Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/EMJN6l5pZWfBKSGk0qFv69ByNyw.roa
File:                     EMJN6l5pZWfBKSGk0qFv69ByNyw.roa (raw, json)
Hash identifier:          yL23YyY4sQs5HOofsUJRfWghmXDD5Z2OmvAuR/tjZbs=
Subject key identifier:   10:C2:4D:EA:5E:69:65:67:C1:29:21:A4:D2:A1:6F:EB:D0:72:37:2C
Certificate issuer:       /CN=5d30056bc4e20393a6febf6576b3912c7ea569a6
Certificate serial:       018FC3430DD571120284EAAD33CC3DBB7A8F
Authority key identifier: 5D:30:05:6B:C4:E2:03:93:A6:FE:BF:65:76:B3:91:2C:7E:A5:69:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTAFa8TiA5Om_r9ldrORLH6laaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/EMJN6l5pZWfBKSGk0qFv69ByNyw.roa
Signing time:             Wed 29 May 2024 07:31:42 +0000
ROA not before:           Wed 29 May 2024 07:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        185.149.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/XTAFa8TiA5Om_r9ldrORLH6laaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/XTAFa8TiA5Om_r9ldrORLH6laaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTAFa8TiA5Om_r9ldrORLH6laaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c3:43:0d:d5:71:12:02:84:ea:ad:33:cc:3d:bb:7a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d30056bc4e20393a6febf6576b3912c7ea569a6
        Validity
            Not Before: May 29 07:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10c24dea5e696567c12921a4d2a16febd072372c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f6:43:47:14:3c:a3:20:bf:4d:c3:df:ba:39:
                    7e:5d:c2:c9:b9:56:ff:72:47:5e:b5:d2:9b:f9:3d:
                    88:6f:ea:13:43:d8:b8:27:d4:62:d5:66:09:9f:2d:
                    5d:18:48:a9:a5:d1:7f:51:9e:0b:08:f4:46:22:23:
                    d9:35:a9:c1:a5:0a:1e:8f:50:35:5b:be:da:22:44:
                    52:e4:a9:e5:2d:a6:4c:f0:6c:f6:c8:2f:98:df:fd:
                    a8:7f:86:17:1c:16:55:ed:b5:a4:b1:6a:b2:86:5f:
                    5d:bb:1c:f6:6e:e0:4f:13:fd:35:31:1d:24:7c:f3:
                    b0:01:18:eb:8a:eb:e7:4f:49:3b:39:e8:9d:06:92:
                    8e:ce:b0:28:03:b9:62:c6:d1:af:53:38:3d:e4:fe:
                    35:9c:73:92:a3:f9:72:45:62:ef:31:79:e0:55:84:
                    46:f3:bd:d5:51:c3:9b:cf:ce:0e:98:5f:d4:d9:39:
                    46:ad:08:15:38:fa:22:3a:a8:59:ea:a4:2d:d5:fd:
                    fe:f4:d4:d1:fb:94:b4:2c:00:10:17:12:a1:ef:90:
                    6d:b8:99:bd:88:84:99:a5:78:35:12:d0:5d:fe:0d:
                    99:91:2c:0e:d8:41:a8:3a:1e:8b:64:50:93:36:59:
                    e9:4a:95:01:93:c8:b5:a2:a6:c8:28:50:12:12:9c:
                    45:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C2:4D:EA:5E:69:65:67:C1:29:21:A4:D2:A1:6F:EB:D0:72:37:2C
            X509v3 Authority Key Identifier:
                keyid:5D:30:05:6B:C4:E2:03:93:A6:FE:BF:65:76:B3:91:2C:7E:A5:69:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTAFa8TiA5Om_r9ldrORLH6laaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/EMJN6l5pZWfBKSGk0qFv69ByNyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c3c5b7-fe57-474c-8ae3-de18510ea50a/1/XTAFa8TiA5Om_r9ldrORLH6laaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:e1:9b:39:97:21:e7:6b:24:0a:49:f5:80:4a:9d:8e:80:16:
         30:d1:1a:aa:9b:62:1a:5b:d5:bd:9a:f1:c0:05:2c:ce:86:64:
         1d:7d:b5:f7:9b:7e:84:61:23:05:cb:78:69:cb:28:50:63:d7:
         79:07:ad:28:45:5a:1a:c0:49:f6:1b:6e:23:df:1d:f1:0b:1e:
         fe:27:e3:a3:51:a8:4e:b4:97:18:7b:1f:4c:49:89:b0:4a:23:
         d8:6f:ec:a9:89:8e:6d:99:98:e7:1d:72:69:f8:fc:84:e9:c9:
         73:17:d6:6a:bc:88:fc:eb:f2:ac:40:63:a5:63:6c:92:c8:0e:
         6c:69:0b:34:83:dc:24:fe:2a:13:fd:e5:7b:ce:39:7f:36:d0:
         e3:da:06:19:14:75:1b:30:51:fc:47:31:6b:9d:dd:16:a4:b5:
         6f:5f:63:5c:f3:e3:24:1c:d4:fd:d0:83:19:3a:f7:90:2d:06:
         c9:40:90:34:cb:e8:d9:29:af:fa:33:c5:91:89:23:0b:6f:3c:
         eb:dd:d9:d9:22:1f:79:09:20:40:02:9e:29:1f:84:3a:5e:c0:
         40:38:52:36:1a:ae:3c:71:7b:9c:50:e2:1e:01:9b:f9:0c:94:
         86:b3:df:e3:53:fa:1f:53:54:95:c3:23:8d:f0:bc:02:1c:35:
         90:37:cf:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/DQw3VcRIChOqtM8w9u3qPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzAwNTZiYzRlMjAzOTNhNmZlYmY2NTc2YjM5MTJjN2Vh
NTY5YTYwHhcNMjQwNTI5MDczMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMyNGRlYTVlNjk2NTY3YzEyOTIxYTRkMmExNmZlYmQwNzIzNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPZDRxQ8oyC/TcPfujl+XcLJuVb/
ckdetdKb+T2Ib+oTQ9i4J9Ri1WYJny1dGEippdF/UZ4LCPRGIiPZNanBpQoej1A1
W77aIkRS5KnlLaZM8Gz2yC+Y3/2of4YXHBZV7bWksWqyhl9duxz2buBPE/01MR0k
fPOwARjriuvnT0k7OeidBpKOzrAoA7lixtGvUzg95P41nHOSo/lyRWLvMXngVYRG
873VUcObz84OmF/U2TlGrQgVOPoiOqhZ6qQt1f3+9NTR+5S0LAAQFxKh75BtuJm9
iISZpXg1EtBd/g2ZkSwO2EGoOh6LZFCTNlnpSpUBk8i1oqbIKFASEpxFdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDCTepeaWVnwSkhpNKhb+vQcjcsMB8GA1UdIwQY
MBaAFF0wBWvE4gOTpv6/ZXazkSx+pWmmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRBRmE4VGlBNU9tX3I5bGRyT1JMSDZsYWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9jM2M1YjctZmU1Ny00NzRjLThhZTMt
ZGUxODUxMGVhNTBhLzEvRU1KTjZsNXBaV2ZCS1NHazBxRnY2OUJ5Tnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9jM2M1YjctZmU1Ny00NzRjLThhZTMtZGUxODUxMGVhNTBh
LzEvWFRBRmE4VGlBNU9tX3I5bGRyT1JMSDZsYWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZXBMA0G
CSqGSIb3DQEBCwUAA4IBAQBm4Zs5lyHnayQKSfWASp2OgBYw0Rqqm2IaW9W9mvHA
BSzOhmQdfbX3m36EYSMFy3hpyyhQY9d5B60oRVoawEn2G24j3x3xCx7+J+OjUahO
tJcYex9MSYmwSiPYb+ypiY5tmZjnHXJp+PyE6clzF9ZqvIj86/KsQGOlY2ySyA5s
aQs0g9wk/ioT/eV7zjl/NtDj2gYZFHUbMFH8RzFrnd0WpLVvX2Nc8+MkHNT90IMZ
OveQLQbJQJA0y+jZKa/6M8WRiSMLbzzr3dnZIh95CSBAAp4pH4Q6XsBAOFI2Gq48
cXucUOIeAZv5DJSGs9/jU/ofU1SVwyON8LwCHDWQN8/3
-----END CERTIFICATE-----