Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/lOgaDEp10Y7iPqokYbNkyKnMwhM.roa
File:                     lOgaDEp10Y7iPqokYbNkyKnMwhM.roa (raw, json)
Hash identifier:          NV5Avut//x3B+N7TChh3hxZ6CWsr/kieg39eU6UShk4=
Subject key identifier:   94:E8:1A:0C:4A:75:D1:8E:E2:3E:AA:24:61:B3:64:C8:A9:CC:C2:13
Certificate issuer:       /CN=b9de70122e49285d05b05f9bbf4449bfc80830e5
Certificate serial:       01907905727268BF7E46C3137F5AC9D43E6A
Authority key identifier: B9:DE:70:12:2E:49:28:5D:05:B0:5F:9B:BF:44:49:BF:C8:08:30:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ud5wEi5JKF0FsF-bv0RJv8gIMOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/lOgaDEp10Y7iPqokYbNkyKnMwhM.roa
Signing time:             Wed 03 Jul 2024 14:35:18 +0000
ROA not before:           Wed 03 Jul 2024 14:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42687
IP address blocks:        185.217.141.0/24 maxlen: 24
                          2a10:c700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/ud5wEi5JKF0FsF-bv0RJv8gIMOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/ud5wEi5JKF0FsF-bv0RJv8gIMOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ud5wEi5JKF0FsF-bv0RJv8gIMOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:79:05:72:72:68:bf:7e:46:c3:13:7f:5a:c9:d4:3e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9de70122e49285d05b05f9bbf4449bfc80830e5
        Validity
            Not Before: Jul  3 14:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94e81a0c4a75d18ee23eaa2461b364c8a9ccc213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bf:4e:54:4f:44:ea:78:ec:59:fd:17:d1:5f:
                    02:e7:0a:a0:dc:75:48:92:c0:55:63:4b:c0:53:d9:
                    5c:ff:aa:1b:9f:4a:75:0b:d9:f6:4e:4e:01:3e:58:
                    fa:01:14:64:a4:79:ec:bc:37:6e:b8:98:64:ea:99:
                    e6:69:b0:b4:ce:53:c2:f8:5c:e7:81:76:16:4e:a0:
                    37:17:29:55:ba:c3:64:48:02:2a:05:a8:4b:37:5e:
                    5e:68:01:ca:98:bd:0b:44:6f:c8:4b:ac:41:ae:51:
                    56:e8:34:31:6c:38:cc:aa:a0:b4:16:62:c7:ea:c1:
                    dd:a0:40:9a:49:c2:a3:37:e5:ff:92:f4:42:46:e1:
                    95:b6:7c:2a:c3:4d:d0:5e:90:b1:be:c3:8b:8d:cd:
                    c2:20:64:1a:3f:de:6f:0e:27:53:3c:57:66:2e:de:
                    f3:c2:a1:67:8e:a9:a4:f4:16:5b:20:1c:51:17:86:
                    60:67:b6:6e:a4:0c:69:72:96:bc:19:2b:a4:96:c0:
                    41:a0:f5:40:8b:be:6b:33:59:44:eb:b9:88:0e:7d:
                    66:47:d4:4a:04:58:39:c6:90:0d:38:43:4c:01:37:
                    d0:71:30:0a:01:18:57:22:c2:e9:2c:1d:ae:a4:aa:
                    88:20:85:5b:d1:cf:98:60:0e:86:95:bd:54:f1:f6:
                    ef:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E8:1A:0C:4A:75:D1:8E:E2:3E:AA:24:61:B3:64:C8:A9:CC:C2:13
            X509v3 Authority Key Identifier:
                keyid:B9:DE:70:12:2E:49:28:5D:05:B0:5F:9B:BF:44:49:BF:C8:08:30:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ud5wEi5JKF0FsF-bv0RJv8gIMOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/lOgaDEp10Y7iPqokYbNkyKnMwhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/afae6c-2982-4119-906f-895f86287506/1/ud5wEi5JKF0FsF-bv0RJv8gIMOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.141.0/24
                IPv6:
                  2a10:c700::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:34:08:0a:ea:ce:e0:52:26:0b:d9:3d:a0:36:58:a5:16:d5:
         23:67:ae:34:a3:f2:f0:e3:73:a0:87:13:cd:ce:64:26:72:42:
         f6:2f:09:d1:f8:3d:53:17:35:79:a3:98:12:4d:a6:01:b6:18:
         7c:5d:cf:f3:43:ad:20:45:74:be:10:4a:07:d6:8e:08:07:00:
         f0:a7:e7:12:e1:7a:ea:1c:11:65:4b:20:42:67:ab:78:95:ca:
         8d:e7:c9:71:51:f3:e9:7c:81:6a:92:e5:8c:76:81:72:0a:df:
         9c:67:d8:c0:16:c5:b8:9e:2f:7e:bc:81:df:dc:b4:da:c8:98:
         fe:ec:da:04:57:46:69:0a:d6:f7:e4:a3:9a:dc:67:52:26:c2:
         fd:2c:9c:3d:fb:b1:26:21:cb:b6:bc:87:d2:b1:8f:e4:8b:61:
         c0:d6:7e:ef:4d:f9:d9:1e:c0:61:4d:f8:77:8f:c3:48:d4:74:
         28:15:b4:01:cc:b0:61:8a:a3:ec:33:c3:9d:a7:b8:29:cd:31:
         63:17:fc:8b:70:30:6c:d5:a1:22:36:4e:54:10:62:a5:b6:85:
         ae:42:e0:2e:8c:a5:94:22:83:ab:40:fe:cd:e5:5d:51:87:44:
         b2:38:a2:9e:57:59:9a:31:06:13:e6:07:3a:b2:73:fb:93:5d:
         c0:a3:31:49
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZB5BXJyaL9+RsMTf1rJ1D5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZGU3MDEyMmU0OTI4NWQwNWIwNWY5YmJmNDQ0OWJmYzgw
ODMwZTUwHhcNMjQwNzAzMTQzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGU4MWEwYzRhNzVkMThlZTIzZWFhMjQ2MWIzNjRjOGE5Y2NjMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L9OVE9E6njsWf0X0V8C5wqg3HVI
ksBVY0vAU9lc/6obn0p1C9n2Tk4BPlj6ARRkpHnsvDduuJhk6pnmabC0zlPC+Fzn
gXYWTqA3FylVusNkSAIqBahLN15eaAHKmL0LRG/IS6xBrlFW6DQxbDjMqqC0FmLH
6sHdoECaScKjN+X/kvRCRuGVtnwqw03QXpCxvsOLjc3CIGQaP95vDidTPFdmLt7z
wqFnjqmk9BZbIBxRF4ZgZ7ZupAxpcpa8GSuklsBBoPVAi75rM1lE67mIDn1mR9RK
BFg5xpANOENMATfQcTAKARhXIsLpLB2upKqIIIVb0c+YYA6Glb1U8fbvWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJToGgxKddGO4j6qJGGzZMipzMITMB8GA1UdIwQY
MBaAFLnecBIuSShdBbBfm79ESb/ICDDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWQ1d0VpNUpLRjBGc0YtYnYwUkp2OGdJTU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hZmFlNmMtMjk4Mi00MTE5LTkwNmYt
ODk1Zjg2Mjg3NTA2LzEvbE9nYURFcDEwWTdpUHFva1liTmt5S25Nd2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hZmFlNmMtMjk4Mi00MTE5LTkwNmYtODk1Zjg2Mjg3NTA2
LzEvdWQ1d0VpNUpLRjBGc0YtYnYwUkp2OGdJTU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudmNMA0E
AgACMAcDBQAqEMcAMA0GCSqGSIb3DQEBCwUAA4IBAQDHNAgK6s7gUiYL2T2gNlil
FtUjZ640o/Lw43OghxPNzmQmckL2LwnR+D1TFzV5o5gSTaYBthh8Xc/zQ60gRXS+
EEoH1o4IBwDwp+cS4XrqHBFlSyBCZ6t4lcqN58lxUfPpfIFqkuWMdoFyCt+cZ9jA
FsW4ni9+vIHf3LTayJj+7NoEV0ZpCtb35KOa3GdSJsL9LJw9+7EmIcu2vIfSsY/k
i2HA1n7vTfnZHsBhTfh3j8NI1HQoFbQBzLBhiqPsM8Odp7gpzTFjF/yLcDBs1aEi
Nk5UEGKltoWuQuAujKWUIoOrQP7N5V1Rh0SyOKKeV1maMQYT5gc6snP7k13AozFJ
-----END CERTIFICATE-----