Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/N_uD8e6zUqbFTb-IJOOVLq7V198.roa
File:                     N_uD8e6zUqbFTb-IJOOVLq7V198.roa (raw, json)
Hash identifier:          DUBA1fRafC5UHkGDu953F7PlANuQCkczPa0iHNO/by8=
Subject key identifier:   37:FB:83:F1:EE:B3:52:A6:C5:4D:BF:88:24:E3:95:2E:AE:D5:D7:DF
Certificate issuer:       /CN=f8456292d85a0b86c4e2534b27d26b47bfe04317
Certificate serial:       018CC6B8FBB86D12BB0F2731A734FBC1C46E
Authority key identifier: F8:45:62:92:D8:5A:0B:86:C4:E2:53:4B:27:D2:6B:47:BF:E0:43:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-EVikthaC4bE4lNLJ9JrR7_gQxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/N_uD8e6zUqbFTb-IJOOVLq7V198.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203932
IP address blocks:        185.198.241.0/24 maxlen: 24
                          2a13:4700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/1-EVikthaC4bE4lNLJ9JrR7_gQxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/1-EVikthaC4bE4lNLJ9JrR7_gQxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-EVikthaC4bE4lNLJ9JrR7_gQxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fb:b8:6d:12:bb:0f:27:31:a7:34:fb:c1:c4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8456292d85a0b86c4e2534b27d26b47bfe04317
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37fb83f1eeb352a6c54dbf8824e3952eaed5d7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e3:3a:97:37:c4:7f:75:d7:d1:3f:88:bf:a5:
                    e0:87:c8:88:25:cd:19:89:ba:3f:ce:25:57:62:30:
                    72:56:3b:98:55:d8:99:e1:90:90:2e:15:92:08:00:
                    5e:c5:92:34:a7:ef:a4:95:5d:06:ac:4f:ae:b8:44:
                    6b:51:85:8e:8d:10:bf:c4:94:bd:f9:9d:d6:cd:38:
                    8b:96:1e:4c:18:cc:4a:e1:84:7c:3b:cb:32:44:4f:
                    a4:3f:2c:ef:a6:ad:09:4e:30:58:39:a0:4e:f7:63:
                    e9:b6:ea:bd:b3:25:8a:a2:a4:97:40:d6:08:6a:58:
                    51:3b:c6:27:f5:8d:12:d3:66:4e:93:0b:9d:cd:a8:
                    c8:4f:a8:34:ed:c7:c7:6d:82:37:98:34:ac:9a:19:
                    b3:9d:d9:53:4b:5b:07:30:d7:61:de:71:44:13:75:
                    95:f6:91:fc:ce:4f:b0:54:76:19:f3:b5:d4:17:b9:
                    ca:0d:46:49:6c:4c:96:7d:ae:2e:8b:f9:f1:1c:e2:
                    ce:4f:2d:79:04:31:4d:65:8d:4f:8b:23:53:08:ef:
                    e7:58:81:f9:41:c4:06:2f:f0:cc:47:77:af:44:fb:
                    5a:b2:80:2c:c2:e7:03:5a:d1:41:c2:d7:ba:07:2d:
                    d3:74:ed:07:33:c2:1e:29:b7:c1:04:84:26:50:cc:
                    3b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FB:83:F1:EE:B3:52:A6:C5:4D:BF:88:24:E3:95:2E:AE:D5:D7:DF
            X509v3 Authority Key Identifier:
                keyid:F8:45:62:92:D8:5A:0B:86:C4:E2:53:4B:27:D2:6B:47:BF:E0:43:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EVikthaC4bE4lNLJ9JrR7_gQxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/N_uD8e6zUqbFTb-IJOOVLq7V198.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/746767-ef5f-436c-bd5d-8e8b79926aa3/1/1-EVikthaC4bE4lNLJ9JrR7_gQxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.241.0/24
                IPv6:
                  2a13:4700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:0a:02:40:d4:b3:5f:c7:06:a1:09:3b:b8:9c:98:10:45:db:
         06:c8:63:e6:d9:ef:bb:34:99:f2:2a:c4:e6:a9:26:a9:07:18:
         c0:9e:e4:d1:7d:4c:c4:c7:0f:bc:36:b8:da:62:30:13:ac:c6:
         e5:6a:3c:1c:62:2c:9c:24:1b:b6:18:8e:9e:05:25:f7:a1:85:
         25:d5:23:e8:06:27:90:65:87:52:2d:9d:87:66:ee:a5:6a:69:
         59:8e:8c:48:0f:a7:95:74:06:04:a4:ce:7e:be:1c:4e:56:b4:
         96:8e:56:7f:05:a9:f3:ea:de:42:72:54:22:49:02:ee:48:0d:
         f6:50:8a:6e:97:8e:45:f8:01:17:db:7e:08:95:dc:77:ff:30:
         16:a4:af:3d:90:75:d8:e1:54:16:77:a3:cd:08:d5:67:c5:6c:
         0d:74:2a:c5:91:09:47:32:ae:67:11:55:34:ed:0e:53:aa:e6:
         5b:1b:45:cc:52:b6:e3:73:25:67:d6:ca:52:f3:17:73:fc:6d:
         61:d7:4b:27:d9:60:84:34:b8:68:8a:56:41:0e:3d:5d:64:68:
         ac:86:8c:21:37:df:34:20:9a:47:6d:80:45:82:b1:1b:5a:fb:
         5b:8a:fd:eb:f5:b2:d3:69:6b:44:2d:5f:48:51:c7:2c:76:c2:
         56:7f:34:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuPu4bRK7DycxpzT7wcRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDU2MjkyZDg1YTBiODZjNGUyNTM0YjI3ZDI2YjQ3YmZl
MDQzMTcwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZiODNmMWVlYjM1MmE2YzU0ZGJmODgyNGUzOTUyZWFlZDVkN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuM6lzfEf3XX0T+Iv6Xgh8iIJc0Z
ibo/ziVXYjByVjuYVdiZ4ZCQLhWSCABexZI0p++klV0GrE+uuERrUYWOjRC/xJS9
+Z3WzTiLlh5MGMxK4YR8O8syRE+kPyzvpq0JTjBYOaBO92Pptuq9syWKoqSXQNYI
alhRO8Yn9Y0S02ZOkwudzajIT6g07cfHbYI3mDSsmhmzndlTS1sHMNdh3nFEE3WV
9pH8zk+wVHYZ87XUF7nKDUZJbEyWfa4ui/nxHOLOTy15BDFNZY1PiyNTCO/nWIH5
QcQGL/DMR3evRPtasoAswucDWtFBwte6By3TdO0HM8IeKbfBBIQmUMw7SwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDf7g/Hus1KmxU2/iCTjlS6u1dffMB8GA1UdIwQY
MBaAFPhFYpLYWguGxOJTSyfSa0e/4EMXMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FVmlrdGhhQzRiRTRsTkxKOUpyUjdfZ1F4Yy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvNzQ2NzY3LWVmNWYtNDM2Yy1iZDVk
LThlOGI3OTkyNmFhMy8xL05fdUQ4ZTZ6VXFiRlRiLUlKT09WTHE3VjE5OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvNzQ2NzY3LWVmNWYtNDM2Yy1iZDVkLThlOGI3OTkyNmFh
My8xLzEtRVZpa3RoYUM0YkU0bE5MSjlKclI3X2dReGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5xvEw
DQQCAAIwBwMFAyoTRwAwDQYJKoZIhvcNAQELBQADggEBAA0KAkDUs1/HBqEJO7ic
mBBF2wbIY+bZ77s0mfIqxOapJqkHGMCe5NF9TMTHD7w2uNpiMBOsxuVqPBxiLJwk
G7YYjp4FJfehhSXVI+gGJ5Blh1ItnYdm7qVqaVmOjEgPp5V0BgSkzn6+HE5WtJaO
Vn8FqfPq3kJyVCJJAu5IDfZQim6XjkX4ARfbfgiV3Hf/MBakrz2QddjhVBZ3o80I
1WfFbA10KsWRCUcyrmcRVTTtDlOq5lsbRcxStuNzJWfWylLzF3P8bWHXSyfZYIQ0
uGiKVkEOPV1kaKyGjCE33zQgmkdtgEWCsRta+1uK/ev1stNpa0QtX0hRxyx2wlZ/
NA8=
-----END CERTIFICATE-----