Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/OxRvAqtvpYB92785RREIKA4HsQI.roa
File:                     OxRvAqtvpYB92785RREIKA4HsQI.roa (raw, json)
Hash identifier:          8Zp7Qu4ZTGEtBAdmpRtAWc/j63bqXDO6Hdvr+3eEx1I=
Subject key identifier:   3B:14:6F:02:AB:6F:A5:80:7D:DB:BF:39:45:11:08:28:0E:07:B1:02
Certificate issuer:       /CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
Certificate serial:       018D35976901B5A2454E60F1D685AAB1A890
Authority key identifier: 11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/OxRvAqtvpYB92785RREIKA4HsQI.roa
Signing time:             Tue 23 Jan 2024 09:12:11 +0000
ROA not before:           Tue 23 Jan 2024 09:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203740
IP address blocks:        185.125.40.0/22 maxlen: 22
                          185.125.40.0/23 maxlen: 24
                          185.125.43.0/24 maxlen: 24
                          2a06:b7c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:97:69:01:b5:a2:45:4e:60:f1:d6:85:aa:b1:a8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
        Validity
            Not Before: Jan 23 09:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b146f02ab6fa5807ddbbf39451108280e07b102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ce:ea:f2:0a:05:58:d2:ad:c0:10:83:d0:19:
                    55:19:66:82:85:d1:e4:81:1e:0e:d9:f4:1d:b2:e0:
                    5a:74:6d:d1:e9:b8:a3:b6:47:f9:49:e3:6f:d0:02:
                    04:fd:5c:54:7d:9e:a7:43:1e:87:d9:d4:d7:50:5c:
                    7f:49:66:5f:b8:26:21:da:a5:0b:6d:29:d3:84:24:
                    3d:1d:58:45:a8:c0:98:86:2d:3b:1a:f3:98:0d:eb:
                    1a:ff:71:9a:fa:3e:21:65:af:15:db:29:85:07:c9:
                    25:6a:b4:d8:09:99:5c:c2:47:b8:a8:d4:84:38:db:
                    5f:4e:42:15:2e:09:7a:b3:38:2a:95:23:b5:9b:b9:
                    24:64:f7:4d:46:fc:1a:bc:1a:a3:3d:6b:af:a8:97:
                    73:2a:92:27:42:d1:fd:71:f7:cc:37:ba:d1:90:fb:
                    b5:04:d2:af:03:8f:91:bc:65:b5:90:2b:06:d8:5c:
                    7c:93:2a:da:79:1c:53:66:ef:fd:ce:23:24:8e:25:
                    73:dd:36:73:8d:6f:89:1e:af:b2:55:ba:7b:24:ee:
                    9e:bc:d1:8d:63:7f:5f:f0:43:1b:41:1f:10:db:2c:
                    23:f7:f3:35:84:6f:a7:5e:70:e0:62:35:f7:73:f7:
                    9f:45:65:01:c8:5c:7a:45:16:ff:63:f2:7e:0b:91:
                    f1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:14:6F:02:AB:6F:A5:80:7D:DB:BF:39:45:11:08:28:0E:07:B1:02
            X509v3 Authority Key Identifier:
                keyid:11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/OxRvAqtvpYB92785RREIKA4HsQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.40.0/22
                IPv6:
                  2a06:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:13:7b:8e:00:71:fd:e0:f1:93:8d:ec:b0:3f:9c:c9:33:71:
         80:ca:3b:d4:fe:0b:f8:e2:6d:a6:81:1b:ce:50:9a:a5:e2:8f:
         ae:76:62:55:7d:21:81:24:26:14:35:ff:da:21:28:7e:9e:ca:
         01:c1:62:ee:c8:da:7a:35:ed:d3:fe:03:28:67:8e:e0:f9:b0:
         a6:6e:1c:c6:23:5f:04:19:32:a5:77:49:6c:93:98:dd:33:15:
         54:79:50:94:ec:13:94:fd:3d:d6:db:28:09:fb:3b:ae:49:da:
         d4:66:c4:a7:45:d8:81:dc:26:44:73:d7:34:49:ea:b3:30:70:
         d7:e2:c8:dc:3c:af:dd:19:b1:78:3a:17:57:dd:ca:4e:7e:a2:
         87:72:2b:ca:f2:fb:f6:4f:a4:d8:72:79:84:ca:02:a2:9c:f5:
         08:06:02:b1:a5:fa:c8:b4:62:82:46:03:18:05:5a:5e:0e:71:
         68:d0:76:fc:35:db:29:11:31:4b:a5:13:01:89:56:5f:89:5c:
         30:f6:b1:24:c6:62:eb:c5:e0:12:57:4c:10:04:7c:64:7c:a3:
         74:9c:93:31:a9:66:2a:8f:fb:8a:99:cc:46:27:d1:ac:93:1b:
         77:a1:66:5f:f5:d7:14:50:35:cb:1c:84:6f:d5:cf:8b:ea:d5:
         6f:c3:47:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY01l2kBtaJFTmDx1oWqsaiQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWUwY2JiZTVkMWMwYTA5NDY1MDk1ZTQ0NGZiYzFjNzkz
MmM2ODMwHhcNMjQwMTIzMDkxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE0NmYwMmFiNmZhNTgwN2RkYmJmMzk0NTExMDgyODBlMDdiMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM7q8goFWNKtwBCD0BlVGWaChdHk
gR4O2fQdsuBadG3R6bijtkf5SeNv0AIE/VxUfZ6nQx6H2dTXUFx/SWZfuCYh2qUL
bSnThCQ9HVhFqMCYhi07GvOYDesa/3Ga+j4hZa8V2ymFB8klarTYCZlcwke4qNSE
ONtfTkIVLgl6szgqlSO1m7kkZPdNRvwavBqjPWuvqJdzKpInQtH9cffMN7rRkPu1
BNKvA4+RvGW1kCsG2Fx8kyraeRxTZu/9ziMkjiVz3TZzjW+JHq+yVbp7JO6evNGN
Y39f8EMbQR8Q2ywj9/M1hG+nXnDgYjX3c/efRWUByFx6RRb/Y/J+C5Hx2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDsUbwKrb6WAfdu/OUURCCgOB7ECMB8GA1UdIwQY
MBaAFBEeDLvl0cCglGUJXkRPvBx5MsaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3Nzgt
ZDE1ZTUxNmRjNDVjLzEvT3hSdkFxdHZwWUI5Mjc4NVJSRUlLQTRIc1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3NzgtZDE1ZTUxNmRjNDVj
LzEvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX0oMA0E
AgACMAcDBQMqBrfAMA0GCSqGSIb3DQEBCwUAA4IBAQACE3uOAHH94PGTjeywP5zJ
M3GAyjvU/gv44m2mgRvOUJql4o+udmJVfSGBJCYUNf/aISh+nsoBwWLuyNp6Ne3T
/gMoZ47g+bCmbhzGI18EGTKld0lsk5jdMxVUeVCU7BOU/T3W2ygJ+zuuSdrUZsSn
RdiB3CZEc9c0SeqzMHDX4sjcPK/dGbF4OhdX3cpOfqKHcivK8vv2T6TYcnmEygKi
nPUIBgKxpfrItGKCRgMYBVpeDnFo0Hb8NdspETFLpRMBiVZfiVww9rEkxmLrxeAS
V0wQBHxkfKN0nJMxqWYqj/uKmcxGJ9Gskxt3oWZf9dcUUDXLHIRv1c+L6tVvw0d9
-----END CERTIFICATE-----