Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/0IUAMipbGs9YjLp8SrmuRL4OhCM.roa
File:                     0IUAMipbGs9YjLp8SrmuRL4OhCM.roa (raw, json)
Hash identifier:          2FKboteZPqmaJRPvAn+VcoJUIiR3Qxbh7arYhIli+dI=
Subject key identifier:   D0:85:00:32:2A:5B:1A:CF:58:8C:BA:7C:4A:B9:AE:44:BE:0E:84:23
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       018CC3489A9FEF1C8E22F5FEB45ACCF28457
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/0IUAMipbGs9YjLp8SrmuRL4OhCM.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400040
IP address blocks:        185.228.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9a:9f:ef:1c:8e:22:f5:fe:b4:5a:cc:f2:84:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d08500322a5b1acf588cba7c4ab9ae44be0e8423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c1:aa:c9:a1:23:53:33:14:ad:c2:b0:96:2f:
                    57:24:95:e9:11:73:db:1c:4e:1e:94:78:40:8e:77:
                    62:38:d7:ea:5f:0f:b1:8f:34:99:44:1f:f1:73:98:
                    7d:d7:5a:90:d3:1d:5a:db:39:01:a7:49:e9:39:26:
                    c9:24:1f:86:10:95:78:8f:b3:d2:16:36:17:0c:a5:
                    1a:99:da:0d:0e:d9:a7:de:a7:b2:56:03:39:7d:4d:
                    3a:ae:82:30:ee:a8:a3:8d:59:e6:01:2d:4a:b0:fb:
                    ff:c6:67:72:62:52:3a:6c:e9:db:dd:92:4e:d0:ae:
                    d8:0f:43:5b:fa:ac:50:52:15:68:69:e7:b7:1f:64:
                    3c:9c:11:d6:df:93:3c:c3:01:d6:f9:87:fb:35:23:
                    69:18:57:32:57:3b:3c:69:58:59:58:df:7e:b2:99:
                    6f:bd:e5:13:6d:6f:e2:02:ae:01:72:e1:46:b8:ce:
                    de:aa:5b:f8:8f:7f:a3:cc:50:10:96:31:65:14:05:
                    3d:c7:35:d2:84:48:d9:c2:65:74:9a:da:ef:6a:ec:
                    8d:ee:33:c9:92:85:09:96:4c:46:07:31:fb:a0:81:
                    26:d1:da:47:c8:f5:16:19:9b:35:04:f4:f6:1d:d7:
                    bf:96:97:ff:67:7f:d0:e9:0c:e4:03:6f:10:fa:dc:
                    bb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:85:00:32:2A:5B:1A:CF:58:8C:BA:7C:4A:B9:AE:44:BE:0E:84:23
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/0IUAMipbGs9YjLp8SrmuRL4OhCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:61:3d:31:3b:b9:8f:aa:c9:18:c5:44:87:58:13:5a:00:d7:
         85:1d:f2:39:e4:0f:f2:c9:57:75:69:d2:cd:ef:3a:4b:c9:72:
         e8:d9:28:e4:fa:cd:7e:89:c7:a0:96:31:f3:5b:9a:bf:03:ee:
         30:b9:69:68:e7:f3:54:fd:27:5c:b3:a0:d5:71:c6:9e:2a:8b:
         8c:8a:5a:cf:35:7c:d6:3e:3a:a9:a0:8d:56:ec:87:11:01:06:
         4e:66:9c:c5:36:78:c0:46:6c:44:1d:e6:5d:e0:55:5d:51:38:
         e9:b0:37:8e:16:26:47:77:19:a9:52:8d:41:a1:1c:04:c6:54:
         ab:cd:e3:9d:ce:95:c3:02:ec:46:ce:c3:5a:53:ba:d9:48:32:
         b4:39:1e:c3:25:47:11:42:7b:0e:b3:91:65:07:3f:16:d7:ce:
         1c:7f:f9:d4:c4:6e:cc:92:3c:a5:64:ac:ce:d7:31:35:a5:d6:
         3f:f8:eb:88:af:27:ea:e1:f1:db:68:e9:8b:d5:62:82:f4:73:
         58:8b:4f:9b:ee:3f:df:41:b8:5f:4d:7c:b5:8f:a9:d2:44:bb:
         2a:e5:65:c9:d0:53:1a:82:c4:f0:56:1f:0b:4d:1e:99:93:a6:
         77:85:90:4d:f2:45:9b:22:d9:25:eb:49:66:9c:be:96:3d:83:
         79:f4:9b:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJqf7xyOIvX+tFrM8oRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDg1MDAzMjJhNWIxYWNmNTg4Y2JhN2M0YWI5YWU0NGJlMGU4NDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8GqyaEjUzMUrcKwli9XJJXpEXPb
HE4elHhAjndiONfqXw+xjzSZRB/xc5h911qQ0x1a2zkBp0npOSbJJB+GEJV4j7PS
FjYXDKUamdoNDtmn3qeyVgM5fU06roIw7qijjVnmAS1KsPv/xmdyYlI6bOnb3ZJO
0K7YD0Nb+qxQUhVoaee3H2Q8nBHW35M8wwHW+Yf7NSNpGFcyVzs8aVhZWN9+splv
veUTbW/iAq4BcuFGuM7eqlv4j3+jzFAQljFlFAU9xzXShEjZwmV0mtrvauyN7jPJ
koUJlkxGBzH7oIEm0dpHyPUWGZs1BPT2Hde/lpf/Z3/Q6QzkA28Q+ty7DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCFADIqWxrPWIy6fEq5rkS+DoQjMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvMElVQU1pcGJHczlZakxwOFNybXVSTDRPaENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkYT0xO7mPqskYxUSHWBNaANeFHfI55A/yyVd1adLN
7zpLyXLo2Sjk+s1+icegljHzW5q/A+4wuWlo5/NU/Sdcs6DVccaeKouMilrPNXzW
PjqpoI1W7IcRAQZOZpzFNnjARmxEHeZd4FVdUTjpsDeOFiZHdxmpUo1BoRwExlSr
zeOdzpXDAuxGzsNaU7rZSDK0OR7DJUcRQnsOs5FlBz8W184cf/nUxG7MkjylZKzO
1zE1pdY/+OuIryfq4fHbaOmL1WKC9HNYi0+b7j/fQbhfTXy1j6nSRLsq5WXJ0FMa
gsTwVh8LTR6Zk6Z3hZBN8kWbItkl60lmnL6WPYN59Jt0
-----END CERTIFICATE-----