Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/eOUtE0EhM6fZ9aC--qi9tC-6-Zs.roa
File:                     eOUtE0EhM6fZ9aC--qi9tC-6-Zs.roa (raw, json)
Hash identifier:          S9ihQRwK3T8oYDoj9kyl+7k3L1/A/oC45HJDXKYXdbw=
Subject key identifier:   78:E5:2D:13:41:21:33:A7:D9:F5:A0:BE:FA:A8:BD:B4:2F:BA:F9:9B
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018ECB8712127C3FE88E9D789167ED428FB2
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/eOUtE0EhM6fZ9aC--qi9tC-6-Zs.roa
Signing time:             Thu 11 Apr 2024 05:00:10 +0000
ROA not before:           Thu 11 Apr 2024 05:00:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152586
IP address blocks:        185.149.24.0/22 maxlen: 24
                          185.172.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cb:87:12:12:7c:3f:e8:8e:9d:78:91:67:ed:42:8f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Apr 11 05:00:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78e52d13412133a7d9f5a0befaa8bdb42fbaf99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e3:61:28:80:91:ed:dc:22:97:96:fe:6b:1c:
                    a3:9c:a1:b6:41:6a:d4:8e:3c:1f:00:f3:17:2a:81:
                    29:34:ee:81:78:86:21:f4:77:91:f8:21:ee:c2:68:
                    ee:0b:1c:93:1e:57:c8:97:ed:a4:4c:90:3d:ec:03:
                    f7:e4:4b:3d:5f:64:e1:e0:1b:31:e1:a4:91:7c:67:
                    b6:fe:f2:e3:27:df:41:63:6b:89:08:92:6f:5c:a9:
                    d4:15:20:75:4f:6a:e7:20:36:50:28:3c:7f:f7:2a:
                    a5:aa:38:33:54:41:b1:b4:94:87:5f:95:36:8c:15:
                    64:e6:10:9c:89:50:2e:93:53:a1:57:c3:3a:ee:75:
                    0f:2c:9e:25:b8:76:49:60:2e:a4:c3:1c:89:95:ad:
                    d7:b0:e4:d2:c8:46:68:e5:7e:68:1a:16:c4:2b:59:
                    60:ca:dc:98:41:44:1f:12:de:fb:28:4e:80:e3:4a:
                    26:d4:ac:18:3e:b4:6f:1f:5c:d0:b1:26:be:4c:4d:
                    65:66:08:0a:c4:19:7d:fe:a2:ef:c8:cb:35:44:30:
                    c5:95:93:91:c2:05:ca:c6:c3:b9:bb:8c:e2:6c:2e:
                    39:8c:dc:db:30:55:1a:f6:4c:f1:f3:f4:9a:20:eb:
                    3d:ba:7b:f9:33:a5:e5:af:47:8a:18:c4:48:27:3e:
                    46:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E5:2D:13:41:21:33:A7:D9:F5:A0:BE:FA:A8:BD:B4:2F:BA:F9:9B
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/eOUtE0EhM6fZ9aC--qi9tC-6-Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.24.0/22
                  185.172.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:02:50:1d:14:31:75:c4:0a:a1:04:6d:b4:6b:06:f7:8f:bb:
         1a:6a:57:f4:d0:5c:da:ab:9b:72:ef:23:93:a1:90:7b:c4:c7:
         83:c3:5f:21:78:9b:9a:4c:d7:83:35:46:15:42:5e:2b:47:48:
         e6:c1:2c:03:e5:c4:1d:2f:7b:9b:2f:fb:f2:66:18:39:7d:57:
         19:f4:af:6a:32:c5:28:52:74:7a:1c:70:3b:66:9a:52:7a:a6:
         71:33:69:04:18:4d:9a:72:62:fd:db:77:60:6a:54:d0:c9:0c:
         be:97:44:5e:bf:dc:c0:0d:33:bb:03:33:ae:45:f3:0d:2f:87:
         a8:2f:6b:68:12:cc:03:0d:b7:7a:71:2e:16:69:c7:d5:16:a2:
         03:f2:bb:ef:7d:4d:8a:45:d2:43:e6:c7:ca:42:aa:63:5c:bf:
         d7:6f:82:44:9e:dd:59:76:9b:a8:40:a0:44:4e:81:6c:77:ff:
         ec:23:d4:33:6d:16:3c:0a:6c:81:9f:ff:2e:9f:f7:33:bb:8a:
         fc:f0:b9:c1:1e:95:0b:20:41:0d:01:d1:d4:d0:18:c2:70:e2:
         9a:eb:cb:f1:b9:52:e1:53:08:bc:5b:0a:cf:c7:41:fd:4d:32:
         8a:87:30:e3:4c:09:66:50:f8:77:2d:91:8c:48:62:17:64:f0:
         ef:e8:58:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7LhxISfD/ojp14kWftQo+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwNDExMDUwMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU1MmQxMzQxMjEzM2E3ZDlmNWEwYmVmYWE4YmRiNDJmYmFmOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveNhKICR7dwil5b+axyjnKG2QWrU
jjwfAPMXKoEpNO6BeIYh9HeR+CHuwmjuCxyTHlfIl+2kTJA97AP35Es9X2Th4Bsx
4aSRfGe2/vLjJ99BY2uJCJJvXKnUFSB1T2rnIDZQKDx/9yqlqjgzVEGxtJSHX5U2
jBVk5hCciVAuk1OhV8M67nUPLJ4luHZJYC6kwxyJla3XsOTSyEZo5X5oGhbEK1lg
ytyYQUQfEt77KE6A40om1KwYPrRvH1zQsSa+TE1lZggKxBl9/qLvyMs1RDDFlZOR
wgXKxsO5u4zibC45jNzbMFUa9kzx8/SaIOs9unv5M6Xlr0eKGMRIJz5GoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHjlLRNBITOn2fWgvvqovbQvuvmbMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvZU9VdEUwRWhNNmZaOWFDLS1xaTl0Qy02LVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZUYAwQB
uawmMA0GCSqGSIb3DQEBCwUAA4IBAQAoAlAdFDF1xAqhBG20awb3j7saalf00Fza
q5ty7yOToZB7xMeDw18heJuaTNeDNUYVQl4rR0jmwSwD5cQdL3ubL/vyZhg5fVcZ
9K9qMsUoUnR6HHA7ZppSeqZxM2kEGE2acmL923dgalTQyQy+l0Rev9zADTO7AzOu
RfMNL4eoL2toEswDDbd6cS4WacfVFqID8rvvfU2KRdJD5sfKQqpjXL/Xb4JEnt1Z
dpuoQKBEToFsd//sI9QzbRY8CmyBn/8un/czu4r88LnBHpULIEENAdHU0BjCcOKa
68vxuVLhUwi8WwrPx0H9TTKKhzDjTAlmUPh3LZGMSGIXZPDv6Fhv
-----END CERTIFICATE-----