Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/aEoRqFMeFHp6ZdDSpBQq9W8YjC0.roa
File:                     aEoRqFMeFHp6ZdDSpBQq9W8YjC0.roa (raw, json)
Hash identifier:          sRrdScxi5PZqb8/qYjtglH0umyqGqoOmK8gmz8WA+l8=
Subject key identifier:   68:4A:11:A8:53:1E:14:7A:7A:65:D0:D2:A4:14:2A:F5:6F:18:8C:2D
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       01922310AF57220E2AC00A9ED8F7F2F0FCE3
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/aEoRqFMeFHp6ZdDSpBQq9W8YjC0.roa
Signing time:             Tue 24 Sep 2024 08:05:48 +0000
ROA not before:           Tue 24 Sep 2024 08:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        185.110.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:10:af:57:22:0e:2a:c0:0a:9e:d8:f7:f2:f0:fc:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Sep 24 08:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=684a11a8531e147a7a65d0d2a4142af56f188c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:50:85:85:83:2a:a8:ec:09:e6:16:db:22:43:
                    93:0b:b2:93:9d:1b:92:90:f1:98:2c:ec:86:e1:0e:
                    e1:1f:8f:77:d5:6a:81:80:98:73:36:c9:3f:df:75:
                    9b:fc:a6:07:34:0c:df:3f:58:a4:ad:e9:fc:c1:c2:
                    5a:1c:86:1d:59:c6:79:54:55:1c:48:59:41:4a:06:
                    40:b9:4c:64:e1:c1:34:ac:db:31:09:4f:58:89:5b:
                    b5:3c:b2:7a:a3:1d:7b:5d:51:2a:d9:66:f8:06:05:
                    3e:c8:0a:27:6d:0a:f7:2a:80:5a:8d:da:b9:02:57:
                    88:04:45:2a:f8:b9:f8:cf:a2:84:86:07:7e:70:a2:
                    ba:b1:7e:1e:cc:62:00:f8:d0:9e:86:c3:be:90:a1:
                    86:6a:43:60:2c:d3:ef:41:35:3d:77:d3:1a:9e:d7:
                    55:7f:54:91:1a:a4:34:2d:f1:be:94:ca:26:76:f4:
                    77:a7:45:29:2f:68:83:cc:d7:87:7a:c2:5f:ee:e9:
                    23:71:49:8b:20:21:40:22:3b:e5:5f:0b:42:da:41:
                    f6:08:ed:2d:d7:af:12:7f:67:a1:53:86:c3:b9:9a:
                    02:00:da:4a:1e:e1:e8:77:16:e1:18:6c:ce:b0:26:
                    2a:f2:ef:7a:04:fa:44:ac:4d:6e:15:4f:b8:63:8c:
                    d0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4A:11:A8:53:1E:14:7A:7A:65:D0:D2:A4:14:2A:F5:6F:18:8C:2D
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/aEoRqFMeFHp6ZdDSpBQq9W8YjC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ec:3b:b7:bb:0c:79:91:e0:21:48:cb:e8:cc:ee:35:1f:4a:
         65:4c:2d:84:72:9c:1c:61:14:2d:23:c6:d4:7e:2a:f6:92:dd:
         33:79:c2:42:18:43:45:80:35:47:64:a2:04:0e:d6:02:6b:80:
         5f:c6:a0:e2:23:50:7c:4c:2e:5c:54:19:95:d1:6c:f4:63:69:
         ce:d8:6c:e8:4e:e2:41:1b:45:0a:ed:e3:1f:f6:37:b8:2b:74:
         ca:eb:6e:85:ef:c4:9c:66:19:9d:d8:69:42:9a:cc:2d:d3:3b:
         eb:89:61:8a:f2:d3:33:2f:15:01:df:be:b3:05:05:9c:bd:a6:
         74:1e:9b:b6:6c:96:e2:45:4c:cc:c5:4a:3d:4c:07:a9:22:57:
         ff:29:1a:f4:99:af:a6:ab:73:1b:2c:2e:a4:5d:dd:ad:94:df:
         5b:4c:a9:b0:97:e2:fa:c8:b8:be:c1:62:3a:ba:c4:86:1c:40:
         c8:71:89:f5:08:13:96:26:69:8b:e8:36:c7:2c:23:62:18:93:
         7d:4c:2e:84:d7:13:f6:88:f0:86:ef:03:9c:2f:24:9a:01:ff:
         7f:19:ac:48:8e:a5:90:df:2f:79:4a:8f:da:12:a5:15:7c:b1:
         06:0a:e1:c9:4f:b6:9f:3b:81:e8:e2:76:97:c7:3f:9a:6e:b4:
         0f:85:7d:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjEK9XIg4qwAqe2Pfy8PzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwOTI0MDgwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRhMTFhODUzMWUxNDdhN2E2NWQwZDJhNDE0MmFmNTZmMTg4YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVCFhYMqqOwJ5hbbIkOTC7KTnRuS
kPGYLOyG4Q7hH4931WqBgJhzNsk/33Wb/KYHNAzfP1ikren8wcJaHIYdWcZ5VFUc
SFlBSgZAuUxk4cE0rNsxCU9YiVu1PLJ6ox17XVEq2Wb4BgU+yAonbQr3KoBajdq5
AleIBEUq+Ln4z6KEhgd+cKK6sX4ezGIA+NCehsO+kKGGakNgLNPvQTU9d9MantdV
f1SRGqQ0LfG+lMomdvR3p0UpL2iDzNeHesJf7ukjcUmLICFAIjvlXwtC2kH2CO0t
168Sf2ehU4bDuZoCANpKHuHodxbhGGzOsCYq8u96BPpErE1uFU+4Y4zQdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhKEahTHhR6emXQ0qQUKvVvGIwtMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvYUVvUnFGTWVGSHA2WmREU3BCUXE5VzhZakMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW4/MA0G
CSqGSIb3DQEBCwUAA4IBAQB07Du3uwx5keAhSMvozO41H0plTC2EcpwcYRQtI8bU
fir2kt0zecJCGENFgDVHZKIEDtYCa4BfxqDiI1B8TC5cVBmV0Wz0Y2nO2GzoTuJB
G0UK7eMf9je4K3TK626F78ScZhmd2GlCmswt0zvriWGK8tMzLxUB376zBQWcvaZ0
Hpu2bJbiRUzMxUo9TAepIlf/KRr0ma+mq3MbLC6kXd2tlN9bTKmwl+L6yLi+wWI6
usSGHEDIcYn1CBOWJmmL6DbHLCNiGJN9TC6E1xP2iPCG7wOcLySaAf9/GaxIjqWQ
3y95So/aEqUVfLEGCuHJT7afO4Ho4naXxz+abrQPhX1O
-----END CERTIFICATE-----