db:c5:47:af:6e:4f:8d:ca:80:84:a9:9e:74:a5:
         1a:8e:fa:39:05:72:95:19:ee:68:5b:42:4f:16:43:53:d4:cb:
         5f:7a:cf:2b:4e:c7:2f:c7:cd:44:bd:f2:3d:87:9e:32:b7:37:
         c7:f1:af:bc:e0:13:22:d0:3c:ef:bd:2d:a7:bb:77:8d:56:f5:
         a3:8b:0c:06:06:d1:d9:d3:76:93:91:3f:d5:3c:63:81:79:a4:
         d0:46:b2:ed:15:93:01:a4:17:b9:9d:a7:5a:10:3a:e6:6a:03:
         f0:54:c5:6f:09:e2:99:2d:3d:93:f3:d4:c3:ae:4e:4b:36:3e:
         ee:41:fb:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+bKP2e0YvJHhVyCKRjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTc1ODAyZTdlZmI4NjUzZTNhZjU5Y2JmMWJjMDY1Mzhi
Y2E2NzEwHhcNMjQwMTAyMTIzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTcwMjhiNzE5ZDViN2I2YjYzOWU1ZmQ1MTg0Njk0MWNlZDg1NDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvV42U7zO7V2HpZ99mYoUM1Yu3vc
Jby0zJe5pSC07+GAU0Mc2uGrWkbyy3Nj0ZKuOBi5KYi38yuLYiF/WPnsTxxEA2T7
+sx3Rbi2aERwa3zd+F9XBbY15tYYv/4WrASbZ/cQj+U0iXqrKHpSRNOdL+IRbwhr
LAkg/sOpaGCQoEYICRGrk2AHy/Gwl7wtWyYm9jLSbSbMwwmmvXeaKZGLCkQFtAtg
Hm+UTzdtwaDpDl0V6PIx4bKY9GjRuVD7Y7pJFSbO8r1ORoa/6nMNwPVwTpR1WS3P
sMV2GNQ2saPA5o1Zyirx6TpaVKx0HsviCgA1PXVmeZkLWJ5ilpwdZs7GAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5wKLcZ1be2tjnl/VGEaUHO2FQ8MB8GA1UdIwQY
MBaAFKjnWALn77hlPjr1nL8bwGU4vKZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjkt
NDExZjU4MzdmZWZhLzEvRG5Bb3R4blZ0N2EyT2VYOVVZUnBRYzdZVkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjktNDExZjU4MzdmZWZh
LzEvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBAOU+URqzfqRXWJS5LaFfQAUHqmkHnbrDHe1pd+4x3
SY0PTlUPYDG6dr7VvLAXHNY72K9FWOFITWvVkIuV+ogPlV1HUtktuyrSSYYIxOjq
dc2z+F/kbolV9kYCC8DKPG05gQ9drOUMmyGjO3jFs6lf/TrBQxqi4gQmxCpmRmpf
62rl28VHr25PjcqAhKmedKUajvo5BXKVGe5oW0JPFkNT1Mtfes8rTscvx81EvfI9
h54ytzfH8a+84BMi0DzvvS2nu3eNVvWjiwwGBtHZ03aTkT/VPGOBeaTQRrLtFZMB
pBe5nadaEDrmagPwVMVvCeKZLT2T89TDrk5LNj7uQfsX
-----END CERTIFICATE-----