Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/SeV31ysTQ2GVdmQ8W2IE7SbyoNQ.roa
File:                     SeV31ysTQ2GVdmQ8W2IE7SbyoNQ.roa (raw, json)
Hash identifier:          zmedeHVKN5K1l+n7b9RXspy9gi+P1MDE1bMe/qnkPtc=
Subject key identifier:   49:E5:77:D7:2B:13:43:61:95:76:64:3C:5B:62:04:ED:26:F2:A0:D4
Certificate issuer:       /CN=d8182a98d6ef80ffb291827da8acca74491080b4
Certificate serial:       018CC6B86534414BFAA4635E03A71CB50F06
Authority key identifier: D8:18:2A:98:D6:EF:80:FF:B2:91:82:7D:A8:AC:CA:74:49:10:80:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/SeV31ysTQ2GVdmQ8W2IE7SbyoNQ.roa
Signing time:             Mon 01 Jan 2024 20:30:22 +0000
ROA not before:           Mon 01 Jan 2024 20:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201531
IP address blocks:        185.243.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:65:34:41:4b:fa:a4:63:5e:03:a7:1c:b5:0f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8182a98d6ef80ffb291827da8acca74491080b4
        Validity
            Not Before: Jan  1 20:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49e577d72b1343619576643c5b6204ed26f2a0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c1:d7:de:cf:13:e0:e8:b9:5d:61:ec:35:99:
                    21:6b:2f:39:32:99:2d:00:2e:a9:27:04:55:8f:91:
                    88:c3:e9:71:07:7a:e5:2b:1c:9f:f2:3d:3f:81:12:
                    b4:87:f2:96:be:d0:94:61:69:27:eb:11:b2:db:a1:
                    28:76:ca:9e:7d:d8:20:8c:79:01:f2:94:22:e7:cf:
                    a4:d1:4f:c0:49:bb:b3:e9:09:ac:fe:ed:a1:f4:be:
                    9c:27:62:53:06:5a:3d:c0:76:17:c3:11:42:da:b3:
                    f9:cf:6d:1e:3a:6d:45:2a:d6:ae:08:13:19:c0:d5:
                    9c:ff:62:7c:1a:ac:77:ff:25:2a:f6:e1:38:8b:29:
                    48:8f:b7:7a:39:12:5a:ff:13:e5:a0:fc:e1:ba:16:
                    24:e7:f4:02:d4:f7:54:96:7b:c4:06:ef:a7:0a:6f:
                    6d:a4:15:3d:8b:ba:eb:91:31:db:38:25:07:a7:70:
                    1f:25:e5:95:02:f3:aa:3f:44:c3:1c:bb:db:98:1f:
                    cd:b6:c4:5d:ed:a2:00:8f:9d:bf:49:6a:c5:ae:1d:
                    3c:e2:7e:77:88:52:1d:3a:76:0f:e0:3a:ae:c7:cf:
                    1f:c5:3f:ff:92:39:6b:48:f9:52:31:f2:fd:d4:08:
                    d7:82:6d:f5:d6:03:ba:a4:8b:49:dd:d1:50:fa:46:
                    7a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E5:77:D7:2B:13:43:61:95:76:64:3C:5B:62:04:ED:26:F2:A0:D4
            X509v3 Authority Key Identifier:
                keyid:D8:18:2A:98:D6:EF:80:FF:B2:91:82:7D:A8:AC:CA:74:49:10:80:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/SeV31ysTQ2GVdmQ8W2IE7SbyoNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d85235-808c-4c0a-9c97-9b360e1ba321/1/2BgqmNbvgP-ykYJ9qKzKdEkQgLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:98:7f:3c:68:da:96:30:58:52:55:52:8f:fc:a0:d8:a2:9f:
         bb:2d:60:b1:d2:e9:87:09:14:54:14:97:e2:2f:56:ec:88:60:
         ea:39:83:55:8d:9c:d4:98:ff:a3:a3:2e:8a:9d:ac:43:49:b2:
         9d:ae:34:19:70:ce:92:c4:e2:53:15:a0:f1:2e:01:02:ab:f2:
         61:c0:c8:55:b8:58:d6:d9:2f:64:46:93:a9:8e:fd:88:1e:d5:
         cd:f6:8c:f6:9a:01:26:65:b1:93:d6:fc:eb:5a:a7:73:0e:ca:
         c4:14:4b:af:cf:9c:7f:69:95:3c:88:00:ce:53:dd:73:80:da:
         85:5a:44:ce:3a:63:a8:1c:08:c0:aa:59:f3:f0:ec:b0:3e:8f:
         b6:97:2b:60:02:a8:65:13:48:84:9f:d8:f7:41:da:5e:dc:df:
         65:35:a6:44:bd:5f:7b:68:1b:2d:18:05:8a:0e:f2:e4:a7:ca:
         85:2a:c5:6f:0f:b2:1c:b6:82:aa:03:50:b0:38:98:8d:29:01:
         dd:5b:c5:18:59:a4:0e:ec:7d:c2:dc:60:89:80:b2:73:f0:71:
         bb:79:91:db:77:41:09:96:31:4d:f2:b7:34:9b:6f:97:dc:e9:
         fc:d8:f7:69:c1:20:bf:52:02:40:5f:57:6e:c5:c9:a1:0a:84:
         8d:0a:d2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuGU0QUv6pGNeA6cctQ8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MTgyYTk4ZDZlZjgwZmZiMjkxODI3ZGE4YWNjYTc0NDkx
MDgwYjQwHhcNMjQwMTAxMjAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU1NzdkNzJiMTM0MzYxOTU3NjY0M2M1YjYyMDRlZDI2ZjJhMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMHX3s8T4Oi5XWHsNZkhay85Mpkt
AC6pJwRVj5GIw+lxB3rlKxyf8j0/gRK0h/KWvtCUYWkn6xGy26EodsqefdggjHkB
8pQi58+k0U/ASbuz6Qms/u2h9L6cJ2JTBlo9wHYXwxFC2rP5z20eOm1FKtauCBMZ
wNWc/2J8Gqx3/yUq9uE4iylIj7d6ORJa/xPloPzhuhYk5/QC1PdUlnvEBu+nCm9t
pBU9i7rrkTHbOCUHp3AfJeWVAvOqP0TDHLvbmB/NtsRd7aIAj52/SWrFrh084n53
iFIdOnYP4Dqux88fxT//kjlrSPlSMfL91AjXgm311gO6pItJ3dFQ+kZ60QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnld9crE0NhlXZkPFtiBO0m8qDUMB8GA1UdIwQY
MBaAFNgYKpjW74D/spGCfaisynRJEIC0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkJncW1OYnZnUC15a1lKOXFLektkRWtRZ0xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kODUyMzUtODA4Yy00YzBhLTljOTct
OWIzNjBlMWJhMzIxLzEvU2VWMzF5c1RRMkdWZG1ROFcySUU3U2J5b05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kODUyMzUtODA4Yy00YzBhLTljOTctOWIzNjBlMWJhMzIx
LzEvMkJncW1OYnZnUC15a1lKOXFLektkRWtRZ0xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufPkMA0G
CSqGSIb3DQEBCwUAA4IBAQAimH88aNqWMFhSVVKP/KDYop+7LWCx0umHCRRUFJfi
L1bsiGDqOYNVjZzUmP+joy6KnaxDSbKdrjQZcM6SxOJTFaDxLgECq/JhwMhVuFjW
2S9kRpOpjv2IHtXN9oz2mgEmZbGT1vzrWqdzDsrEFEuvz5x/aZU8iADOU91zgNqF
WkTOOmOoHAjAqlnz8OywPo+2lytgAqhlE0iEn9j3Qdpe3N9lNaZEvV97aBstGAWK
DvLkp8qFKsVvD7IctoKqA1CwOJiNKQHdW8UYWaQO7H3C3GCJgLJz8HG7eZHbd0EJ
ljFN8rc0m2+X3On82PdpwSC/UgJAX1duxcmhCoSNCtJW
-----END CERTIFICATE-----