Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/DWhrt5wNMdvhNSmiTuZNuD9EnpA.roa
File:                     DWhrt5wNMdvhNSmiTuZNuD9EnpA.roa (raw, json)
Hash identifier:          Q9ebwyqTGCIsS5odSYAfxWZkb5RZ5cJuUflL15pBYXg=
Subject key identifier:   0D:68:6B:B7:9C:0D:31:DB:E1:35:29:A2:4E:E6:4D:B8:3F:44:9E:90
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018CC3B6774A105D1ADC18EDB0D32A350BA0
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/DWhrt5wNMdvhNSmiTuZNuD9EnpA.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23033
IP address blocks:        185.255.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:4a:10:5d:1a:dc:18:ed:b0:d3:2a:35:0b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d686bb79c0d31dbe13529a24ee64db83f449e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:3e:15:bb:06:03:e8:17:a6:e6:fc:0f:a0:
                    ff:38:90:6f:bf:21:33:8d:73:35:5b:dc:0f:21:4c:
                    67:d2:cf:69:bb:5e:03:47:29:46:45:75:a8:b9:aa:
                    22:b2:46:2b:6a:da:7d:5f:b8:01:3e:33:f1:46:d0:
                    c7:2b:41:f0:e2:da:25:25:b8:24:e3:4c:9c:9a:e4:
                    f3:57:67:e8:9e:c8:26:aa:21:70:43:01:5b:65:45:
                    17:d5:57:1e:60:92:90:41:ea:f8:d4:21:4c:f5:9b:
                    98:21:01:f2:79:66:e1:79:a5:17:ab:5a:b3:55:22:
                    53:57:fb:57:f1:46:67:e1:a9:03:d6:7c:5b:00:58:
                    0d:17:dc:cf:7f:f1:5a:d9:f5:ab:5f:f9:c7:c0:a8:
                    23:5a:a4:29:05:2b:6b:5c:f5:b7:d9:b0:4c:2e:86:
                    53:7f:22:cd:71:4d:00:a1:03:5a:66:46:12:46:15:
                    d3:29:c4:91:e4:61:d0:08:ad:21:78:c3:d1:6f:b6:
                    5f:b8:42:58:a2:fa:dd:fe:26:27:56:49:9b:63:a5:
                    41:85:8f:aa:f8:ac:2a:b5:d7:7b:b9:48:a5:72:f9:
                    72:c7:f4:11:c3:00:67:55:7d:ac:82:01:8b:ad:6a:
                    fc:8b:60:76:81:e1:64:5e:eb:01:17:69:cd:cc:a0:
                    94:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:68:6B:B7:9C:0D:31:DB:E1:35:29:A2:4E:E6:4D:B8:3F:44:9E:90
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/DWhrt5wNMdvhNSmiTuZNuD9EnpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:cc:00:f0:a8:fe:59:f8:c0:d4:f9:18:0a:79:08:c0:de:58:
         2b:d5:aa:95:9c:98:db:00:32:d0:3f:91:6c:64:84:7e:bb:48:
         a7:d7:91:c5:8e:eb:34:e6:2c:a9:07:98:33:96:ed:61:82:9c:
         89:79:9e:2e:57:05:15:eb:7e:fd:37:c7:bc:5a:72:40:83:ef:
         e5:64:f8:b9:8d:6f:cd:4c:81:c6:c0:98:f6:e0:2e:20:cb:c1:
         c8:8a:21:45:46:e6:06:e3:d2:69:92:ab:2c:d4:a8:9d:a5:cc:
         e7:dd:10:a2:6e:4f:6c:f2:a6:e4:23:7c:72:87:9f:71:86:75:
         5b:63:37:ef:66:3b:a6:fa:1b:43:e5:90:b9:b2:86:d0:8b:59:
         72:a3:45:eb:61:5a:a8:10:de:c1:9b:c4:3c:df:36:2b:a8:93:
         ff:a1:da:78:bc:c0:72:72:da:1c:28:70:17:0d:94:2c:bf:9f:
         7e:9b:f1:ff:12:1f:f4:9d:ec:03:80:da:a4:e3:57:0c:cc:de:
         09:e7:d5:c5:88:ba:2b:f0:21:63:8b:a6:34:00:28:bd:80:c5:
         6c:47:39:a5:5d:38:81:16:ac:5f:7f:fb:a9:40:a2:c2:48:ca:
         59:3e:ec:af:10:7e:04:0e:6d:c8:e4:f3:37:9d:29:f2:de:78:
         27:02:bd:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtndKEF0a3BjtsNMqNQugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY4NmJiNzljMGQzMWRiZTEzNTI5YTI0ZWU2NGRiODNmNDQ5ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuY+FbsGA+gXpub8D6D/OJBvvyEz
jXM1W9wPIUxn0s9pu14DRylGRXWouaoiskYratp9X7gBPjPxRtDHK0Hw4tolJbgk
40ycmuTzV2fonsgmqiFwQwFbZUUX1VceYJKQQer41CFM9ZuYIQHyeWbheaUXq1qz
VSJTV/tX8UZn4akD1nxbAFgNF9zPf/Fa2fWrX/nHwKgjWqQpBStrXPW32bBMLoZT
fyLNcU0AoQNaZkYSRhXTKcSR5GHQCK0heMPRb7ZfuEJYovrd/iYnVkmbY6VBhY+q
+Kwqtdd7uUilcvlyx/QRwwBnVX2sggGLrWr8i2B2geFkXusBF2nNzKCUqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1oa7ecDTHb4TUpok7mTbg/RJ6QMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvRFdocnQ1d05NZHZoTlNtaVR1Wk51RDlFbnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf9zMA0G
CSqGSIb3DQEBCwUAA4IBAQCEzADwqP5Z+MDU+RgKeQjA3lgr1aqVnJjbADLQP5Fs
ZIR+u0in15HFjus05iypB5gzlu1hgpyJeZ4uVwUV6379N8e8WnJAg+/lZPi5jW/N
TIHGwJj24C4gy8HIiiFFRuYG49Jpkqss1Kidpczn3RCibk9s8qbkI3xyh59xhnVb
YzfvZjum+htD5ZC5sobQi1lyo0XrYVqoEN7Bm8Q83zYrqJP/odp4vMByctocKHAX
DZQsv59+m/H/Eh/0newDgNqk41cMzN4J59XFiLor8CFji6Y0ACi9gMVsRzmlXTiB
Fqxff/upQKLCSMpZPuyvEH4EDm3I5PM3nSny3ngnAr0Z
-----END CERTIFICATE-----