Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/o0v8IiMaeGGPqKgU5D7y2kTjj74.roa
File:                     o0v8IiMaeGGPqKgU5D7y2kTjj74.roa (raw, json)
Hash identifier:          WnNmAWCQFePDgNoZZU59zqNdwnID+uCzcE8wWY+4YVs=
Subject key identifier:   A3:4B:FC:22:23:1A:78:61:8F:A8:A8:14:E4:3E:F2:DA:44:E3:8F:BE
Certificate issuer:       /CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
Certificate serial:       018CC493999C8F421CF12A597872C16E634F
Authority key identifier: E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/o0v8IiMaeGGPqKgU5D7y2kTjj74.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51580
IP address blocks:        185.29.75.0/24 maxlen: 24
                          185.29.73.0/24 maxlen: 24
                          185.29.74.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:9c:8f:42:1c:f1:2a:59:78:72:c1:6e:63:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a34bfc22231a78618fa8a814e43ef2da44e38fbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2a:3f:56:2f:cb:05:b3:d5:22:ce:d5:e8:d8:
                    98:99:4f:7a:94:f8:50:7a:30:f7:70:2c:07:47:b6:
                    13:b8:ae:e0:f1:8b:9a:10:01:75:b8:df:b3:2a:5c:
                    65:b7:bd:05:12:17:a5:8f:fc:03:30:0a:18:cf:ad:
                    61:6a:3d:1f:07:a8:fa:a1:08:94:7d:38:09:ae:f6:
                    2c:69:d2:48:35:d8:32:3f:53:54:9d:4e:c7:73:15:
                    04:41:38:81:04:d2:48:5c:56:11:31:c5:d2:f7:1d:
                    33:94:0d:63:eb:23:ef:03:87:f2:59:77:02:e6:c2:
                    35:d2:f7:03:79:cc:77:75:b6:b3:08:36:ce:5f:46:
                    52:e9:b1:e8:2d:90:05:7f:c7:ef:9b:90:c5:e3:a3:
                    2b:de:1d:80:d8:ef:6a:04:32:64:53:c2:5a:d3:78:
                    53:eb:b5:d9:dc:52:34:98:48:0c:13:ff:1f:1d:4e:
                    74:7e:f5:fc:53:80:dd:47:2d:9e:2b:b0:cc:8c:04:
                    ac:5f:a6:07:1b:04:81:13:e6:a7:fc:a2:38:82:ce:
                    e7:4c:cd:ad:27:e8:fc:b7:49:f4:76:1d:72:06:e6:
                    53:97:fb:53:2f:cc:07:03:5b:65:11:48:63:fc:4e:
                    18:d9:90:c5:c5:ee:62:d8:19:c0:c0:b3:90:e0:48:
                    49:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4B:FC:22:23:1A:78:61:8F:A8:A8:14:E4:3E:F2:DA:44:E3:8F:BE
            X509v3 Authority Key Identifier:
                keyid:E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/o0v8IiMaeGGPqKgU5D7y2kTjj74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.73.0-185.29.75.255

    Signature Algorithm: sha256WithRSAEncryption
         ce:fa:20:06:9d:74:e8:9e:49:bc:9b:af:6a:2f:97:33:8f:9c:
         bc:c2:74:36:e7:38:80:fe:21:01:b3:96:c9:ac:17:17:6d:63:
         64:3d:6b:a4:0f:14:a4:4d:80:94:91:4f:6a:ce:fa:8c:d0:50:
         de:0d:a9:15:17:46:88:3f:03:7d:a7:8d:46:4b:92:ec:dd:94:
         8e:12:d4:75:25:0b:7a:33:69:6c:0c:a2:7a:8c:fb:17:24:35:
         98:0b:01:c3:6f:a5:ec:ca:6e:d5:61:d8:b7:10:d1:f9:54:8f:
         5e:a2:cc:a7:c2:e3:a6:59:52:2f:80:64:3f:c5:e2:f2:ae:d2:
         67:5f:5f:57:1a:63:7f:44:ee:2a:bd:fd:7e:fc:cf:3b:d5:91:
         99:c4:f2:3f:39:1d:c6:85:d5:19:63:ea:a9:3f:2c:90:11:05:
         c5:e4:7a:8d:13:17:d2:25:14:57:b7:8e:08:13:c1:60:ff:d4:
         93:82:75:be:66:8f:37:86:52:57:9b:19:d4:3b:94:a0:5e:b6:
         ad:1e:c5:56:37:b3:44:93:26:05:d8:85:5d:9b:52:ee:04:dd:
         95:20:29:a8:fb:78:7c:23:5d:ff:d4:d6:b6:a6:75:60:6e:30:
         c8:ec:a2:65:de:26:b9:a7:6e:aa:ac:88:38:e7:d1:a5:a4:aa:
         a1:f1:ba:78
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEk5mcj0Ic8SpZeHLBbmNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMDQ0OWZlN2Y0YjJjZjFmN2ZkNjcwZTU4MmViY2M5N2U0
NWY3ZmYwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRiZmMyMjIzMWE3ODYxOGZhOGE4MTRlNDNlZjJkYTQ0ZTM4ZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSo/Vi/LBbPVIs7V6NiYmU96lPhQ
ejD3cCwHR7YTuK7g8YuaEAF1uN+zKlxlt70FEhelj/wDMAoYz61haj0fB6j6oQiU
fTgJrvYsadJINdgyP1NUnU7HcxUEQTiBBNJIXFYRMcXS9x0zlA1j6yPvA4fyWXcC
5sI10vcDecx3dbazCDbOX0ZS6bHoLZAFf8fvm5DF46Mr3h2A2O9qBDJkU8Ja03hT
67XZ3FI0mEgME/8fHU50fvX8U4DdRy2eK7DMjASsX6YHGwSBE+an/KI4gs7nTM2t
J+j8t0n0dh1yBuZTl/tTL8wHA1tlEUhj/E4Y2ZDFxe5i2BnAwLOQ4EhJIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKNL/CIjGnhhj6ioFOQ+8tpE44++MB8GA1UdIwQY
MBaAFOIESf5/Syzx9/1nDlguvMl+Rff/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQt
OTA2YTkxZWU5ZmU0LzEvbzB2OElpTWFlR0dQcUtnVTVEN3kya1Rqajc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQtOTA2YTkxZWU5ZmU0
LzEvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5HUkD
BAK5HUgwDQYJKoZIhvcNAQELBQADggEBAM76IAaddOieSbybr2ovlzOPnLzCdDbn
OID+IQGzlsmsFxdtY2Q9a6QPFKRNgJSRT2rO+ozQUN4NqRUXRog/A32njUZLkuzd
lI4S1HUlC3ozaWwMonqM+xckNZgLAcNvpezKbtVh2LcQ0flUj16izKfC46ZZUi+A
ZD/F4vKu0mdfX1caY39E7iq9/X78zzvVkZnE8j85HcaF1Rlj6qk/LJARBcXkeo0T
F9IlFFe3jggTwWD/1JOCdb5mjzeGUlebGdQ7lKBetq0exVY3s0STJgXYhV2bUu4E
3ZUgKaj7eHwjXf/U1ramdWBuMMjsomXeJrmnbqqsiDjn0aWkqqHxung=
-----END CERTIFICATE-----