Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/DcJfo5_PtvVf5wFKUsQICXZDZ2Q.roa
File:                     DcJfo5_PtvVf5wFKUsQICXZDZ2Q.roa (raw, json)
Hash identifier:          hgDh7UTKOeMyrpRFHUHwIgRlDcGagqdKy3n+bLO1OCo=
Subject key identifier:   0D:C2:5F:A3:9F:CF:B6:F5:5F:E7:01:4A:52:C4:08:09:76:43:67:64
Certificate issuer:       /CN=e319d0cd65593d969e8d45382a194aaa73c0ff8c
Certificate serial:       018CC2DB464809D5A0E213637767D048B579
Authority key identifier: E3:19:D0:CD:65:59:3D:96:9E:8D:45:38:2A:19:4A:AA:73:C0:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xnQzWVZPZaejUU4KhlKqnPA_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/DcJfo5_PtvVf5wFKUsQICXZDZ2Q.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.206.57.0/24 maxlen: 24
                          185.206.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/4xnQzWVZPZaejUU4KhlKqnPA_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/4xnQzWVZPZaejUU4KhlKqnPA_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xnQzWVZPZaejUU4KhlKqnPA_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:48:09:d5:a0:e2:13:63:77:67:d0:48:b5:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e319d0cd65593d969e8d45382a194aaa73c0ff8c
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dc25fa39fcfb6f55fe7014a52c4080976436764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c0:1b:13:9d:78:83:c6:75:a1:19:fa:16:fe:
                    27:6c:0e:f5:71:b8:19:62:74:26:4f:98:7a:cb:19:
                    d4:61:16:d1:37:c1:41:87:48:9d:54:12:9b:d6:80:
                    fb:4e:1c:28:73:0b:d5:92:fb:7b:c3:68:7e:68:8e:
                    1d:96:0a:85:be:ca:3a:69:fe:0e:48:d9:4c:8b:5e:
                    44:46:ec:7a:73:d1:5b:2c:50:11:a3:57:ef:77:18:
                    85:8a:b1:1e:ed:24:2a:5a:77:9c:72:70:22:2e:c8:
                    22:ec:63:b1:f9:9f:79:29:5d:f3:b1:97:d9:7a:50:
                    99:f5:c6:66:d5:6e:15:03:df:51:8a:87:96:06:42:
                    06:e6:26:7f:f6:95:6a:0f:67:bb:26:b8:21:e1:c9:
                    db:42:ec:ef:33:9e:c7:83:27:99:93:01:ee:10:a1:
                    cc:99:da:69:a2:dd:e2:71:ff:52:85:35:44:68:7a:
                    5b:6e:96:d8:25:1b:75:4a:81:04:d6:51:de:e3:c8:
                    86:81:ed:a1:59:16:0e:90:fb:e7:f9:68:44:7f:ba:
                    b1:c9:e7:f3:ed:8c:7f:d1:20:67:17:1e:67:56:1c:
                    89:ff:92:07:a6:a1:62:f9:89:e1:4d:49:97:57:0f:
                    d7:a6:ba:f9:0f:f7:50:f0:a1:b3:4c:7a:3c:b6:3c:
                    1a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C2:5F:A3:9F:CF:B6:F5:5F:E7:01:4A:52:C4:08:09:76:43:67:64
            X509v3 Authority Key Identifier:
                keyid:E3:19:D0:CD:65:59:3D:96:9E:8D:45:38:2A:19:4A:AA:73:C0:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xnQzWVZPZaejUU4KhlKqnPA_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/DcJfo5_PtvVf5wFKUsQICXZDZ2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ae869c-812c-4cd6-baf9-217cf93845bc/1/4xnQzWVZPZaejUU4KhlKqnPA_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:f2:1d:ae:74:de:15:e0:77:31:eb:aa:6b:fa:db:73:b5:f1:
         87:1a:fb:71:f5:cd:71:de:3a:0e:e3:d4:f1:af:cb:00:2a:da:
         fc:d0:0a:b8:dd:a2:50:d0:75:4d:9a:5a:bc:3c:16:01:20:06:
         2a:80:3a:1f:5f:9b:d2:1a:29:cf:a1:b9:9a:d1:d8:81:b3:05:
         09:4b:38:db:3b:77:dc:aa:1b:b8:c1:fd:29:fe:3b:6b:cf:b9:
         91:2c:af:fe:ea:4a:cd:df:8e:d5:cf:47:92:ae:d0:58:21:90:
         cc:cd:d9:54:57:02:61:56:f9:24:2f:ea:b9:da:85:c7:96:13:
         b0:12:56:81:a2:1e:3a:f6:1f:92:31:75:c2:ba:eb:36:db:3e:
         3f:0c:52:f8:88:b3:ce:22:11:62:23:17:4b:56:e3:f9:1d:27:
         95:98:d0:07:e0:61:14:dc:50:ee:70:1d:8e:25:90:3d:00:68:
         f3:66:41:6e:90:77:50:22:54:e7:1e:2b:ab:e8:57:b3:c1:bc:
         e9:bb:51:2c:96:b2:0b:53:9d:a7:6d:e3:0a:ad:ef:83:b5:51:
         d4:a9:88:3d:d7:5f:90:a1:ae:ca:ff:cd:2b:3a:6a:9c:6f:f9:
         17:fa:3a:8c:80:ee:25:3e:cd:ca:82:55:bd:69:46:af:5a:ef:
         8d:1f:d4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20ZICdWg4hNjd2fQSLV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTlkMGNkNjU1OTNkOTY5ZThkNDUzODJhMTk0YWFhNzNj
MGZmOGMwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGMyNWZhMzlmY2ZiNmY1NWZlNzAxNGE1MmM0MDgwOTc2NDM2NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsAbE514g8Z1oRn6Fv4nbA71cbgZ
YnQmT5h6yxnUYRbRN8FBh0idVBKb1oD7ThwocwvVkvt7w2h+aI4dlgqFvso6af4O
SNlMi15ERux6c9FbLFARo1fvdxiFirEe7SQqWneccnAiLsgi7GOx+Z95KV3zsZfZ
elCZ9cZm1W4VA99RioeWBkIG5iZ/9pVqD2e7Jrgh4cnbQuzvM57HgyeZkwHuEKHM
mdppot3icf9ShTVEaHpbbpbYJRt1SoEE1lHe48iGge2hWRYOkPvn+WhEf7qxyefz
7Yx/0SBnFx5nVhyJ/5IHpqFi+YnhTUmXVw/Xprr5D/dQ8KGzTHo8tjwatQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3CX6Ofz7b1X+cBSlLECAl2Q2dkMB8GA1UdIwQY
MBaAFOMZ0M1lWT2Wno1FOCoZSqpzwP+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhuUXpXVlpQWmFlalVVNEtobEtxblBBXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9hZTg2OWMtODEyYy00Y2Q2LWJhZjkt
MjE3Y2Y5Mzg0NWJjLzEvRGNKZm81X1B0dlZmNXdGS1VzUUlDWFpEWjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9hZTg2OWMtODEyYy00Y2Q2LWJhZjktMjE3Y2Y5Mzg0NWJj
LzEvNHhuUXpXVlpQWmFlalVVNEtobEtxblBBXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuc44MA0G
CSqGSIb3DQEBCwUAA4IBAQBw8h2udN4V4Hcx66pr+ttztfGHGvtx9c1x3joO49Tx
r8sAKtr80Aq43aJQ0HVNmlq8PBYBIAYqgDofX5vSGinPobma0diBswUJSzjbO3fc
qhu4wf0p/jtrz7mRLK/+6krN347Vz0eSrtBYIZDMzdlUVwJhVvkkL+q52oXHlhOw
ElaBoh469h+SMXXCuus22z4/DFL4iLPOIhFiIxdLVuP5HSeVmNAH4GEU3FDucB2O
JZA9AGjzZkFukHdQIlTnHiur6Fezwbzpu1EslrILU52nbeMKre+DtVHUqYg911+Q
oa7K/80rOmqcb/kX+jqMgO4lPs3KglW9aUavWu+NH9Qo
-----END CERTIFICATE-----