Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/4d0qBkZbBd5zNUKtA-x8heBefsM.roa
File:                     4d0qBkZbBd5zNUKtA-x8heBefsM.roa (raw, json)
Hash identifier:          1fVSgyLdMwz/h8JZL07Yno0g5y/JHmrvBy6qXO8+Ooc=
Subject key identifier:   E1:DD:2A:06:46:5B:05:DE:73:35:42:AD:03:EC:7C:85:E0:5E:7E:C3
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01932EEB4389206BF7061AD3C9B7CEEF5F0F
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/4d0qBkZbBd5zNUKtA-x8heBefsM.roa
Signing time:             Fri 15 Nov 2024 08:23:10 +0000
ROA not before:           Fri 15 Nov 2024 08:23:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        147.185.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:eb:43:89:20:6b:f7:06:1a:d3:c9:b7:ce:ef:5f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Nov 15 08:23:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1dd2a06465b05de733542ad03ec7c85e05e7ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1e:6a:04:5d:24:5b:30:d6:c6:9b:29:18:5c:
                    01:4e:6d:7c:62:75:50:cf:b3:89:db:e2:15:ab:0c:
                    9d:05:30:71:74:bf:ec:36:10:fa:13:94:88:4a:4d:
                    cc:cc:86:e7:6d:e7:58:53:84:06:71:cc:b2:65:1c:
                    3d:80:21:00:4e:99:ed:31:09:2c:15:58:5a:15:fd:
                    89:ad:ec:e7:90:de:b6:9e:80:de:7d:95:46:b2:22:
                    3d:6f:19:55:61:04:53:c7:2f:a2:90:06:0a:c3:90:
                    90:bc:bd:45:1b:db:f7:fe:22:81:a2:21:25:04:44:
                    7a:9f:94:3f:d2:58:8f:ce:00:db:7c:8d:ba:f7:80:
                    c2:e3:50:b9:f7:4d:66:3c:35:5e:be:6c:62:f3:71:
                    87:69:89:70:d2:b4:d5:bf:6e:b0:0a:4e:95:0e:85:
                    a8:62:5d:43:c1:29:c9:a7:ff:e6:0f:ab:b6:79:87:
                    58:4b:48:46:b2:03:32:23:21:9d:70:58:c1:53:36:
                    8e:bb:c7:85:af:b8:82:3b:4f:c5:5e:85:85:51:b1:
                    bf:f1:73:95:98:a2:47:ae:49:f8:ad:2a:4f:d8:d8:
                    07:ae:90:63:19:03:d7:b2:2f:09:21:d8:e6:30:05:
                    c2:e2:33:fb:f8:b7:a8:cf:f7:28:f1:df:da:0d:c0:
                    f2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DD:2A:06:46:5B:05:DE:73:35:42:AD:03:EC:7C:85:E0:5E:7E:C3
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/4d0qBkZbBd5zNUKtA-x8heBefsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d5:1a:a3:d5:ba:b5:35:34:c5:dc:df:38:83:ce:58:94:c5:
         f2:71:f1:ff:88:41:9c:7a:ca:ed:d1:0a:b3:03:21:ed:ee:78:
         80:0b:44:ba:63:4b:92:49:b7:3a:25:0e:f6:17:aa:62:58:ba:
         1a:a5:50:25:72:b5:92:b7:f2:67:61:fe:80:17:7c:57:d9:a5:
         17:fe:4e:5b:d6:d3:9c:6a:85:de:33:80:8a:76:70:58:9b:af:
         10:27:44:1e:96:f1:2a:34:eb:a7:9a:56:b3:57:b7:37:39:23:
         7a:fc:81:03:08:94:04:78:67:e2:a6:9a:79:73:4a:81:30:b8:
         1e:a5:e7:05:5a:2b:29:a1:82:76:b8:24:34:38:92:35:6d:1e:
         77:6f:8f:2d:20:73:f1:76:01:e0:b7:ec:ff:ba:a9:49:0b:13:
         55:40:67:30:1e:e7:19:e6:7b:24:fc:0c:0f:d7:13:ff:36:49:
         06:00:43:36:bb:fa:09:d1:8c:07:9c:f1:94:a3:19:97:1b:f8:
         64:9a:3d:10:9e:c4:b7:3c:68:f8:df:0c:5a:46:b1:3f:24:1b:
         63:59:4c:b2:f4:a8:e2:76:ae:80:d5:78:ad:fc:45:5e:07:5f:
         c7:95:15:9f:fb:7a:43:45:cd:ec:4f:68:85:2e:05:39:e5:56:
         6d:77:bd:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMu60OJIGv3BhrTybfO718PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQxMTE1MDgyMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRkMmEwNjQ2NWIwNWRlNzMzNTQyYWQwM2VjN2M4NWUwNWU3ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR5qBF0kWzDWxpspGFwBTm18YnVQ
z7OJ2+IVqwydBTBxdL/sNhD6E5SISk3MzIbnbedYU4QGccyyZRw9gCEATpntMQks
FVhaFf2JreznkN62noDefZVGsiI9bxlVYQRTxy+ikAYKw5CQvL1FG9v3/iKBoiEl
BER6n5Q/0liPzgDbfI2694DC41C5901mPDVevmxi83GHaYlw0rTVv26wCk6VDoWo
Yl1DwSnJp//mD6u2eYdYS0hGsgMyIyGdcFjBUzaOu8eFr7iCO0/FXoWFUbG/8XOV
mKJHrkn4rSpP2NgHrpBjGQPXsi8JIdjmMAXC4jP7+Leoz/co8d/aDcDymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHdKgZGWwXeczVCrQPsfIXgXn7DMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvNGQwcUJrWmJCZDV6TlVLdEEteDhoZUJlZnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7lrMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ1Rqj1bq1NTTF3N84g85YlMXycfH/iEGcesrt0Qqz
AyHt7niAC0S6Y0uSSbc6JQ72F6piWLoapVAlcrWSt/JnYf6AF3xX2aUX/k5b1tOc
aoXeM4CKdnBYm68QJ0QelvEqNOunmlazV7c3OSN6/IEDCJQEeGfippp5c0qBMLge
pecFWispoYJ2uCQ0OJI1bR53b48tIHPxdgHgt+z/uqlJCxNVQGcwHucZ5nsk/AwP
1xP/NkkGAEM2u/oJ0YwHnPGUoxmXG/hkmj0QnsS3PGj43wxaRrE/JBtjWUyy9Kji
dq6A1Xit/EVeB1/HlRWf+3pDRc3sT2iFLgU55VZtd732
-----END CERTIFICATE-----