Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0wt2hqmPScdh8hEEQjwgK92M1ws.roa
File:                     0wt2hqmPScdh8hEEQjwgK92M1ws.roa (raw, json)
Hash identifier:          noIKgampjm48pJJVBiX/owIf07PFPWXYX9Jsan5tKpk=
Subject key identifier:   D3:0B:76:86:A9:8F:49:C7:61:F2:11:04:42:3C:20:2B:DD:8C:D7:0B
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       0191718FE9FA237A5611B5AE7AC39D354336
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0wt2hqmPScdh8hEEQjwgK92M1ws.roa
Signing time:             Tue 20 Aug 2024 20:52:22 +0000
ROA not before:           Tue 20 Aug 2024 20:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.221.84.0/24 maxlen: 24
                          212.32.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:71:8f:e9:fa:23:7a:56:11:b5:ae:7a:c3:9d:35:43:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Aug 20 20:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d30b7686a98f49c761f21104423c202bdd8cd70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:18:33:d8:f2:e9:0b:a9:52:28:53:eb:1d:9a:
                    ce:a4:be:f3:d2:44:6f:a9:e9:df:43:8c:d9:3e:39:
                    38:40:9a:20:31:3b:ea:68:45:39:3a:c2:ed:08:71:
                    73:28:9e:58:e3:f4:25:85:7a:b6:54:29:5d:15:c5:
                    56:b1:bb:a8:b2:ed:1e:e6:63:aa:01:fb:01:2c:34:
                    5a:f0:d3:5f:af:33:ef:72:d9:66:c2:62:56:82:37:
                    47:3a:90:2d:d5:a2:f1:08:e3:b1:6e:dd:b7:27:84:
                    a0:bc:20:16:1f:67:af:f6:c6:a8:3a:6b:eb:37:4a:
                    08:c1:4c:2e:96:af:af:df:ad:5c:d9:1f:d0:3e:54:
                    cc:92:81:e3:77:17:dc:f5:28:4e:b1:4e:99:c0:b2:
                    ac:ec:8c:e6:1c:25:ad:43:ae:0d:16:0c:1b:c6:62:
                    b2:af:d0:5e:98:c6:6d:43:72:f1:02:25:b2:5f:6c:
                    f8:91:dd:cc:fe:86:0d:07:36:4e:dd:4e:e9:9c:b1:
                    26:84:28:8d:73:7f:6f:a1:53:91:53:5c:b7:ea:e6:
                    8e:c3:4d:98:bf:ed:a4:05:42:41:4b:1d:d7:10:98:
                    18:46:23:2e:63:12:d5:63:66:3e:b5:6c:0d:f0:95:
                    ed:42:cd:75:f3:68:bf:d2:73:61:5a:7e:0b:aa:dc:
                    9f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:0B:76:86:A9:8F:49:C7:61:F2:11:04:42:3C:20:2B:DD:8C:D7:0B
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0wt2hqmPScdh8hEEQjwgK92M1ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.84.0/24
                  212.32.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:fa:9c:db:09:b3:72:7e:2f:6a:56:79:44:ed:d8:ab:51:4a:
         a2:2f:2d:35:97:b3:28:0b:c5:2a:48:45:24:15:2b:68:55:94:
         dc:ef:03:c7:6c:e9:b7:af:69:c1:6d:1e:6d:19:ec:a9:5c:89:
         86:e6:46:12:24:da:ff:36:6f:3f:bf:9e:eb:d7:bd:7e:f2:01:
         7b:b6:71:80:e5:39:94:77:c3:d4:4b:56:cc:93:84:ee:3f:9a:
         6b:05:31:6c:71:31:8d:f7:05:06:21:b7:89:d8:a1:a8:27:9f:
         6a:48:db:57:64:3c:39:04:e1:f3:37:24:e4:9d:90:7c:14:41:
         8b:74:9f:93:09:bf:dd:6e:9a:d0:c8:f2:cc:d1:94:be:02:a9:
         49:48:12:ba:33:cd:ed:22:3f:14:e0:10:c0:f8:35:5a:76:21:
         ce:80:7a:17:de:de:0d:1c:1c:7f:cd:70:ec:ad:ef:e0:21:f9:
         f6:c2:2d:56:1d:8f:55:15:43:23:36:51:91:76:f3:82:75:5c:
         f1:1d:fa:d5:57:ea:39:21:49:6f:12:c7:d2:37:96:74:41:93:
         1d:83:aa:22:86:91:7f:78:b6:86:30:36:8f:6b:13:ab:1b:1c:
         42:96:5b:55:5d:54:d1:90:0b:81:30:d1:2e:de:04:60:9f:2c:
         f9:f8:f7:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFxj+n6I3pWEbWuesOdNUM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwODIwMjA1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzBiNzY4NmE5OGY0OWM3NjFmMjExMDQ0MjNjMjAyYmRkOGNkNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBgz2PLpC6lSKFPrHZrOpL7z0kRv
qenfQ4zZPjk4QJogMTvqaEU5OsLtCHFzKJ5Y4/QlhXq2VCldFcVWsbuosu0e5mOq
AfsBLDRa8NNfrzPvctlmwmJWgjdHOpAt1aLxCOOxbt23J4SgvCAWH2ev9saoOmvr
N0oIwUwulq+v361c2R/QPlTMkoHjdxfc9ShOsU6ZwLKs7IzmHCWtQ64NFgwbxmKy
r9BemMZtQ3LxAiWyX2z4kd3M/oYNBzZO3U7pnLEmhCiNc39voVORU1y36uaOw02Y
v+2kBUJBSx3XEJgYRiMuYxLVY2Y+tWwN8JXtQs1182i/0nNhWn4LqtyfnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNMLdoapj0nHYfIRBEI8ICvdjNcLMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvMHd0MmhxbVBTY2RoOGhFRVFqd2dLOTJNMXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud1UAwQD
1CAAMA0GCSqGSIb3DQEBCwUAA4IBAQAj+pzbCbNyfi9qVnlE7dirUUqiLy01l7Mo
C8UqSEUkFStoVZTc7wPHbOm3r2nBbR5tGeypXImG5kYSJNr/Nm8/v57r171+8gF7
tnGA5TmUd8PUS1bMk4TuP5prBTFscTGN9wUGIbeJ2KGoJ59qSNtXZDw5BOHzNyTk
nZB8FEGLdJ+TCb/dbprQyPLM0ZS+AqlJSBK6M83tIj8U4BDA+DVadiHOgHoX3t4N
HBx/zXDsre/gIfn2wi1WHY9VFUMjNlGRdvOCdVzxHfrVV+o5IUlvEsfSN5Z0QZMd
g6oihpF/eLaGMDaPaxOrGxxClltVXVTRkAuBMNEu3gRgnyz5+Pft
-----END CERTIFICATE-----