Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/ExONAsdwF76lfha7IUu1NcmLjcs.roa
File:                     ExONAsdwF76lfha7IUu1NcmLjcs.roa (raw, json)
Hash identifier:          xdCS+AF+VFIp/0WeCmrg3AB9yEAmKDTGKDq/n/yYGKc=
Subject key identifier:   13:13:8D:02:C7:70:17:BE:A5:7E:16:BB:21:4B:B5:35:C9:8B:8D:CB
Certificate issuer:       /CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
Certificate serial:       018CC6B8EA6D9DFCB3DBB27D5568E96B53B7
Authority key identifier: 80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/ExONAsdwF76lfha7IUu1NcmLjcs.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136184
IP address blocks:        185.228.92.0/24 maxlen: 24
                          185.228.95.0/24 maxlen: 24
                          185.228.94.0/24 maxlen: 24
                          185.228.93.0/24 maxlen: 24
                          185.228.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ea:6d:9d:fc:b3:db:b2:7d:55:68:e9:6b:53:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13138d02c77017bea57e16bb214bb535c98b8dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e8:c7:01:1b:72:ce:3d:52:89:f7:5b:e0:98:
                    42:19:5d:0e:03:13:ee:f2:ea:d1:af:43:fb:7f:63:
                    5a:24:2a:5b:11:98:18:ef:c2:df:c7:4c:6f:4a:72:
                    f4:51:2c:74:11:41:5a:91:97:9c:5c:5c:d5:ae:e6:
                    96:b6:9d:1d:99:57:86:0f:f1:af:3e:86:87:54:a3:
                    7c:38:1d:3d:cc:d4:2c:cf:39:69:3e:5e:39:c6:8b:
                    1e:21:0a:16:d6:4b:c0:76:fd:37:c3:30:bb:9d:1e:
                    90:d9:b1:3f:8c:1f:68:1c:fc:84:0a:d9:a3:de:f7:
                    2f:95:b2:38:97:7e:00:27:2b:60:46:1a:0b:a6:89:
                    7f:f8:13:0c:fd:34:33:76:92:39:e6:ce:34:7f:15:
                    1d:48:33:0b:3c:b1:65:39:80:43:84:f0:3e:a9:b8:
                    44:6f:1b:a2:a4:39:5c:06:85:1c:78:87:0f:9c:68:
                    c0:0b:7f:a8:a6:75:86:09:bd:cf:71:e9:ac:5f:56:
                    77:4b:0f:ec:43:36:29:6d:aa:0f:66:41:94:a8:01:
                    32:cb:00:78:53:e5:74:ec:73:87:8e:96:a9:72:5c:
                    3f:f8:17:08:80:0e:8b:20:3e:e7:8a:a6:a2:39:78:
                    65:3b:30:e9:21:91:3e:25:7d:ca:87:1e:dd:5e:70:
                    29:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:13:8D:02:C7:70:17:BE:A5:7E:16:BB:21:4B:B5:35:C9:8B:8D:CB
            X509v3 Authority Key Identifier:
                keyid:80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/ExONAsdwF76lfha7IUu1NcmLjcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:ad:de:6e:fe:f1:31:f7:ed:52:60:03:28:f7:dc:ba:17:f0:
         95:a0:46:bc:9d:50:ad:73:d0:71:0b:41:aa:a9:ef:0e:00:ff:
         d8:d5:3d:f0:ff:2e:4f:62:55:1e:ee:1b:c5:8f:44:1e:5d:bf:
         76:e4:2b:a3:c9:62:90:da:26:c1:48:7e:35:e2:c8:b3:4d:50:
         77:a6:2a:57:0a:e0:67:f7:12:77:e5:c4:fa:17:85:94:f3:7f:
         7e:19:7b:bd:d4:ef:4d:97:47:e3:a0:e5:4e:a5:a4:0a:14:94:
         d7:ae:b7:8e:63:48:dc:95:c1:7c:dc:a1:50:0f:77:e2:2b:b7:
         f1:89:64:32:5f:19:b5:a6:39:6b:23:4b:86:2a:8a:3b:f8:f2:
         da:45:64:9f:7d:08:4e:d9:72:24:5c:9e:f3:3b:9f:8c:3b:0b:
         66:14:6a:f9:b8:e1:f9:5c:63:1c:af:9d:41:43:26:5a:59:8a:
         34:4e:00:24:51:ed:96:e5:e4:89:ca:23:43:aa:56:76:95:e4:
         a7:ae:9f:68:a4:6c:d8:03:4e:82:34:bb:71:94:df:ea:d9:31:
         61:51:59:76:02:38:b2:4c:ea:06:77:3e:c4:16:9d:1d:cd:a6:
         8d:83:88:b7:62:4e:52:66:29:ef:2e:9e:f7:64:d0:53:af:cc:
         b8:97:1c:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOptnfyz27J9VWjpa1O3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDYwOGExNDExOGIxYThkY2RkZWJiYjQwZjk2ZWNkNDhm
ODVjNzEwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzEzOGQwMmM3NzAxN2JlYTU3ZTE2YmIyMTRiYjUzNWM5OGI4ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmujHARtyzj1Sifdb4JhCGV0OAxPu
8urRr0P7f2NaJCpbEZgY78Lfx0xvSnL0USx0EUFakZecXFzVruaWtp0dmVeGD/Gv
PoaHVKN8OB09zNQszzlpPl45xoseIQoW1kvAdv03wzC7nR6Q2bE/jB9oHPyECtmj
3vcvlbI4l34AJytgRhoLpol/+BMM/TQzdpI55s40fxUdSDMLPLFlOYBDhPA+qbhE
bxuipDlcBoUceIcPnGjAC3+opnWGCb3PcemsX1Z3Sw/sQzYpbaoPZkGUqAEyywB4
U+V07HOHjpapclw/+BcIgA6LID7niqaiOXhlOzDpIZE+JX3Khx7dXnAp3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMTjQLHcBe+pX4WuyFLtTXJi43LMB8GA1UdIwQY
MBaAFIDWCKFBGLGo3N3ru0D5bs1I+FxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEt
OTkyOGRkM2YyZjgyLzEvRXhPTkFzZHdGNzZsZmhhN0lVdTFOY21MamNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEtOTkyOGRkM2YyZjgy
LzEvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueRcMA0G
CSqGSIb3DQEBCwUAA4IBAQCerd5u/vEx9+1SYAMo99y6F/CVoEa8nVCtc9BxC0Gq
qe8OAP/Y1T3w/y5PYlUe7hvFj0QeXb925CujyWKQ2ibBSH414sizTVB3pipXCuBn
9xJ35cT6F4WU839+GXu91O9Nl0fjoOVOpaQKFJTXrreOY0jclcF83KFQD3fiK7fx
iWQyXxm1pjlrI0uGKoo7+PLaRWSffQhO2XIkXJ7zO5+MOwtmFGr5uOH5XGMcr51B
QyZaWYo0TgAkUe2W5eSJyiNDqlZ2leSnrp9opGzYA06CNLtxlN/q2TFhUVl2Ajiy
TOoGdz7EFp0dzaaNg4i3Yk5SZinvLp73ZNBTr8y4lxxa
-----END CERTIFICATE-----