Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/SdtEv5h89KVftBAvhjsPcXjFUgE.roa
File:                     SdtEv5h89KVftBAvhjsPcXjFUgE.roa (raw, json)
Hash identifier:          Vwyf4J4z5TjpDEBV9qMjzmVvI9/CJvK7GD0NH6CC7sU=
Subject key identifier:   49:DB:44:BF:98:7C:F4:A5:5F:B4:10:2F:86:3B:0F:71:78:C5:52:01
Certificate issuer:       /CN=acb54bcc49291a1f32b7cead4f296882d0531492
Certificate serial:       018CC4935FA024E46EE5BB4C2AA972DCF50C
Authority key identifier: AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/SdtEv5h89KVftBAvhjsPcXjFUgE.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208864
IP address blocks:        185.105.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:a0:24:e4:6e:e5:bb:4c:2a:a9:72:dc:f5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acb54bcc49291a1f32b7cead4f296882d0531492
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49db44bf987cf4a55fb4102f863b0f7178c55201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:57:b4:0d:4a:72:b5:a9:4f:03:37:9d:73:
                    2f:72:75:51:ef:b8:f5:d6:10:43:c9:60:dc:c2:1b:
                    67:77:1b:3c:9e:6e:3b:85:5e:33:d5:13:02:c2:ed:
                    b2:df:51:95:32:cd:19:05:a6:d6:cb:dd:e6:3b:a1:
                    70:0c:8e:f0:3f:08:10:e0:b5:ab:56:4d:a0:69:e4:
                    61:e5:7e:74:38:c8:f5:cc:77:94:e1:cf:43:6e:60:
                    0b:64:47:7b:63:57:4b:7a:e7:48:a2:c9:41:1d:af:
                    2b:f5:30:f9:3b:b8:7d:6f:60:3c:2a:cf:27:eb:8b:
                    b7:f6:71:ab:a4:e3:2e:77:bc:0d:54:1e:b2:57:53:
                    3f:58:f1:3f:94:10:53:b1:1b:95:e2:76:e3:91:6b:
                    15:87:96:e3:40:44:ee:7a:42:f3:6c:9c:af:f0:8f:
                    02:14:19:29:2a:fa:3a:74:8d:7a:40:1e:05:5a:84:
                    07:b4:66:dc:ca:af:a1:47:64:49:34:04:d3:0a:76:
                    e0:ec:9b:76:54:bb:2b:1d:a5:6a:91:9e:84:bb:cd:
                    c7:ff:30:97:0d:90:33:05:f0:45:80:29:ce:7a:fe:
                    cc:4c:4e:24:b6:58:04:cf:cc:cf:f8:13:f2:d6:30:
                    14:4e:4e:e2:b2:f5:c7:28:b9:92:2a:8d:42:8d:68:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:DB:44:BF:98:7C:F4:A5:5F:B4:10:2F:86:3B:0F:71:78:C5:52:01
            X509v3 Authority Key Identifier:
                keyid:AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/SdtEv5h89KVftBAvhjsPcXjFUgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:79:3b:f0:e2:c7:e4:90:b0:24:23:94:6a:51:04:3c:0d:72:
         9d:56:c3:f5:d7:4c:4a:b4:3b:25:33:1d:2b:18:90:52:ae:72:
         13:3f:18:62:e8:1a:bf:57:67:41:5f:e6:38:fc:c2:9c:4c:7d:
         53:df:5d:04:7c:65:40:8c:7b:b1:fa:f8:8c:fc:74:0b:56:9e:
         5f:ea:ae:02:ca:3b:73:35:92:de:fd:6d:aa:3b:a2:66:71:e6:
         bb:1e:06:5c:18:7b:d3:ba:28:e9:71:e9:02:0d:ea:be:db:85:
         60:c0:08:9d:91:f5:78:4c:32:14:30:4f:0e:c7:f1:26:46:c8:
         7a:50:6c:54:70:98:c2:ad:43:7d:8a:f1:55:bc:2f:ae:f2:21:
         7a:95:4d:8f:89:00:b2:82:34:7e:7b:72:45:fb:36:f6:48:c9:
         af:5b:5e:fd:f8:da:24:c6:70:a1:3a:95:24:87:39:a1:aa:98:
         4a:07:87:4c:fd:c7:4e:95:b8:a4:f8:94:cb:da:7a:3d:a8:8c:
         a9:d0:90:eb:d6:12:48:3a:5d:b6:77:cf:02:22:8b:c3:16:89:
         bb:55:69:84:12:e0:44:cd:67:f6:5f:76:47:6c:7a:92:34:f8:
         29:f1:a4:48:cf:42:b7:37:56:ce:65:6d:75:b4:1b:70:26:b2:
         d3:c8:dc:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1+gJORu5btMKqly3PUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYjU0YmNjNDkyOTFhMWYzMmI3Y2VhZDRmMjk2ODgyZDA1
MzE0OTIwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWRiNDRiZjk4N2NmNGE1NWZiNDEwMmY4NjNiMGY3MTc4YzU1MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFxXtA1KcrWpTwM3nXMvcnVR77j1
1hBDyWDcwhtndxs8nm47hV4z1RMCwu2y31GVMs0ZBabWy93mO6FwDI7wPwgQ4LWr
Vk2gaeRh5X50OMj1zHeU4c9DbmALZEd7Y1dLeudIoslBHa8r9TD5O7h9b2A8Ks8n
64u39nGrpOMud7wNVB6yV1M/WPE/lBBTsRuV4nbjkWsVh5bjQETuekLzbJyv8I8C
FBkpKvo6dI16QB4FWoQHtGbcyq+hR2RJNATTCnbg7Jt2VLsrHaVqkZ6Eu83H/zCX
DZAzBfBFgCnOev7MTE4ktlgEz8zP+BPy1jAUTk7isvXHKLmSKo1CjWgT3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnbRL+YfPSlX7QQL4Y7D3F4xVIBMB8GA1UdIwQY
MBaAFKy1S8xJKRofMrfOrU8paILQUxSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYt
YWYzYTY4NWQ1NzlmLzEvU2R0RXY1aDg5S1ZmdEJBdmhqc1BjWGpGVWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYtYWYzYTY4NWQ1Nzlm
LzEvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWlMMA0G
CSqGSIb3DQEBCwUAA4IBAQCYeTvw4sfkkLAkI5RqUQQ8DXKdVsP110xKtDslMx0r
GJBSrnITPxhi6Bq/V2dBX+Y4/MKcTH1T310EfGVAjHux+viM/HQLVp5f6q4Cyjtz
NZLe/W2qO6Jmcea7HgZcGHvTuijpcekCDeq+24VgwAidkfV4TDIUME8Ox/EmRsh6
UGxUcJjCrUN9ivFVvC+u8iF6lU2PiQCygjR+e3JF+zb2SMmvW179+NokxnChOpUk
hzmhqphKB4dM/cdOlbik+JTL2no9qIyp0JDr1hJIOl22d88CIovDFom7VWmEEuBE
zWf2X3ZHbHqSNPgp8aRIz0K3N1bOZW11tBtwJrLTyNxR
-----END CERTIFICATE-----