Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/V-X0FfH1iIc4O9V2gQ2WTvhoPrQ.roa
File:                     V-X0FfH1iIc4O9V2gQ2WTvhoPrQ.roa (raw, json)
Hash identifier:          iaL4zS71GHYM/ZuaGJm60qqy51ge6pHo1XVVFMjWuZA=
Subject key identifier:   57:E5:F4:15:F1:F5:88:87:38:3B:D5:76:81:0D:96:4E:F8:68:3E:B4
Certificate issuer:       /CN=49af2153f02409a464e4d7461c802d4b8dd10dff
Certificate serial:       018CC56EA7FD1265A2FB3C20A37CC5BCCE8E
Authority key identifier: 49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/V-X0FfH1iIc4O9V2gQ2WTvhoPrQ.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62282
IP address blocks:        185.140.231.0/24 maxlen: 24
                          185.140.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a7:fd:12:65:a2:fb:3c:20:a3:7c:c5:bc:ce:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49af2153f02409a464e4d7461c802d4b8dd10dff
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e5f415f1f58887383bd576810d964ef8683eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f8:6e:61:77:f3:61:48:03:0a:be:e2:9f:cd:
                    50:60:b4:4c:de:f3:4e:37:54:ab:31:fb:79:15:93:
                    68:88:f8:ae:69:5e:82:5b:c0:4c:e5:f8:3c:53:4f:
                    49:8d:e9:52:6d:6d:8b:cf:16:b0:9c:d8:5e:6a:4a:
                    34:e8:c0:12:ee:46:af:c2:27:bc:73:59:eb:b1:8a:
                    64:6d:86:11:44:0d:63:f6:ea:c4:1e:b1:2d:3f:81:
                    23:86:f3:b6:dd:dc:19:2f:e6:cc:27:19:67:ba:f7:
                    22:0c:cd:a3:f1:19:04:03:7e:ed:13:85:af:5c:50:
                    a2:f4:58:5e:2a:df:e3:85:cf:ab:9a:e5:7a:91:28:
                    8b:04:63:9c:1b:9d:0e:4d:67:a0:4e:62:61:9d:26:
                    a8:68:df:e9:5e:8e:bf:d9:43:b1:92:8b:77:52:6d:
                    7c:54:fc:0e:70:8d:c0:e1:a2:6b:e3:9d:e2:23:e6:
                    e3:19:f7:41:e8:82:3a:50:b0:68:b2:02:03:cc:d2:
                    65:f4:38:ef:2e:2d:91:a3:db:ba:ac:57:a3:91:4c:
                    4e:55:6d:3d:e0:48:e7:89:8e:d9:60:a2:1b:0b:31:
                    c7:56:78:62:c4:34:ad:bc:b4:c7:6f:d0:9f:42:72:
                    b1:0f:fc:64:f3:81:c2:de:26:c0:82:db:de:47:c6:
                    ee:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E5:F4:15:F1:F5:88:87:38:3B:D5:76:81:0D:96:4E:F8:68:3E:B4
            X509v3 Authority Key Identifier:
                keyid:49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/V-X0FfH1iIc4O9V2gQ2WTvhoPrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:5f:11:46:db:ec:6b:a9:7c:58:74:90:c9:36:95:59:12:7c:
         11:df:fc:67:ba:c9:eb:92:06:84:2f:c0:c6:25:d8:a2:e5:ca:
         35:2c:d9:8f:5f:9a:a2:ca:84:c0:96:df:07:24:1f:0e:fa:0a:
         a4:3b:d8:0c:e8:5c:c2:1a:17:1c:36:ac:e6:bb:b2:2a:53:97:
         cb:32:75:fd:2d:39:59:e5:f6:56:15:3a:8f:e5:d8:93:d5:63:
         a9:8e:b1:4c:15:fd:be:70:b4:a3:95:2b:be:34:bc:bd:b5:cd:
         d5:bd:85:23:d4:6f:2f:ce:c8:30:c8:c5:a0:31:5a:99:34:79:
         56:21:da:ac:0c:3c:43:67:e6:ff:5d:11:d7:43:0c:b8:4b:55:
         86:8e:35:e8:39:6b:ab:5e:84:36:1b:24:de:29:32:55:6d:39:
         ec:d1:5b:56:90:39:ed:d9:68:87:df:23:2f:a0:0a:ce:40:8e:
         86:92:70:42:01:f5:5e:ee:da:f2:f6:7b:4b:6b:57:94:f6:c4:
         e5:c6:19:21:fe:9b:a3:36:53:85:a9:25:98:be:0d:d7:61:b6:
         ab:95:76:ae:41:e9:13:63:09:1b:18:18:d0:1c:84:63:53:78:
         e5:4f:2d:33:3f:7f:c0:fe:94:96:b3:b6:4c:e2:59:0d:ef:65:
         3a:ce:4b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqf9EmWi+zwgo3zFvM6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YWYyMTUzZjAyNDA5YTQ2NGU0ZDc0NjFjODAyZDRiOGRk
MTBkZmYwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2U1ZjQxNWYxZjU4ODg3MzgzYmQ1NzY4MTBkOTY0ZWY4NjgzZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfhuYXfzYUgDCr7in81QYLRM3vNO
N1SrMft5FZNoiPiuaV6CW8BM5fg8U09JjelSbW2LzxawnNheako06MAS7kavwie8
c1nrsYpkbYYRRA1j9urEHrEtP4EjhvO23dwZL+bMJxlnuvciDM2j8RkEA37tE4Wv
XFCi9FheKt/jhc+rmuV6kSiLBGOcG50OTWegTmJhnSaoaN/pXo6/2UOxkot3Um18
VPwOcI3A4aJr453iI+bjGfdB6II6ULBosgIDzNJl9DjvLi2Ro9u6rFejkUxOVW09
4EjniY7ZYKIbCzHHVnhixDStvLTHb9CfQnKxD/xk84HC3ibAgtveR8buRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfl9BXx9YiHODvVdoENlk74aD60MB8GA1UdIwQY
MBaAFEmvIVPwJAmkZOTXRhyALUuN0Q3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQt
NGVhNmRmYjJlNWQzLzEvVi1YMEZmSDFpSWM0TzlWMmdRMldUdmhvUHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQtNGVhNmRmYjJlNWQz
LzEvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYzmMA0G
CSqGSIb3DQEBCwUAA4IBAQCkXxFG2+xrqXxYdJDJNpVZEnwR3/xnusnrkgaEL8DG
Jdii5co1LNmPX5qiyoTAlt8HJB8O+gqkO9gM6FzCGhccNqzmu7IqU5fLMnX9LTlZ
5fZWFTqP5diT1WOpjrFMFf2+cLSjlSu+NLy9tc3VvYUj1G8vzsgwyMWgMVqZNHlW
IdqsDDxDZ+b/XRHXQwy4S1WGjjXoOWurXoQ2GyTeKTJVbTns0VtWkDnt2WiH3yMv
oArOQI6GknBCAfVe7try9ntLa1eU9sTlxhkh/pujNlOFqSWYvg3XYbarlXauQekT
YwkbGBjQHIRjU3jlTy0zP3/A/pSWs7ZM4lkN72U6zkt9
-----END CERTIFICATE-----