Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/AbXsm3jU83QRteRIxi8FKqlqUxg.roa
File:                     AbXsm3jU83QRteRIxi8FKqlqUxg.roa (raw, json)
Hash identifier:          sxketJPNmAD9EnUR1qKRLDgaEbi/vH5nCvLT+chtr5A=
Subject key identifier:   01:B5:EC:9B:78:D4:F3:74:11:B5:E4:48:C6:2F:05:2A:A9:6A:53:18
Certificate issuer:       /CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
Certificate serial:       018CC493997620F46CBD282D6695DF979BC6
Authority key identifier: E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/AbXsm3jU83QRteRIxi8FKqlqUxg.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49605
IP address blocks:        185.29.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:76:20:f4:6c:bd:28:2d:66:95:df:97:9b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01b5ec9b78d4f37411b5e448c62f052aa96a5318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:45:1c:6b:18:bc:f2:02:2d:69:48:56:a7:
                    e2:00:9a:ed:ba:44:0b:86:8a:81:dd:10:ed:84:09:
                    52:25:c2:7c:cf:23:51:fe:e0:dc:1c:6b:13:c5:ef:
                    1f:5c:37:09:26:42:89:83:21:b5:ce:68:58:b3:95:
                    97:0d:0f:f7:e4:f3:3a:76:c2:a5:7c:64:a1:fe:cc:
                    e9:85:e3:f4:16:92:8f:ac:c7:74:af:88:d1:8a:81:
                    23:b7:6d:65:8f:b1:1f:5a:43:18:88:9f:65:69:59:
                    39:72:7b:86:6b:7f:8c:3e:30:00:24:61:3d:9c:0f:
                    59:fc:50:04:f4:20:86:d0:f3:47:7e:6c:8b:86:c3:
                    b1:00:56:a1:95:c2:88:a6:61:b4:f7:02:83:cb:38:
                    f8:b4:52:b3:5b:c9:df:c9:63:08:d0:72:31:8a:76:
                    25:cb:7c:1e:6d:20:ff:8a:f1:af:fb:a8:b1:2f:2c:
                    02:6e:bb:7f:bd:e1:99:79:d5:dd:d0:82:66:b5:59:
                    e6:a5:53:50:b8:85:21:82:59:46:1e:37:9f:fe:e4:
                    0b:d8:78:0f:f0:77:70:71:d0:77:b4:1b:ae:74:da:
                    bf:47:fa:9d:02:68:98:c3:79:52:07:59:48:8b:67:
                    e2:7e:7c:cb:9e:ac:9e:f5:8e:67:3e:d7:1e:e2:9d:
                    82:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B5:EC:9B:78:D4:F3:74:11:B5:E4:48:C6:2F:05:2A:A9:6A:53:18
            X509v3 Authority Key Identifier:
                keyid:E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/AbXsm3jU83QRteRIxi8FKqlqUxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:16:e8:cc:33:0c:cb:ee:70:c5:92:69:0d:d1:1d:18:10:8e:
         09:ce:62:cf:91:1e:7d:7a:8e:28:fa:f2:34:a3:59:46:b5:38:
         bf:4c:53:b9:5d:75:4b:28:85:8b:0a:63:1c:ef:47:26:db:54:
         a7:61:40:0e:7c:b5:7d:bc:53:32:3a:34:1d:06:6f:cf:1e:aa:
         26:ce:4b:73:ac:83:2d:38:ef:7c:7f:c9:13:3f:d0:80:d1:6d:
         e7:5e:43:3b:72:fe:43:54:43:ea:86:f5:d8:3e:0f:71:84:9e:
         03:5e:ea:73:c8:24:e4:01:98:dd:b9:56:c3:3b:8e:82:41:0e:
         b7:dd:81:bf:61:18:65:e6:68:34:6a:57:06:29:41:9f:b5:a6:
         2c:a1:0e:47:fb:f6:07:71:50:52:fd:c0:27:27:45:05:e1:85:
         52:80:79:af:ab:63:ab:69:bb:fa:97:1a:c0:65:8e:67:a2:69:
         b5:88:8e:dd:4e:d4:2b:0f:cc:26:e4:81:5e:e1:58:29:49:8d:
         f4:a8:f0:21:f6:75:fe:bf:f9:0c:9d:99:58:3c:d4:b3:3d:c3:
         59:37:04:58:f1:f0:73:a6:26:c1:ba:e8:eb:07:ef:bb:d5:c2:
         9d:24:e6:9f:5a:aa:3f:c8:0e:92:8a:ce:e6:d4:ae:81:40:67:
         6a:03:fd:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5l2IPRsvSgtZpXfl5vGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMDQ0OWZlN2Y0YjJjZjFmN2ZkNjcwZTU4MmViY2M5N2U0
NWY3ZmYwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWI1ZWM5Yjc4ZDRmMzc0MTFiNWU0NDhjNjJmMDUyYWE5NmE1MzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSFFHGsYvPICLWlIVqfiAJrtukQL
hoqB3RDthAlSJcJ8zyNR/uDcHGsTxe8fXDcJJkKJgyG1zmhYs5WXDQ/35PM6dsKl
fGSh/szpheP0FpKPrMd0r4jRioEjt21lj7EfWkMYiJ9laVk5cnuGa3+MPjAAJGE9
nA9Z/FAE9CCG0PNHfmyLhsOxAFahlcKIpmG09wKDyzj4tFKzW8nfyWMI0HIxinYl
y3webSD/ivGv+6ixLywCbrt/veGZedXd0IJmtVnmpVNQuIUhgllGHjef/uQL2HgP
8HdwcdB3tBuudNq/R/qdAmiYw3lSB1lIi2fifnzLnqye9Y5nPtce4p2CnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG17Jt41PN0EbXkSMYvBSqpalMYMB8GA1UdIwQY
MBaAFOIESf5/Syzx9/1nDlguvMl+Rff/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQt
OTA2YTkxZWU5ZmU0LzEvQWJYc20zalU4M1FSdGVSSXhpOEZLcWxxVXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQtOTA2YTkxZWU5ZmU0
LzEvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR1IMA0G
CSqGSIb3DQEBCwUAA4IBAQDlFujMMwzL7nDFkmkN0R0YEI4JzmLPkR59eo4o+vI0
o1lGtTi/TFO5XXVLKIWLCmMc70cm21SnYUAOfLV9vFMyOjQdBm/PHqomzktzrIMt
OO98f8kTP9CA0W3nXkM7cv5DVEPqhvXYPg9xhJ4DXupzyCTkAZjduVbDO46CQQ63
3YG/YRhl5mg0alcGKUGftaYsoQ5H+/YHcVBS/cAnJ0UF4YVSgHmvq2Orabv6lxrA
ZY5nomm1iI7dTtQrD8wm5IFe4VgpSY30qPAh9nX+v/kMnZlYPNSzPcNZNwRY8fBz
pibBuujrB++71cKdJOafWqo/yA6Sis7m1K6BQGdqA/3R
-----END CERTIFICATE-----