Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/DexpTYz9TRL_9xZ64_7hmiiZv38.roa
File:                     DexpTYz9TRL_9xZ64_7hmiiZv38.roa (raw, json)
Hash identifier:          fR27O1uUfqM71FqtrlvQgUMyt7i2COdDN0cmI8Q7Z6A=
Subject key identifier:   0D:EC:69:4D:8C:FD:4D:12:FF:F7:16:7A:E3:FE:E1:9A:28:99:BF:7F
Certificate issuer:       /CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Certificate serial:       018CC49377BB66BEDB6AB19A5075147F43A0
Authority key identifier: 5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/DexpTYz9TRL_9xZ64_7hmiiZv38.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206408
IP address blocks:        185.130.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:77:bb:66:be:db:6a:b1:9a:50:75:14:7f:43:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dec694d8cfd4d12fff7167ae3fee19a2899bf7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e5:69:35:07:42:f2:5c:0a:22:20:fd:89:f5:
                    1f:75:e3:c8:0b:88:36:b5:64:24:eb:f7:5c:3b:21:
                    eb:ea:d7:1e:cc:25:64:0a:a8:1c:47:3a:8e:81:e2:
                    30:96:4b:ca:b0:a6:03:3f:b4:b2:a7:51:c9:6f:9a:
                    8b:05:01:86:3f:f0:c9:c8:b8:00:e7:c6:89:84:d9:
                    2c:9c:0c:49:f8:a8:67:a3:45:39:24:a8:f6:a6:fa:
                    73:bd:08:fe:83:76:fd:a4:82:3b:01:01:74:ee:34:
                    65:22:ac:09:d9:13:8d:c5:76:58:a8:a5:bd:5d:76:
                    33:66:64:a8:0c:94:42:96:c7:30:de:b3:95:72:3f:
                    f9:8b:6c:7f:a5:e6:cc:8e:5e:1c:ac:a5:d7:d3:dd:
                    ac:04:f3:aa:1f:ee:fa:01:0f:4d:ea:66:b8:72:89:
                    87:3c:5c:5c:c7:3a:0e:cf:87:f0:30:01:d9:89:a0:
                    8e:91:be:9a:17:e9:75:fe:6c:65:87:46:b9:24:72:
                    18:86:5c:48:56:3d:7e:54:f1:47:99:1e:82:84:05:
                    e3:89:66:81:52:86:71:97:76:41:1c:96:ae:54:f5:
                    cd:5b:92:fb:16:1a:77:00:e3:b8:ae:0a:fa:02:d2:
                    03:9b:fb:83:da:73:24:aa:56:60:4e:ba:fa:6b:2b:
                    db:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EC:69:4D:8C:FD:4D:12:FF:F7:16:7A:E3:FE:E1:9A:28:99:BF:7F
            X509v3 Authority Key Identifier:
                keyid:5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/DexpTYz9TRL_9xZ64_7hmiiZv38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:2d:09:3d:c4:14:82:23:f1:e8:37:c5:86:01:b9:c2:6e:dd:
         25:27:84:c7:1e:b9:53:ac:62:63:cc:be:d3:a1:ea:1f:9c:d7:
         85:4b:f2:14:6d:82:29:b9:04:9a:60:8c:ab:a2:09:da:55:63:
         db:f8:c5:f0:f2:54:4c:db:f3:1b:28:ea:d4:08:f5:71:c2:ae:
         52:6a:a0:c3:72:d5:0a:b0:7f:b3:56:38:4b:0e:4a:ce:00:de:
         20:74:a4:3f:59:57:66:cd:30:90:56:84:c7:d8:a2:4c:d3:43:
         87:0a:6c:b0:85:bf:a8:2e:2e:39:73:bb:9b:bc:aa:ed:ea:c9:
         c1:a7:c2:d5:7d:56:98:7f:c0:a0:8b:9c:cd:88:0b:34:9a:51:
         5a:5d:14:d8:f1:18:e0:94:c2:9a:24:26:a6:b5:6f:3b:30:0b:
         60:82:6c:33:b1:1d:3b:fe:c6:c5:a7:ee:ab:9e:3f:52:11:e9:
         33:5a:98:8a:11:6a:35:33:2e:3b:17:d7:b1:6f:d8:52:52:e6:
         03:e4:be:59:67:0b:62:b8:02:4a:f2:55:91:60:94:90:bd:b8:
         3a:2a:27:34:ac:f3:29:76:d8:20:b2:92:5f:8f:db:6b:af:aa:
         55:10:79:79:dc:1f:ce:63:39:0b:1a:21:bf:51:16:ea:8e:f8:
         57:23:2c:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3e7Zr7barGaUHUUf0OgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzQ2ZTlmMTJjMmMwZTU0NTlmZTRlM2Q0MTNjMWM4OWRl
NmRiMGUwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGVjNjk0ZDhjZmQ0ZDEyZmZmNzE2N2FlM2ZlZTE5YTI4OTliZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheVpNQdC8lwKIiD9ifUfdePIC4g2
tWQk6/dcOyHr6tcezCVkCqgcRzqOgeIwlkvKsKYDP7Syp1HJb5qLBQGGP/DJyLgA
58aJhNksnAxJ+Khno0U5JKj2pvpzvQj+g3b9pII7AQF07jRlIqwJ2RONxXZYqKW9
XXYzZmSoDJRClscw3rOVcj/5i2x/pebMjl4crKXX092sBPOqH+76AQ9N6ma4comH
PFxcxzoOz4fwMAHZiaCOkb6aF+l1/mxlh0a5JHIYhlxIVj1+VPFHmR6ChAXjiWaB
UoZxl3ZBHJauVPXNW5L7Fhp3AOO4rgr6AtIDm/uD2nMkqlZgTrr6ayvbrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3saU2M/U0S//cWeuP+4Zoomb9/MB8GA1UdIwQY
MBaAFFx0bp8SwsDlRZ/k49QTwcid5tsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMt
ZTU5NDc2MTRlZjNmLzEvRGV4cFRZejlUUkxfOXhaNjRfN2htaWladjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMtZTU5NDc2MTRlZjNm
LzEvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYIAMA0G
CSqGSIb3DQEBCwUAA4IBAQBcLQk9xBSCI/HoN8WGAbnCbt0lJ4THHrlTrGJjzL7T
oeofnNeFS/IUbYIpuQSaYIyrognaVWPb+MXw8lRM2/MbKOrUCPVxwq5SaqDDctUK
sH+zVjhLDkrOAN4gdKQ/WVdmzTCQVoTH2KJM00OHCmywhb+oLi45c7ubvKrt6snB
p8LVfVaYf8Cgi5zNiAs0mlFaXRTY8RjglMKaJCamtW87MAtggmwzsR07/sbFp+6r
nj9SEekzWpiKEWo1My47F9exb9hSUuYD5L5ZZwtiuAJK8lWRYJSQvbg6Kic0rPMp
dtggspJfj9trr6pVEHl53B/OYzkLGiG/URbqjvhXIywq
-----END CERTIFICATE-----