Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/RAAP_GrLUxmuNl7TyfBuHNa9EEw.roa
File:                     RAAP_GrLUxmuNl7TyfBuHNa9EEw.roa (raw, json)
Hash identifier:          iiaM/RTOovTRttdOptRCPpQ5Ps0XcPBeJKCyzgrJrmg=
Subject key identifier:   44:00:0F:FC:6A:CB:53:19:AE:36:5E:D3:C9:F0:6E:1C:D6:BD:10:4C
Certificate issuer:       /CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
Certificate serial:       018CC7955AAF8985A910AC4A45EEC20B4884
Authority key identifier: CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/RAAP_GrLUxmuNl7TyfBuHNa9EEw.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204529
IP address blocks:        185.114.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5a:af:89:85:a9:10:ac:4a:45:ee:c2:0b:48:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44000ffc6acb5319ae365ed3c9f06e1cd6bd104c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c9:8e:af:68:38:2b:7e:3b:ba:47:a8:43:41:
                    93:9f:c9:dc:f6:ad:78:5f:0b:d4:72:68:68:f0:00:
                    e2:c8:2c:c7:07:0b:0e:bb:19:65:f1:e5:e1:23:83:
                    5f:57:c7:7b:fa:30:5d:79:f6:36:cd:d8:a3:d5:a0:
                    18:f0:a9:4e:e1:8d:61:30:06:5f:37:18:0f:0c:53:
                    2d:c3:16:9e:fb:65:e2:56:d6:fa:a8:7a:13:cd:25:
                    0c:fe:fd:bc:f8:fb:ec:9e:ff:cd:cd:95:e3:ed:54:
                    45:b2:10:72:0b:a5:9f:db:d4:da:04:1f:c7:bd:42:
                    13:e2:66:e9:df:e9:3f:c6:a8:dd:78:07:29:22:7b:
                    41:1a:95:c3:45:e3:35:b4:aa:94:3f:08:67:a5:13:
                    5b:4d:6b:ba:94:f6:10:b6:f1:42:e5:9d:55:03:d3:
                    4f:8b:31:e4:a6:9c:e9:aa:fb:4a:4e:36:0a:6d:e5:
                    ce:07:d4:9b:77:73:c3:d6:2e:9b:82:8c:51:87:f3:
                    40:01:48:71:e6:0d:6b:bd:08:17:c4:8f:3e:ce:7f:
                    b4:cb:d9:14:fc:0c:4b:64:be:08:04:ab:c9:06:eb:
                    43:3f:59:36:3a:17:a4:b0:b8:ed:e0:af:6a:91:3c:
                    dd:ec:78:11:d0:3d:d5:1d:75:0b:1e:fc:8e:35:e4:
                    24:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:00:0F:FC:6A:CB:53:19:AE:36:5E:D3:C9:F0:6E:1C:D6:BD:10:4C
            X509v3 Authority Key Identifier:
                keyid:CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/RAAP_GrLUxmuNl7TyfBuHNa9EEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a8:e9:5a:30:5e:3a:3b:15:a3:f1:2e:2f:a9:76:fa:a1:9b:
         e8:0c:ff:a9:a1:c5:df:8b:c8:9e:78:a3:16:dc:e0:62:e8:94:
         a0:98:45:1e:32:41:97:69:b1:30:04:bb:a0:04:42:26:65:35:
         5b:0d:2e:bc:a7:b9:0d:ad:d9:87:4f:ce:cd:2c:bb:70:2b:9f:
         f2:fa:fd:f1:e3:7c:d6:0e:60:a6:5f:b1:48:f2:2e:fa:f6:3c:
         63:38:7d:f7:2b:40:44:b8:e1:d4:e0:3e:f2:22:8d:c9:ab:7b:
         40:49:2f:c1:74:96:32:04:04:51:74:6d:49:25:5b:78:d6:8f:
         fa:68:d8:43:23:82:2d:56:eb:ab:5b:cc:5f:05:f4:ee:b7:ee:
         ac:56:aa:63:8d:4a:e4:3a:7d:7b:75:d3:6d:7b:11:cd:3c:ca:
         5f:ac:58:bb:07:c6:1b:dc:8a:ef:f7:6e:3a:9c:25:1d:fd:bd:
         07:c8:da:93:70:93:f9:3f:ea:b9:39:21:ec:5c:7f:dc:dc:12:
         77:a5:89:8a:66:6a:84:5c:b2:05:28:4c:3c:64:3a:f5:93:fd:
         ef:39:90:34:35:ac:da:ba:d7:e8:d5:6d:47:9c:e7:9e:4b:84:
         37:7c:82:e7:db:29:17:66:d7:1b:be:f5:ad:9c:c0:0e:cb:80:
         17:6f:e3:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVqviYWpEKxKRe7CC0iEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNWUzZWM1YTkwNjIzY2NiOTc3ODRkM2NlZjI0MjEyYTMx
Y2JhZjEwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDAwMGZmYzZhY2I1MzE5YWUzNjVlZDNjOWYwNmUxY2Q2YmQxMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8mOr2g4K347ukeoQ0GTn8nc9q14
XwvUcmho8ADiyCzHBwsOuxll8eXhI4NfV8d7+jBdefY2zdij1aAY8KlO4Y1hMAZf
NxgPDFMtwxae+2XiVtb6qHoTzSUM/v28+Pvsnv/NzZXj7VRFshByC6Wf29TaBB/H
vUIT4mbp3+k/xqjdeAcpIntBGpXDReM1tKqUPwhnpRNbTWu6lPYQtvFC5Z1VA9NP
izHkppzpqvtKTjYKbeXOB9Sbd3PD1i6bgoxRh/NAAUhx5g1rvQgXxI8+zn+0y9kU
/AxLZL4IBKvJButDP1k2OheksLjt4K9qkTzd7HgR0D3VHXULHvyONeQk9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQAD/xqy1MZrjZe08nwbhzWvRBMMB8GA1UdIwQY
MBaAFMpePsWpBiPMuXeE087yQhKjHLrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMt
NmYzMWY2ZjdmMTZiLzEvUkFBUF9HckxVeG11Tmw3VHlmQnVITmE5RUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMtNmYzMWY2ZjdmMTZi
LzEveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXLaMA0G
CSqGSIb3DQEBCwUAA4IBAQBXqOlaMF46OxWj8S4vqXb6oZvoDP+pocXfi8ieeKMW
3OBi6JSgmEUeMkGXabEwBLugBEImZTVbDS68p7kNrdmHT87NLLtwK5/y+v3x43zW
DmCmX7FI8i769jxjOH33K0BEuOHU4D7yIo3Jq3tASS/BdJYyBARRdG1JJVt41o/6
aNhDI4ItVuurW8xfBfTut+6sVqpjjUrkOn17ddNtexHNPMpfrFi7B8Yb3Irv9246
nCUd/b0HyNqTcJP5P+q5OSHsXH/c3BJ3pYmKZmqEXLIFKEw8ZDr1k/3vOZA0Naza
utfo1W1HnOeeS4Q3fILn2ykXZtcbvvWtnMAOy4AXb+N7
-----END CERTIFICATE-----