Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/2mE-ijfOKoP6FpUKbvaHQI-RUys.roa
File:                     2mE-ijfOKoP6FpUKbvaHQI-RUys.roa (raw, json)
Hash identifier:          BhJHvrEu5akmef6UhIzU6EJF49l37SsGS7/6VdGJcMQ=
Subject key identifier:   DA:61:3E:8A:37:CE:2A:83:FA:16:95:0A:6E:F6:87:40:8F:91:53:2B
Certificate issuer:       /CN=0e2283e6e6af991422743711f7a723137680e69e
Certificate serial:       0190618B02E3DC51398F09FEA6A3B0DDB013
Authority key identifier: 0E:22:83:E6:E6:AF:99:14:22:74:37:11:F7:A7:23:13:76:80:E6:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/2mE-ijfOKoP6FpUKbvaHQI-RUys.roa
Signing time:             Sat 29 Jun 2024 01:10:18 +0000
ROA not before:           Sat 29 Jun 2024 01:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        185.244.128.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:61:8b:02:e3:dc:51:39:8f:09:fe:a6:a3:b0:dd:b0:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2283e6e6af991422743711f7a723137680e69e
        Validity
            Not Before: Jun 29 01:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da613e8a37ce2a83fa16950a6ef687408f91532b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:41:55:a3:53:ba:ed:96:fa:3a:27:c8:a7:41:
                    ab:ef:b4:39:b9:c1:c5:39:fe:46:1e:89:1d:63:ff:
                    d1:a3:df:06:ce:39:06:df:76:f2:c8:85:5c:85:64:
                    bc:cc:3c:88:02:eb:e0:d8:bd:a0:97:9c:da:61:9c:
                    06:fc:28:44:0a:91:3f:0d:81:b5:b2:d9:05:86:31:
                    55:ff:80:19:e7:c1:82:c7:a9:f3:f5:18:80:ed:03:
                    ad:a1:68:26:68:d8:bd:64:0c:f8:19:24:05:33:6c:
                    f3:87:f7:94:b1:9b:63:38:68:b0:3d:e6:b8:b0:92:
                    b2:9b:c3:d4:c5:ba:1c:5e:d7:e8:b0:8b:20:09:4a:
                    5b:0f:4b:c8:02:58:de:e5:6b:10:8f:1c:a3:a0:2c:
                    1c:84:fb:e0:fd:62:7a:40:f2:fd:2d:3e:0f:8b:8a:
                    27:29:35:de:c9:04:05:05:71:39:bf:4a:cb:f2:1c:
                    92:5c:24:8f:fb:26:95:ce:42:07:c5:fc:97:51:80:
                    e3:1c:cb:77:2f:22:99:66:54:9e:c2:b4:61:b6:f5:
                    76:25:3e:69:d3:ca:d0:4c:6b:72:25:1e:46:a8:e6:
                    77:dc:8c:43:b5:f0:fc:90:c3:f0:bc:a1:b0:13:7a:
                    d3:f4:26:5e:56:96:31:0b:cb:1b:8f:2c:b7:17:f6:
                    a7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:61:3E:8A:37:CE:2A:83:FA:16:95:0A:6E:F6:87:40:8F:91:53:2B
            X509v3 Authority Key Identifier:
                keyid:0E:22:83:E6:E6:AF:99:14:22:74:37:11:F7:A7:23:13:76:80:E6:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiKD5uavmRQidDcR96cjE3aA5p4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/2mE-ijfOKoP6FpUKbvaHQI-RUys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/84750f-76c4-41ee-8517-e0adab7f1112/1/DiKD5uavmRQidDcR96cjE3aA5p4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:dd:bf:2b:d0:3f:e9:c3:a7:54:97:a5:b3:e0:3d:1d:ad:bd:
         65:58:74:c3:eb:78:85:19:fb:c7:82:07:0d:f6:00:16:90:28:
         86:db:a5:0b:4e:41:44:35:3d:2f:3f:fc:d0:40:db:65:d8:5d:
         1d:c4:f6:69:32:08:ee:61:37:9f:2f:07:e9:0b:a7:e3:e7:68:
         3f:29:a8:40:de:8e:42:87:c4:7e:dd:11:5d:50:be:70:72:fb:
         b1:a1:18:b9:48:8c:f8:8a:63:14:05:0e:45:59:3b:a9:57:91:
         87:e1:3c:c4:ff:18:a3:25:3f:43:ba:4d:a1:fb:fd:8d:02:c8:
         d5:b3:eb:50:22:02:4c:97:17:f6:44:8b:52:aa:7b:bb:65:7b:
         ad:85:60:20:39:f0:9f:43:cd:3b:0c:30:ca:98:fa:5d:f4:68:
         a5:58:e4:8e:7a:c3:05:f9:06:3e:06:61:19:b3:4c:65:6b:81:
         2d:42:2c:40:1a:34:9e:81:13:6c:b9:e8:bd:ed:68:10:dc:27:
         60:ef:49:98:ff:c0:a9:c5:b1:88:d2:3b:da:a2:00:af:12:2c:
         30:97:57:8b:cd:99:b9:99:42:f3:3c:0d:9a:9e:6c:ef:9a:d8:
         49:2d:e7:3d:8f:be:6b:fa:d9:0a:87:a8:d2:c7:54:45:00:d7:
         1c:6c:62:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBhiwLj3FE5jwn+pqOw3bATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjI4M2U2ZTZhZjk5MTQyMjc0MzcxMWY3YTcyMzEzNzY4
MGU2OWUwHhcNMjQwNjI5MDExMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTYxM2U4YTM3Y2UyYTgzZmExNjk1MGE2ZWY2ODc0MDhmOTE1MzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkFVo1O67Zb6OifIp0Gr77Q5ucHF
Of5GHokdY//Ro98GzjkG33byyIVchWS8zDyIAuvg2L2gl5zaYZwG/ChECpE/DYG1
stkFhjFV/4AZ58GCx6nz9RiA7QOtoWgmaNi9ZAz4GSQFM2zzh/eUsZtjOGiwPea4
sJKym8PUxbocXtfosIsgCUpbD0vIAlje5WsQjxyjoCwchPvg/WJ6QPL9LT4Pi4on
KTXeyQQFBXE5v0rL8hySXCSP+yaVzkIHxfyXUYDjHMt3LyKZZlSewrRhtvV2JT5p
08rQTGtyJR5GqOZ33IxDtfD8kMPwvKGwE3rT9CZeVpYxC8sbjyy3F/anwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNphPoo3ziqD+haVCm72h0CPkVMrMB8GA1UdIwQY
MBaAFA4ig+bmr5kUInQ3EfenIxN2gOaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlLRDV1YXZtUlFpZERjUjk2Y2pFM2FBNXA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84NDc1MGYtNzZjNC00MWVlLTg1MTct
ZTBhZGFiN2YxMTEyLzEvMm1FLWlqZk9Lb1A2RnBVS2J2YUhRSS1SVXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84NDc1MGYtNzZjNC00MWVlLTg1MTctZTBhZGFiN2YxMTEy
LzEvRGlLRDV1YXZtUlFpZERjUjk2Y2pFM2FBNXA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufSAMA0G
CSqGSIb3DQEBCwUAA4IBAQBH3b8r0D/pw6dUl6Wz4D0drb1lWHTD63iFGfvHggcN
9gAWkCiG26ULTkFENT0vP/zQQNtl2F0dxPZpMgjuYTefLwfpC6fj52g/KahA3o5C
h8R+3RFdUL5wcvuxoRi5SIz4imMUBQ5FWTupV5GH4TzE/xijJT9Duk2h+/2NAsjV
s+tQIgJMlxf2RItSqnu7ZXuthWAgOfCfQ807DDDKmPpd9GilWOSOesMF+QY+BmEZ
s0xla4EtQixAGjSegRNsuei97WgQ3Cdg70mY/8CpxbGI0jvaogCvEiwwl1eLzZm5
mULzPA2anmzvmthJLec9j75r+tkKh6jSx1RFANccbGJ2
-----END CERTIFICATE-----