Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/DrZNDdNrVptPSbxEh8SVQQQ19mA.roa
File:                     DrZNDdNrVptPSbxEh8SVQQQ19mA.roa (raw, json)
Hash identifier:          4Rm1FFj9Qhxp/Hg31HYYbf/rR4pVJC9Ykz5qx4aXTs8=
Subject key identifier:   0E:B6:4D:0D:D3:6B:56:9B:4F:49:BC:44:87:C4:95:41:04:35:F6:60
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       018CCA29BAD3E70B0586F9C58BA06189CD05
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/DrZNDdNrVptPSbxEh8SVQQQ19mA.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        147.185.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ba:d3:e7:0b:05:86:f9:c5:8b:a0:61:89:cd:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eb64d0dd36b569b4f49bc4487c495410435f660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:75:14:5a:c3:e8:85:3c:a5:48:a6:9a:bc:f1:
                    16:59:19:b8:d7:d4:58:aa:ad:ca:2a:b3:68:3c:38:
                    7c:ae:5d:21:7f:e5:4b:6c:5d:ab:6f:7a:b1:e6:c8:
                    69:a7:57:14:09:88:a0:be:a1:d5:1a:ba:e1:de:3e:
                    d1:22:5c:e2:8a:16:cd:07:f2:c3:15:09:7f:09:33:
                    f3:38:fb:05:d9:47:b8:1c:61:35:0a:1b:80:21:ae:
                    f5:79:1a:36:39:30:d9:1a:e2:28:ae:ca:d8:d6:47:
                    ef:95:8c:6c:49:c9:62:2c:61:44:7f:37:26:42:b0:
                    44:1d:34:50:fc:2f:f7:fe:4a:89:80:7f:11:f1:d1:
                    b3:ae:20:a3:e4:40:ce:a5:c0:5a:b8:c6:62:f6:a4:
                    9d:66:e1:98:42:db:bc:b5:f9:b3:75:5d:3b:23:95:
                    c6:a4:ae:54:e0:fd:0b:30:92:73:4a:ee:60:80:78:
                    23:3e:de:4b:9b:c3:af:5f:d3:33:2a:ab:cf:69:9d:
                    1a:b4:10:8e:e3:f3:98:bc:6a:49:19:a6:33:99:bc:
                    b5:90:31:98:5b:77:45:e9:e4:0d:00:86:bb:bf:f2:
                    10:55:1f:ea:6d:40:00:7f:f1:31:ba:bb:a2:27:ad:
                    fa:f8:82:25:c3:9b:ac:d1:90:32:fa:50:35:27:32:
                    93:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B6:4D:0D:D3:6B:56:9B:4F:49:BC:44:87:C4:95:41:04:35:F6:60
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/DrZNDdNrVptPSbxEh8SVQQQ19mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:5c:91:c8:bd:46:c7:cd:f4:77:2a:94:50:60:1f:f7:52:3e:
         62:88:09:42:18:57:53:30:3d:63:f5:b9:d2:10:f6:3f:2f:44:
         ed:16:e2:86:49:8b:5e:e1:17:dd:ad:bc:b6:57:99:b1:18:13:
         af:48:2d:49:38:c4:47:e5:88:ba:e0:fa:7a:4c:89:cb:d6:2b:
         c6:6e:41:c4:bb:85:0f:29:d2:6b:e3:2b:f0:8e:5a:ae:88:8d:
         70:df:3d:7d:d6:a4:5a:00:ea:c5:61:44:5d:8e:c1:f5:36:90:
         e2:d0:e0:a6:9c:1b:06:54:65:d4:89:5f:ab:a7:30:d3:88:ef:
         a2:24:2f:f6:fc:96:f9:e8:f9:bd:82:71:47:fa:4b:ba:bf:8c:
         21:e4:28:e8:73:08:a4:21:ef:79:79:1c:37:eb:9b:29:30:8f:
         6e:f1:c8:1f:a6:d8:30:e6:f8:db:33:1f:00:11:7f:3f:1e:0e:
         13:22:3b:e9:61:f1:2e:74:84:0e:d2:17:00:8f:2d:d2:39:64:
         7f:f6:55:3a:53:e4:1d:5c:46:a1:e4:23:56:ec:5b:bb:8e:2e:
         24:32:87:ef:1b:66:0b:7c:6d:8c:c8:50:d0:eb:59:82:e6:45:
         de:85:61:a1:25:68:f1:70:cf:6f:02:32:64:3e:70:24:2f:0e:
         0c:0b:1e:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbrT5wsFhvnFi6Bhic0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWI2NGQwZGQzNmI1NjliNGY0OWJjNDQ4N2M0OTU0MTA0MzVmNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3UUWsPohTylSKaavPEWWRm419RY
qq3KKrNoPDh8rl0hf+VLbF2rb3qx5shpp1cUCYigvqHVGrrh3j7RIlziihbNB/LD
FQl/CTPzOPsF2Ue4HGE1ChuAIa71eRo2OTDZGuIorsrY1kfvlYxsScliLGFEfzcm
QrBEHTRQ/C/3/kqJgH8R8dGzriCj5EDOpcBauMZi9qSdZuGYQtu8tfmzdV07I5XG
pK5U4P0LMJJzSu5ggHgjPt5Lm8OvX9MzKqvPaZ0atBCO4/OYvGpJGaYzmby1kDGY
W3dF6eQNAIa7v/IQVR/qbUAAf/ExuruiJ636+IIlw5us0ZAy+lA1JzKTuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA62TQ3Ta1abT0m8RIfElUEENfZgMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvRHJaTkRkTnJWcHRQU2J4RWg4U1ZRUVExOW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7lrMA0G
CSqGSIb3DQEBCwUAA4IBAQAdXJHIvUbHzfR3KpRQYB/3Uj5iiAlCGFdTMD1j9bnS
EPY/L0TtFuKGSYte4Rfdrby2V5mxGBOvSC1JOMRH5Yi64Pp6TInL1ivGbkHEu4UP
KdJr4yvwjlquiI1w3z191qRaAOrFYURdjsH1NpDi0OCmnBsGVGXUiV+rpzDTiO+i
JC/2/Jb56Pm9gnFH+ku6v4wh5CjocwikIe95eRw365spMI9u8cgfptgw5vjbMx8A
EX8/Hg4TIjvpYfEudIQO0hcAjy3SOWR/9lU6U+QdXEah5CNW7Fu7ji4kMofvG2YL
fG2MyFDQ61mC5kXehWGhJWjxcM9vAjJkPnAkLw4MCx66
-----END CERTIFICATE-----