Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/BEtomy0z2sSvfCvzxEP-bpHIxgw.roa
File:                     BEtomy0z2sSvfCvzxEP-bpHIxgw.roa (raw, json)
Hash identifier:          zzS7bis8KkCCeaBtGEc5YU1hm9A/j8o5GEfCMVs5SeI=
Subject key identifier:   04:4B:68:9B:2D:33:DA:C4:AF:7C:2B:F3:C4:43:FE:6E:91:C8:C6:0C
Certificate issuer:       /CN=230d311fc19463fdd30adecc917b5f0298741b44
Certificate serial:       018CC42477E7999155C13FBB95DA0A34653E
Authority key identifier: 23:0D:31:1F:C1:94:63:FD:D3:0A:DE:CC:91:7B:5F:02:98:74:1B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/BEtomy0z2sSvfCvzxEP-bpHIxgw.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49121
IP address blocks:        185.65.69.0/24 maxlen: 24
                          2a0d:3180:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:77:e7:99:91:55:c1:3f:bb:95:da:0a:34:65:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230d311fc19463fdd30adecc917b5f0298741b44
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=044b689b2d33dac4af7c2bf3c443fe6e91c8c60c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5b:95:b3:3f:0f:6c:09:8d:7f:59:32:cd:19:
                    96:97:3e:82:38:62:b5:e2:66:95:9d:7f:10:4e:23:
                    0e:ed:21:7d:8d:14:00:b1:48:48:60:9a:9f:34:74:
                    d5:8f:86:59:7c:7f:b0:b4:44:d4:98:2d:b2:03:b2:
                    80:1e:e6:62:f2:61:b9:74:c9:9f:f2:af:86:62:b9:
                    a4:cd:34:d9:90:5f:96:19:a7:6f:2c:e3:0e:4b:4d:
                    e6:ea:82:bc:a9:58:74:a8:29:18:27:59:d7:17:f9:
                    29:98:81:3f:f3:93:f6:2e:ca:d8:24:1f:ec:9d:c4:
                    bc:11:c3:be:3f:92:89:78:86:a6:92:a4:c4:bb:1f:
                    88:b4:50:c5:3c:47:54:db:38:e4:5f:40:90:fc:c2:
                    94:64:f8:45:31:2e:54:77:fd:aa:83:11:30:fc:00:
                    37:ed:38:8b:37:34:28:0b:77:c4:71:5d:26:72:f5:
                    b1:73:bc:38:0e:81:7d:ee:3d:08:2a:ea:23:1b:bb:
                    25:ee:86:14:7d:6d:ec:2e:2c:05:be:fe:39:d5:c0:
                    0f:f4:5d:82:dd:6d:e0:12:a5:df:a0:8f:83:ab:de:
                    70:20:3e:dc:04:d1:db:50:1b:c9:ca:fa:60:b7:d2:
                    a1:5d:99:2b:1b:6c:d3:8c:6a:cc:db:3e:5d:89:03:
                    29:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4B:68:9B:2D:33:DA:C4:AF:7C:2B:F3:C4:43:FE:6E:91:C8:C6:0C
            X509v3 Authority Key Identifier:
                keyid:23:0D:31:1F:C1:94:63:FD:D3:0A:DE:CC:91:7B:5F:02:98:74:1B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/BEtomy0z2sSvfCvzxEP-bpHIxgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.69.0/24
                IPv6:
                  2a0d:3180:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:4c:2a:77:44:da:38:8e:b1:93:2b:16:b4:bf:3d:01:ab:0b:
         44:d4:71:ad:99:25:76:a5:6f:38:81:7b:24:bb:23:49:42:9c:
         09:c2:7b:8f:07:39:27:78:ea:42:83:64:75:80:bf:de:fc:21:
         26:f3:02:80:b8:3f:37:e0:c9:6a:16:9a:85:8f:b1:7a:68:ad:
         24:db:80:53:f5:f2:f4:41:a6:1b:63:b5:66:33:63:a2:ef:15:
         92:f7:e6:a0:35:77:5d:ba:ba:8f:5b:20:e5:af:fc:d3:8b:8d:
         cc:a5:f9:a2:60:61:d8:16:d7:2f:33:19:c6:25:97:47:6b:4c:
         4a:f1:f8:fe:10:e8:b1:a7:07:34:56:09:6c:d9:67:88:9d:36:
         f7:71:32:85:7d:93:5b:c3:09:7c:62:aa:cd:a3:b9:c5:70:e3:
         26:7d:04:fd:dc:8c:1c:ed:0e:c2:37:66:46:66:1d:4c:7c:a0:
         a3:c5:82:bd:6f:8e:62:9b:2d:35:1b:61:39:82:1b:84:f3:5a:
         87:2f:38:7d:ad:f6:4c:c7:e1:63:f1:8b:95:aa:5e:e9:8b:86:
         1b:01:90:21:08:c7:5f:4c:34:58:00:b6:67:68:5b:f6:21:19:
         d6:4a:16:cf:34:4f:0b:52:1e:01:bf:3b:f8:8e:5c:18:9c:eb:
         91:77:cf:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJHfnmZFVwT+7ldoKNGU+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMGQzMTFmYzE5NDYzZmRkMzBhZGVjYzkxN2I1ZjAyOTg3
NDFiNDQwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDRiNjg5YjJkMzNkYWM0YWY3YzJiZjNjNDQzZmU2ZTkxYzhjNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiluVsz8PbAmNf1kyzRmWlz6COGK1
4maVnX8QTiMO7SF9jRQAsUhIYJqfNHTVj4ZZfH+wtETUmC2yA7KAHuZi8mG5dMmf
8q+GYrmkzTTZkF+WGadvLOMOS03m6oK8qVh0qCkYJ1nXF/kpmIE/85P2LsrYJB/s
ncS8EcO+P5KJeIamkqTEux+ItFDFPEdU2zjkX0CQ/MKUZPhFMS5Ud/2qgxEw/AA3
7TiLNzQoC3fEcV0mcvWxc7w4DoF97j0IKuojG7sl7oYUfW3sLiwFvv451cAP9F2C
3W3gEqXfoI+Dq95wID7cBNHbUBvJyvpgt9KhXZkrG2zTjGrM2z5diQMpPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFARLaJstM9rEr3wr88RD/m6RyMYMMB8GA1UdIwQY
MBaAFCMNMR/BlGP90wrezJF7XwKYdBtEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXcweEg4R1VZXzNUQ3Q3TWtYdGZBcGgwRzBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yODFkZmItMzI5My00YmFiLWJhMjIt
MWJlY2I1ZGNkN2FhLzEvQkV0b215MHoyc1N2ZkN2enhFUC1icEhJeGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yODFkZmItMzI5My00YmFiLWJhMjItMWJlY2I1ZGNkN2Fh
LzEvSXcweEg4R1VZXzNUQ3Q3TWtYdGZBcGgwRzBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUFFMA8E
AgACMAkDBwAqDTGAAAcwDQYJKoZIhvcNAQELBQADggEBAHlMKndE2jiOsZMrFrS/
PQGrC0TUca2ZJXalbziBeyS7I0lCnAnCe48HOSd46kKDZHWAv978ISbzAoC4Pzfg
yWoWmoWPsXporSTbgFP18vRBphtjtWYzY6LvFZL35qA1d126uo9bIOWv/NOLjcyl
+aJgYdgW1y8zGcYll0drTErx+P4Q6LGnBzRWCWzZZ4idNvdxMoV9k1vDCXxiqs2j
ucVw4yZ9BP3cjBztDsI3ZkZmHUx8oKPFgr1vjmKbLTUbYTmCG4TzWocvOH2t9kzH
4WPxi5WqXumLhhsBkCEIx19MNFgAtmdoW/YhGdZKFs80TwtSHgG/O/iOXBic65F3
z7A=
-----END CERTIFICATE-----