Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/_RunQ5O74rbmNkV2HgwlyC4u7CQ.roa
File:                     _RunQ5O74rbmNkV2HgwlyC4u7CQ.roa (raw, json)
Hash identifier:          myNebH1OQScE+Kro/UAlzsQoAoqNjDnyZVpYC3wqp5g=
Subject key identifier:   FD:1B:A7:43:93:BB:E2:B6:E6:36:45:76:1E:0C:25:C8:2E:2E:EC:24
Certificate issuer:       /CN=29878a2888c9ac3123c795ff9681f1957ca0f964
Certificate serial:       018CCA99A7F73EE71D0B369287943EB0016B
Authority key identifier: 29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/_RunQ5O74rbmNkV2HgwlyC4u7CQ.roa
Signing time:             Tue 02 Jan 2024 14:35:16 +0000
ROA not before:           Tue 02 Jan 2024 14:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.97.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a7:f7:3e:e7:1d:0b:36:92:87:94:3e:b0:01:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29878a2888c9ac3123c795ff9681f1957ca0f964
        Validity
            Not Before: Jan  2 14:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd1ba74393bbe2b6e63645761e0c25c82e2eec24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:45:10:5b:63:1a:db:62:33:c9:03:e1:2c:25:
                    6a:2c:a3:84:04:d8:30:7f:4c:98:ae:cf:9e:2d:9e:
                    4e:99:d3:00:20:80:c9:f6:30:8f:fe:bf:26:21:5a:
                    2b:7d:33:a2:0d:12:c0:c4:32:72:8c:ff:63:c6:fa:
                    36:4a:3a:a1:d0:9c:73:de:b8:d2:97:f6:60:7b:cc:
                    5c:15:32:8f:b6:a1:8e:60:01:e8:b7:ef:92:eb:f6:
                    b9:7e:11:fa:1f:0d:57:02:a8:27:a5:7a:48:7d:09:
                    b2:09:c9:84:1f:dc:2f:2c:7b:c3:f1:a5:98:ee:24:
                    73:28:43:49:0f:31:43:4d:f1:f8:14:72:fd:83:7c:
                    ac:60:1d:15:c1:18:d3:a6:6a:18:9f:89:1a:03:9c:
                    26:89:cf:fa:c8:3a:50:8d:1e:d8:64:af:98:37:a1:
                    3c:3d:1d:53:a5:51:0a:36:d7:70:75:e4:97:41:f5:
                    79:25:fd:6e:b6:25:c0:d3:db:04:03:96:26:6c:7c:
                    48:d0:d1:d4:77:00:80:b3:90:ae:d3:f2:93:62:47:
                    f1:14:0e:73:4d:01:32:e8:91:85:86:0d:38:8d:0e:
                    70:fc:bd:e5:9f:bf:d3:bc:84:07:ac:d3:0b:b9:08:
                    95:b7:a6:62:3d:05:ed:0d:a3:20:6e:42:6a:79:05:
                    24:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:1B:A7:43:93:BB:E2:B6:E6:36:45:76:1E:0C:25:C8:2E:2E:EC:24
            X509v3 Authority Key Identifier:
                keyid:29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/_RunQ5O74rbmNkV2HgwlyC4u7CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e6:7e:94:73:7f:fd:79:7e:1f:d1:1d:7d:45:3d:2b:b2:ce:
         e8:c5:d5:ee:58:e2:6f:2e:45:b5:5f:6c:de:d9:97:23:15:a6:
         46:2f:7c:29:6a:4e:20:f4:64:73:57:80:d1:96:14:88:ce:66:
         89:33:5a:b5:cf:65:dc:39:54:b9:3d:b8:80:08:77:fd:43:16:
         cd:bb:37:44:6d:66:23:a3:47:ec:c1:2c:f5:e7:8a:c4:30:75:
         66:ab:05:a4:e7:d1:dd:0b:ad:e4:85:4d:7c:fd:d8:33:8e:92:
         95:4a:8f:bf:f1:7e:a9:5c:6f:1e:93:06:f2:c7:e9:62:7e:5b:
         e1:8d:20:96:b8:8a:b7:a5:05:c1:72:5f:15:f1:82:1f:07:e5:
         bf:50:d7:49:e1:fa:11:b0:d5:32:5c:cc:40:d7:0d:39:43:21:
         a9:1c:bc:33:e1:3f:a3:89:de:7d:c7:77:10:fe:a1:ca:68:fd:
         b2:9f:8d:75:d0:6e:7d:df:5f:9f:c7:13:0c:11:7a:8a:a9:4b:
         88:ea:3a:e2:78:ea:54:d5:c8:79:bf:09:71:ff:1f:8a:12:c4:
         97:a7:b7:f9:16:48:37:fa:4e:c3:42:a6:8e:d2:10:cf:41:1c:
         11:7c:a5:37:25:55:8e:91:e1:08:f1:93:cd:f6:e5:73:6e:d4:
         84:c8:7d:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmaf3PucdCzaSh5Q+sAFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODc4YTI4ODhjOWFjMzEyM2M3OTVmZjk2ODFmMTk1N2Nh
MGY5NjQwHhcNMjQwMTAyMTQzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDFiYTc0MzkzYmJlMmI2ZTYzNjQ1NzYxZTBjMjVjODJlMmVlYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUUQW2Ma22IzyQPhLCVqLKOEBNgw
f0yYrs+eLZ5OmdMAIIDJ9jCP/r8mIVorfTOiDRLAxDJyjP9jxvo2Sjqh0Jxz3rjS
l/Zge8xcFTKPtqGOYAHot++S6/a5fhH6Hw1XAqgnpXpIfQmyCcmEH9wvLHvD8aWY
7iRzKENJDzFDTfH4FHL9g3ysYB0VwRjTpmoYn4kaA5wmic/6yDpQjR7YZK+YN6E8
PR1TpVEKNtdwdeSXQfV5Jf1utiXA09sEA5YmbHxI0NHUdwCAs5Cu0/KTYkfxFA5z
TQEy6JGFhg04jQ5w/L3ln7/TvIQHrNMLuQiVt6ZiPQXtDaMgbkJqeQUkPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0bp0OTu+K25jZFdh4MJcguLuwkMB8GA1UdIwQY
MBaAFCmHiiiIyawxI8eV/5aB8ZV8oPlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDIt
NTE3NTFiMjlmOGI0LzEvX1J1blE1Tzc0cmJtTmtWMkhnd2x5QzR1N0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDItNTE3NTFiMjlmOGI0
LzEvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWHUMA0G
CSqGSIb3DQEBCwUAA4IBAQCY5n6Uc3/9eX4f0R19RT0rss7oxdXuWOJvLkW1X2ze
2ZcjFaZGL3wpak4g9GRzV4DRlhSIzmaJM1q1z2XcOVS5PbiACHf9QxbNuzdEbWYj
o0fswSz154rEMHVmqwWk59HdC63khU18/dgzjpKVSo+/8X6pXG8ekwbyx+liflvh
jSCWuIq3pQXBcl8V8YIfB+W/UNdJ4foRsNUyXMxA1w05QyGpHLwz4T+jid59x3cQ
/qHKaP2yn4110G5931+fxxMMEXqKqUuI6jrieOpU1ch5vwlx/x+KEsSXp7f5Fkg3
+k7DQqaO0hDPQRwRfKU3JVWOkeEI8ZPN9uVzbtSEyH2/
-----END CERTIFICATE-----