Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/2O7PHaggm6PU6K4-Li0dedvHtgA.roa
File:                     2O7PHaggm6PU6K4-Li0dedvHtgA.roa (raw, json)
Hash identifier:          1DdTZTT2Yuitmu7v6vLF3nmhPOLdjzT8LBkOsP22tHs=
Subject key identifier:   D8:EE:CF:1D:A8:20:9B:A3:D4:E8:AE:3E:2E:2D:1D:79:DB:C7:B6:00
Certificate issuer:       /CN=31ebbb9fc09f37d3dd0141bcb0a67ec83b78081f
Certificate serial:       018DC60A2288AA1E24D6BFA3A19761F9F540
Authority key identifier: 31:EB:BB:9F:C0:9F:37:D3:DD:01:41:BC:B0:A6:7E:C8:3B:78:08:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/2O7PHaggm6PU6K4-Li0dedvHtgA.roa
Signing time:             Tue 20 Feb 2024 10:22:49 +0000
ROA not before:           Tue 20 Feb 2024 10:22:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207112
IP address blocks:        185.165.104.0/24 maxlen: 24
                          185.165.105.0/24 maxlen: 24
                          185.165.106.0/24 maxlen: 24
                          185.165.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:0a:22:88:aa:1e:24:d6:bf:a3:a1:97:61:f9:f5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31ebbb9fc09f37d3dd0141bcb0a67ec83b78081f
        Validity
            Not Before: Feb 20 10:22:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8eecf1da8209ba3d4e8ae3e2e2d1d79dbc7b600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b2:69:4d:a6:0c:cc:f5:35:95:e7:f7:77:16:
                    6c:e3:b6:fd:eb:74:97:9d:64:a1:c5:4a:91:2f:c2:
                    e6:b5:a9:8d:25:fe:da:93:fa:c7:a8:3e:7c:05:5c:
                    cd:93:97:30:a1:b5:3d:8a:72:3d:24:73:9b:5a:86:
                    94:61:b6:af:c4:23:87:cd:b7:4f:a0:ba:ce:e5:59:
                    c4:37:73:f9:80:14:00:0d:3d:64:7b:0e:52:3d:3d:
                    1d:c1:8e:9a:8a:ba:f7:93:4d:7d:62:ba:6a:b7:a0:
                    5d:78:6a:39:71:1a:22:c8:fd:9a:3d:aa:4f:2a:29:
                    85:05:ed:05:ae:29:bb:e2:04:5c:f8:bd:65:4f:0e:
                    2b:6e:bd:3d:e7:ec:86:11:72:8b:81:d9:2a:46:e0:
                    bd:29:2b:51:01:72:1a:0f:01:77:76:30:d5:14:66:
                    f5:38:a5:dd:ea:71:2e:da:1c:d6:0c:cc:90:87:6f:
                    ce:26:1f:bc:e0:df:db:93:2a:f1:da:e6:e0:f1:33:
                    32:e7:f1:39:cc:5b:57:1e:19:5b:38:cf:49:06:f2:
                    0b:bd:c7:40:31:7b:61:5e:4e:46:dd:6a:5c:c7:32:
                    23:6c:57:c8:a5:eb:5f:1e:80:69:d5:cd:9f:b0:0d:
                    e2:de:bd:51:8e:5c:26:c0:f7:1b:1e:cb:27:5e:bf:
                    1e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:EE:CF:1D:A8:20:9B:A3:D4:E8:AE:3E:2E:2D:1D:79:DB:C7:B6:00
            X509v3 Authority Key Identifier:
                keyid:31:EB:BB:9F:C0:9F:37:D3:DD:01:41:BC:B0:A6:7E:C8:3B:78:08:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/2O7PHaggm6PU6K4-Li0dedvHtgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:ac:e8:40:91:cf:e5:6d:a3:81:98:1c:ca:db:a6:55:23:2c:
         cb:a6:cb:c2:f5:4e:17:04:76:3f:ba:09:cb:35:98:d1:eb:5f:
         f2:07:ed:01:bb:aa:2b:05:24:13:68:4b:f9:63:df:ac:54:f2:
         d6:46:5e:23:19:c6:e1:7b:86:db:6f:ee:23:1c:c9:ad:d2:7c:
         78:b9:03:0f:c8:90:43:8d:67:e9:0f:a2:21:5c:37:14:a5:1a:
         fc:d5:fa:16:8a:6b:d3:ac:27:29:ae:c8:39:e5:ca:df:29:5d:
         71:a6:a6:23:3a:d6:4f:9c:76:7a:7a:8d:5a:a7:29:44:73:81:
         4e:58:b9:c0:bb:56:db:50:b3:ea:be:a2:32:d6:bc:31:af:20:
         1c:77:a2:33:8c:4c:f0:90:dd:7b:da:28:1c:08:ca:83:34:d2:
         be:13:a6:a8:77:7c:ec:87:ed:84:0f:79:83:f7:d3:fb:0e:42:
         65:83:94:2f:6b:15:63:bd:cd:1d:6f:3b:36:4b:bd:52:e3:b1:
         7f:ab:50:37:61:35:ef:59:de:f2:90:28:20:4a:d6:8a:2e:a1:
         c6:96:6e:22:58:b0:9b:28:f2:3b:c8:03:8f:0e:47:a0:f1:3a:
         71:28:1a:a5:0e:da:ed:bd:01:fb:7d:5a:9b:ea:dc:d5:f4:1b:
         b3:3a:0e:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3GCiKIqh4k1r+joZdh+fVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWJiYjlmYzA5ZjM3ZDNkZDAxNDFiY2IwYTY3ZWM4M2I3
ODA4MWYwHhcNMjQwMjIwMTAyMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGVlY2YxZGE4MjA5YmEzZDRlOGFlM2UyZTJkMWQ3OWRiYzdiNjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprJpTaYMzPU1lef3dxZs47b963SX
nWShxUqRL8LmtamNJf7ak/rHqD58BVzNk5cwobU9inI9JHObWoaUYbavxCOHzbdP
oLrO5VnEN3P5gBQADT1kew5SPT0dwY6airr3k019Yrpqt6BdeGo5cRoiyP2aPapP
KimFBe0Frim74gRc+L1lTw4rbr095+yGEXKLgdkqRuC9KStRAXIaDwF3djDVFGb1
OKXd6nEu2hzWDMyQh2/OJh+84N/bkyrx2ubg8TMy5/E5zFtXHhlbOM9JBvILvcdA
MXthXk5G3WpcxzIjbFfIpetfHoBp1c2fsA3i3r1RjlwmwPcbHssnXr8eHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjuzx2oIJuj1OiuPi4tHXnbx7YAMB8GA1UdIwQY
MBaAFDHru5/AnzfT3QFBvLCmfsg7eAgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1N244Q2ZOOVBkQVVHOHNLWi15RHQ0Q0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80M2YyNmYtMWI0ZS00NDI2LWJmNTAt
YzRiYTYxZTVhMjEwLzEvMk83UEhhZ2dtNlBVNks0LUxpMGRlZHZIdGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80M2YyNmYtMWI0ZS00NDI2LWJmNTAtYzRiYTYxZTVhMjEw
LzEvTWV1N244Q2ZOOVBkQVVHOHNLWi15RHQ0Q0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaVoMA0G
CSqGSIb3DQEBCwUAA4IBAQC0rOhAkc/lbaOBmBzK26ZVIyzLpsvC9U4XBHY/ugnL
NZjR61/yB+0Bu6orBSQTaEv5Y9+sVPLWRl4jGcbhe4bbb+4jHMmt0nx4uQMPyJBD
jWfpD6IhXDcUpRr81foWimvTrCcprsg55crfKV1xpqYjOtZPnHZ6eo1apylEc4FO
WLnAu1bbULPqvqIy1rwxryAcd6IzjEzwkN172igcCMqDNNK+E6aod3zsh+2ED3mD
99P7DkJlg5QvaxVjvc0dbzs2S71S47F/q1A3YTXvWd7ykCggStaKLqHGlm4iWLCb
KPI7yAOPDkeg8TpxKBqlDtrtvQH7fVqb6tzV9BuzOg5N
-----END CERTIFICATE-----