Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/dnRdzwWvgHOV_hYZUggRPvkd9Lk.roa
File:                     dnRdzwWvgHOV_hYZUggRPvkd9Lk.roa (raw, json)
Hash identifier:          bHFiJBZyo0KOuw2q0Pb+V339BpBF81GB5M4p0rqqB68=
Subject key identifier:   76:74:5D:CF:05:AF:80:73:95:FE:16:19:52:08:11:3E:F9:1D:F4:B9
Certificate issuer:       /CN=e5805c5fe3450287dcde6ade0d9c9558ba615e32
Certificate serial:       018CC2DADD8F8CD6F33D7D9BEFC4CAD31843
Authority key identifier: E5:80:5C:5F:E3:45:02:87:DC:DE:6A:DE:0D:9C:95:58:BA:61:5E:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/dnRdzwWvgHOV_hYZUggRPvkd9Lk.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204344
IP address blocks:        185.252.48.0/22 maxlen: 22
                          2a0c:20c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:8f:8c:d6:f3:3d:7d:9b:ef:c4:ca:d3:18:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5805c5fe3450287dcde6ade0d9c9558ba615e32
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76745dcf05af807395fe16195208113ef91df4b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:48:c4:bd:68:6d:d2:8f:04:54:96:e5:1a:dc:
                    2b:db:5b:88:ae:06:83:eb:9c:ac:e8:47:e0:fc:56:
                    ca:4c:60:a2:44:22:2b:ad:6f:17:32:59:36:7a:43:
                    e1:e0:f0:82:19:aa:4a:b9:6a:ea:09:57:13:b6:f2:
                    b0:7d:5f:c3:f6:45:0b:e3:6c:eb:54:b4:35:36:d4:
                    fa:a9:5b:50:c9:26:1d:d5:52:a3:15:fb:e0:63:0b:
                    64:85:75:51:e4:60:da:fd:da:2b:7a:0a:c8:e8:3e:
                    e4:41:09:d1:65:01:09:cd:ac:2e:bb:ab:3a:6f:4c:
                    ab:28:61:00:93:a5:0d:a7:c9:52:1c:fa:0e:de:55:
                    fd:4b:a2:1a:7d:3f:56:db:ee:f2:a2:39:a4:4c:17:
                    69:68:00:9c:e4:01:ab:33:94:a7:e3:f9:9b:9f:80:
                    4d:45:b5:4f:1d:e0:96:ab:61:3a:b7:c0:2f:db:9a:
                    a2:4e:f8:b8:34:29:eb:c7:ca:a2:3e:d2:f3:13:19:
                    7c:21:d7:34:1d:92:9f:35:d4:b8:fb:a0:d3:04:39:
                    ee:fd:da:d7:92:6d:29:93:44:f1:08:33:a3:37:4c:
                    2e:14:db:2e:98:dd:af:12:89:49:a3:79:3e:c0:c5:
                    9e:59:f3:33:80:dc:33:03:a1:8d:72:6d:64:ca:d3:
                    db:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:74:5D:CF:05:AF:80:73:95:FE:16:19:52:08:11:3E:F9:1D:F4:B9
            X509v3 Authority Key Identifier:
                keyid:E5:80:5C:5F:E3:45:02:87:DC:DE:6A:DE:0D:9C:95:58:BA:61:5E:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/dnRdzwWvgHOV_hYZUggRPvkd9Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.48.0/22
                IPv6:
                  2a0c:20c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:5f:58:0a:b2:0c:29:a4:da:b1:a7:61:b3:5b:8f:07:ca:ea:
         0d:39:5b:9e:2c:64:1f:28:3a:5a:ef:c3:b4:3c:02:1e:47:5e:
         d5:9a:48:85:e3:6c:8f:70:6b:00:fa:09:38:5b:15:95:15:78:
         4b:e8:43:f0:1e:56:ac:5d:3b:a8:50:68:b2:1a:ab:de:0f:75:
         45:ac:ee:01:a4:ce:34:51:66:37:1b:9d:05:46:8d:ed:ed:af:
         64:71:fd:51:a7:22:95:78:36:c1:3e:c8:59:4c:76:40:9d:fc:
         89:6b:0b:e5:ed:ba:07:56:56:1c:09:67:34:ce:53:85:3b:d1:
         81:00:9a:40:0b:1c:57:81:c7:f4:c4:61:00:05:64:55:48:35:
         ea:b8:3b:39:eb:73:d6:a8:a0:f2:ea:8e:fe:5e:4a:50:e8:4b:
         8f:61:a8:cd:8c:17:07:cf:2f:18:af:c1:b6:d9:c4:76:5d:da:
         1f:1b:8f:ae:b7:64:86:d9:e1:e6:ec:eb:fe:71:12:36:a3:08:
         ea:34:d5:20:82:c9:c1:75:73:a7:ee:cc:46:3a:02:9a:be:31:
         b4:00:74:04:bf:22:29:0d:db:a5:f0:ec:ac:9c:a6:06:eb:b5:
         cc:5d:c4:e1:b5:8b:68:c2:75:e1:94:3c:bc:dc:6f:b9:19:3b:
         ad:e1:75:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2t2PjNbzPX2b78TK0xhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODA1YzVmZTM0NTAyODdkY2RlNmFkZTBkOWM5NTU4YmE2
MTVlMzIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc0NWRjZjA1YWY4MDczOTVmZTE2MTk1MjA4MTEzZWY5MWRmNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kjEvWht0o8EVJblGtwr21uIrgaD
65ys6Efg/FbKTGCiRCIrrW8XMlk2ekPh4PCCGapKuWrqCVcTtvKwfV/D9kUL42zr
VLQ1NtT6qVtQySYd1VKjFfvgYwtkhXVR5GDa/doregrI6D7kQQnRZQEJzawuu6s6
b0yrKGEAk6UNp8lSHPoO3lX9S6IafT9W2+7yojmkTBdpaACc5AGrM5Sn4/mbn4BN
RbVPHeCWq2E6t8Av25qiTvi4NCnrx8qiPtLzExl8Idc0HZKfNdS4+6DTBDnu/drX
km0pk0TxCDOjN0wuFNsumN2vEolJo3k+wMWeWfMzgNwzA6GNcm1kytPbsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHZ0Xc8Fr4Bzlf4WGVIIET75HfS5MB8GA1UdIwQY
MBaAFOWAXF/jRQKH3N5q3g2clVi6YV4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlCY1gtTkZBb2ZjM21yZURaeVZXTHBoWGpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iNGRjM2MtZWNhYi00MzZkLWFjNTIt
NTk1MzA3ZjQ3MTEwLzEvZG5SZHp3V3ZnSE9WX2hZWlVnZ1JQdmtkOUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iNGRjM2MtZWNhYi00MzZkLWFjNTItNTk1MzA3ZjQ3MTEw
LzEvNVlCY1gtTkZBb2ZjM21yZURaeVZXTHBoWGpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufwwMA0E
AgACMAcDBQMqDCDAMA0GCSqGSIb3DQEBCwUAA4IBAQANX1gKsgwppNqxp2GzW48H
yuoNOVueLGQfKDpa78O0PAIeR17VmkiF42yPcGsA+gk4WxWVFXhL6EPwHlasXTuo
UGiyGqveD3VFrO4BpM40UWY3G50FRo3t7a9kcf1RpyKVeDbBPshZTHZAnfyJawvl
7boHVlYcCWc0zlOFO9GBAJpACxxXgcf0xGEABWRVSDXquDs563PWqKDy6o7+XkpQ
6EuPYajNjBcHzy8Yr8G22cR2XdofG4+ut2SG2eHm7Ov+cRI2owjqNNUggsnBdXOn
7sxGOgKavjG0AHQEvyIpDdul8OysnKYG67XMXcThtYtownXhlDy83G+5GTut4XUk
-----END CERTIFICATE-----