Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ejhvQzXNw3eTSW_IVTzZzdTJtPE.roa
File:                     ejhvQzXNw3eTSW_IVTzZzdTJtPE.roa (raw, json)
Hash identifier:          kkO0wL1oRYBGyt/anu5L2Y+CKsiDxpVT1HoFeUENmKo=
Subject key identifier:   7A:38:6F:43:35:CD:C3:77:93:49:6F:C8:55:3C:D9:CD:D4:C9:B4:F1
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5E1866D37E907D2285AA4DEDCEFE
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ejhvQzXNw3eTSW_IVTzZzdTJtPE.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137882
IP address blocks:        185.255.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5e:18:66:d3:7e:90:7d:22:85:aa:4d:ed:ce:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a386f4335cdc37793496fc8553cd9cdd4c9b4f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:68:43:46:56:80:67:8d:0d:c8:11:4f:32:30:
                    16:bc:48:98:bb:bf:92:2a:d7:b8:32:32:6c:d8:f1:
                    3e:d8:be:5d:eb:c8:cd:8a:ae:b8:4c:1b:ef:62:45:
                    d7:f3:a1:4c:31:34:b9:cc:b1:f8:56:c4:79:04:a2:
                    1b:17:62:97:a1:63:d7:4d:7a:d0:bb:e4:40:73:4b:
                    ce:f5:5c:86:70:af:ab:37:5d:91:4d:2a:7c:88:01:
                    d0:c9:21:4c:e4:79:b5:d8:c3:1c:70:42:69:18:94:
                    2f:fa:1f:41:fc:0d:9d:45:e5:a5:0b:83:a5:a5:33:
                    1f:4b:51:fd:0b:c7:36:32:f9:9b:af:cb:50:76:ea:
                    f7:5a:8c:3b:1b:8d:4e:41:8c:e5:ff:27:e2:aa:31:
                    21:5e:72:79:6a:e1:d1:5e:44:2e:a5:59:8c:31:22:
                    72:28:f2:6b:e6:07:2a:06:a1:b7:3f:2f:9c:6b:f4:
                    5d:d1:2a:a4:c9:fa:ff:da:a7:91:4a:d3:ce:b7:29:
                    ab:f3:f0:5e:e4:90:79:e1:8c:9d:87:1b:db:1d:e6:
                    57:cf:07:09:74:90:ad:da:8e:d2:95:45:7d:42:b6:
                    6a:64:1d:d1:fa:ae:af:b4:f0:19:e0:c8:c7:97:84:
                    44:26:ce:4b:74:f1:d3:b4:bb:c9:4d:ec:7c:01:42:
                    6e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:38:6F:43:35:CD:C3:77:93:49:6F:C8:55:3C:D9:CD:D4:C9:B4:F1
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ejhvQzXNw3eTSW_IVTzZzdTJtPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:69:e2:38:99:a2:20:60:db:05:75:0b:76:6c:80:44:ba:e8:
         36:52:92:18:f0:bc:aa:aa:ae:b0:d1:73:ce:57:9a:cb:cd:27:
         53:36:9b:37:a6:e7:0a:70:1b:5f:7d:c2:29:cb:09:c2:47:98:
         42:60:08:0e:20:eb:9c:1d:dc:a7:20:ee:d6:83:29:15:a2:c4:
         ea:1a:35:9f:37:61:13:ad:8a:07:2b:d1:bf:28:e8:51:b6:bf:
         6f:63:9c:e4:dc:26:6b:d6:c4:51:e4:0b:ae:f9:10:50:e2:0e:
         d5:7c:b1:02:6d:81:e1:52:83:eb:14:ab:1b:04:09:09:84:1b:
         14:d1:f8:79:95:ff:c4:57:70:54:cd:1e:42:2f:8d:f1:27:0c:
         00:ae:a5:a1:93:15:fc:1f:d7:12:95:4c:3e:4a:63:61:8d:2f:
         f7:c9:83:1d:0d:8e:6d:19:4d:3b:c7:5d:8e:b0:1d:aa:38:c7:
         4d:41:5d:14:11:cf:27:1f:05:cf:b5:48:79:98:25:71:7b:e0:
         34:af:35:3f:9d:ba:a6:06:a4:27:12:da:7c:10:c6:fa:26:74:
         e5:6a:2e:17:66:70:7c:12:30:b9:cb:e1:7f:2d:88:20:f8:45:
         6f:56:e0:fe:6e:f9:b6:f9:da:69:c0:73:d9:35:31:89:27:d3:
         61:96:93:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK14YZtN+kH0ihapN7c7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTM4NmY0MzM1Y2RjMzc3OTM0OTZmYzg1NTNjZDljZGQ0YzliNGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22hDRlaAZ40NyBFPMjAWvEiYu7+S
Kte4MjJs2PE+2L5d68jNiq64TBvvYkXX86FMMTS5zLH4VsR5BKIbF2KXoWPXTXrQ
u+RAc0vO9VyGcK+rN12RTSp8iAHQySFM5Hm12MMccEJpGJQv+h9B/A2dReWlC4Ol
pTMfS1H9C8c2Mvmbr8tQdur3Wow7G41OQYzl/yfiqjEhXnJ5auHRXkQupVmMMSJy
KPJr5gcqBqG3Py+ca/Rd0Sqkyfr/2qeRStPOtymr8/Be5JB54YydhxvbHeZXzwcJ
dJCt2o7SlUV9QrZqZB3R+q6vtPAZ4MjHl4REJs5LdPHTtLvJTex8AUJuqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHo4b0M1zcN3k0lvyFU82c3UybTxMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZWpodlF6WE53M2VUU1dfSVZUelp6ZFRKdFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf+YMA0G
CSqGSIb3DQEBCwUAA4IBAQAAaeI4maIgYNsFdQt2bIBEuug2UpIY8Lyqqq6w0XPO
V5rLzSdTNps3pucKcBtffcIpywnCR5hCYAgOIOucHdynIO7WgykVosTqGjWfN2ET
rYoHK9G/KOhRtr9vY5zk3CZr1sRR5Auu+RBQ4g7VfLECbYHhUoPrFKsbBAkJhBsU
0fh5lf/EV3BUzR5CL43xJwwArqWhkxX8H9cSlUw+SmNhjS/3yYMdDY5tGU07x12O
sB2qOMdNQV0UEc8nHwXPtUh5mCVxe+A0rzU/nbqmBqQnEtp8EMb6JnTlai4XZnB8
EjC5y+F/LYgg+EVvVuD+bvm2+dppwHPZNTGJJ9NhlpPF
-----END CERTIFICATE-----