Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/V8NLewQ2tEv_0pd5OvURPl4kK4E.roa
File:                     V8NLewQ2tEv_0pd5OvURPl4kK4E.roa (raw, json)
Hash identifier:          MK3K9FNdnamwecuBKy7FOp/TKe9SgpJUUlIQw234fy0=
Subject key identifier:   57:C3:4B:7B:04:36:B4:4B:FF:D2:97:79:3A:F5:11:3E:5E:24:2B:81
Certificate issuer:       /CN=b0abfff885ca54bb2526380f725051d53e7213c0
Certificate serial:       018CC8DF3972EBA16551FF5F9854664205FE
Authority key identifier: B0:AB:FF:F8:85:CA:54:BB:25:26:38:0F:72:50:51:D5:3E:72:13:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKv_-IXKVLslJjgPclBR1T5yE8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/V8NLewQ2tEv_0pd5OvURPl4kK4E.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        185.149.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/sKv_-IXKVLslJjgPclBR1T5yE8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/sKv_-IXKVLslJjgPclBR1T5yE8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKv_-IXKVLslJjgPclBR1T5yE8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:39:72:eb:a1:65:51:ff:5f:98:54:66:42:05:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0abfff885ca54bb2526380f725051d53e7213c0
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57c34b7b0436b44bffd297793af5113e5e242b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:45:93:f7:5f:49:bb:4c:8a:01:a4:ff:95:97:
                    d1:ec:f5:23:a5:1e:89:97:2f:f5:0f:2f:ff:55:7e:
                    f6:fb:53:4e:86:2c:32:87:a5:25:cf:71:54:49:ae:
                    f5:7a:c7:61:b4:50:9e:21:dc:99:69:a5:25:62:88:
                    c5:80:d6:40:53:cf:52:f9:d7:3e:c6:83:03:98:50:
                    a9:29:01:07:09:44:df:db:5d:c7:e3:1b:8e:73:ad:
                    92:b6:78:33:29:ac:db:de:5b:61:69:d8:18:f7:db:
                    12:07:c3:0e:3e:83:8d:25:ab:f8:2c:49:f1:18:97:
                    b2:65:b0:3f:cf:ec:8b:a1:77:05:76:33:f9:2d:3b:
                    d8:7c:0e:7d:96:25:ad:bd:d2:a0:8b:84:39:bf:f2:
                    da:4b:04:a3:e1:e6:17:40:55:42:e0:47:0b:ad:35:
                    9c:0d:88:90:41:3e:55:37:00:1f:c7:94:cd:d5:22:
                    7b:a8:97:d1:8f:57:a3:03:92:b5:a9:6a:1b:51:1a:
                    d6:c3:d1:8c:b0:15:fc:69:8a:17:0a:0a:cf:a5:8d:
                    76:be:f6:24:06:1c:5d:06:36:d5:71:24:6a:d4:b0:
                    5a:97:39:59:26:e2:4a:52:03:4b:99:36:3c:41:81:
                    5e:4c:b2:91:59:f3:9b:16:2c:2c:84:e6:27:42:ad:
                    23:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C3:4B:7B:04:36:B4:4B:FF:D2:97:79:3A:F5:11:3E:5E:24:2B:81
            X509v3 Authority Key Identifier:
                keyid:B0:AB:FF:F8:85:CA:54:BB:25:26:38:0F:72:50:51:D5:3E:72:13:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKv_-IXKVLslJjgPclBR1T5yE8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/V8NLewQ2tEv_0pd5OvURPl4kK4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/2daf90-9c17-44c6-8082-3450f0d7afdd/1/sKv_-IXKVLslJjgPclBR1T5yE8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d1:ae:3f:35:dc:70:3c:1e:4f:09:ae:38:dd:dd:ba:8a:36:
         78:09:b7:8d:89:56:98:ce:f8:2c:68:78:2f:84:5e:0b:b5:75:
         84:da:fd:1e:63:7f:56:df:bd:2c:4a:2e:a3:62:9c:b5:21:ad:
         5d:85:53:6d:23:5d:cc:a9:1b:a5:cd:f8:aa:9b:e2:e5:f4:fa:
         18:47:f8:44:32:c4:97:7e:5e:87:99:e6:78:10:d7:ec:ca:f1:
         9c:a7:64:11:cc:13:e6:55:1c:d2:67:24:84:62:6a:a3:0b:7c:
         31:ba:e1:55:13:30:d1:3d:e9:f2:42:7e:9e:ee:b5:3d:9a:a7:
         de:a7:40:ff:82:95:ca:62:8f:e6:61:69:91:81:ef:d6:bd:e9:
         33:6a:3e:50:f1:60:d2:0f:91:62:ac:8a:37:fd:59:bb:63:7d:
         be:4f:84:e8:2f:4d:3e:9e:97:4c:cf:f9:f5:89:d7:ec:28:05:
         1a:ac:11:f5:8e:18:3a:7e:02:7c:51:4c:b1:91:72:17:7f:08:
         8e:30:e5:81:37:51:77:91:34:b8:84:ca:5a:b1:ff:b1:ba:7c:
         93:26:34:d0:b7:b3:b4:a4:e7:3e:04:16:5f:6a:b4:66:f6:3a:
         9b:c6:3e:46:af:31:c1:5e:20:b2:a3:85:e0:dc:a7:a0:1b:af:
         e9:04:d4:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zly66FlUf9fmFRmQgX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYWJmZmY4ODVjYTU0YmIyNTI2MzgwZjcyNTA1MWQ1M2U3
MjEzYzAwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2MzNGI3YjA0MzZiNDRiZmZkMjk3NzkzYWY1MTEzZTVlMjQyYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEWT919Ju0yKAaT/lZfR7PUjpR6J
ly/1Dy//VX72+1NOhiwyh6Ulz3FUSa71esdhtFCeIdyZaaUlYojFgNZAU89S+dc+
xoMDmFCpKQEHCUTf213H4xuOc62StngzKazb3lthadgY99sSB8MOPoONJav4LEnx
GJeyZbA/z+yLoXcFdjP5LTvYfA59liWtvdKgi4Q5v/LaSwSj4eYXQFVC4EcLrTWc
DYiQQT5VNwAfx5TN1SJ7qJfRj1ejA5K1qWobURrWw9GMsBX8aYoXCgrPpY12vvYk
BhxdBjbVcSRq1LBalzlZJuJKUgNLmTY8QYFeTLKRWfObFiwshOYnQq0jpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfDS3sENrRL/9KXeTr1ET5eJCuBMB8GA1UdIwQY
MBaAFLCr//iFylS7JSY4D3JQUdU+chPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0t2Xy1JWEtWTHNsSmpnUGNsQlIxVDV5RThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yZGFmOTAtOWMxNy00NGM2LTgwODIt
MzQ1MGYwZDdhZmRkLzEvVjhOTGV3UTJ0RXZfMHBkNU92VVJQbDRrSzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yZGFmOTAtOWMxNy00NGM2LTgwODItMzQ1MGYwZDdhZmRk
LzEvc0t2Xy1JWEtWTHNsSmpnUGNsQlIxVDV5RThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZXAMA0G
CSqGSIb3DQEBCwUAA4IBAQCq0a4/NdxwPB5PCa443d26ijZ4CbeNiVaYzvgsaHgv
hF4LtXWE2v0eY39W370sSi6jYpy1Ia1dhVNtI13MqRulzfiqm+Ll9PoYR/hEMsSX
fl6HmeZ4ENfsyvGcp2QRzBPmVRzSZySEYmqjC3wxuuFVEzDRPenyQn6e7rU9mqfe
p0D/gpXKYo/mYWmRge/Wvekzaj5Q8WDSD5FirIo3/Vm7Y32+T4ToL00+npdMz/n1
idfsKAUarBH1jhg6fgJ8UUyxkXIXfwiOMOWBN1F3kTS4hMpasf+xunyTJjTQt7O0
pOc+BBZfarRm9jqbxj5GrzHBXiCyo4Xg3KegG6/pBNSx
-----END CERTIFICATE-----