Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/0xAZv2IVXjAgHkUloAAoLxfhuyA.roa
File:                     0xAZv2IVXjAgHkUloAAoLxfhuyA.roa (raw, json)
Hash identifier:          lhj8nUjJCaeL5SXp3QWYiYfocU/U/BehwDTiRkknZ4c=
Subject key identifier:   D3:10:19:BF:62:15:5E:30:20:1E:45:25:A0:00:28:2F:17:E1:BB:20
Certificate issuer:       /CN=1e234242957bb1be129681721f9c2cd08df07baa
Certificate serial:       018CC7958093FA95C168B68FFE748DE69D1E
Authority key identifier: 1E:23:42:42:95:7B:B1:BE:12:96:81:72:1F:9C:2C:D0:8D:F0:7B:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HiNCQpV7sb4SloFyH5ws0I3we6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/0xAZv2IVXjAgHkUloAAoLxfhuyA.roa
Signing time:             Tue 02 Jan 2024 00:31:52 +0000
ROA not before:           Tue 02 Jan 2024 00:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        185.40.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/HiNCQpV7sb4SloFyH5ws0I3we6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/HiNCQpV7sb4SloFyH5ws0I3we6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HiNCQpV7sb4SloFyH5ws0I3we6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:80:93:fa:95:c1:68:b6:8f:fe:74:8d:e6:9d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e234242957bb1be129681721f9c2cd08df07baa
        Validity
            Not Before: Jan  2 00:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d31019bf62155e30201e4525a000282f17e1bb20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:70:6e:41:f0:20:6d:03:37:17:c3:3e:b8:5c:
                    39:04:14:3a:3b:07:e1:d3:c4:ff:16:e0:de:fe:71:
                    ed:89:82:84:2b:9c:c6:90:47:4f:0b:95:10:f0:95:
                    16:e4:08:10:12:af:f9:f1:94:66:35:df:98:9c:a5:
                    72:66:02:c5:ed:e6:87:34:a8:ba:c6:08:c9:29:65:
                    3d:93:41:5a:bb:9a:7f:49:42:76:93:75:0c:f2:dd:
                    85:b3:8e:70:b9:87:62:82:6a:e5:b8:71:57:34:a6:
                    91:bd:10:6b:53:b9:d2:01:a6:39:a8:f7:d5:a8:90:
                    78:32:60:58:ac:87:30:49:11:d4:73:ed:0a:fe:a8:
                    8c:41:3f:4b:d6:1f:f3:c7:fc:96:b3:29:27:f0:14:
                    e7:c3:d9:b3:78:73:cb:d4:c9:dc:53:f8:68:af:92:
                    94:4d:11:35:67:de:9e:b4:07:0a:30:0b:4d:fd:41:
                    f7:ef:56:a5:3d:7f:f6:14:d7:18:a0:36:1d:b0:a2:
                    e6:48:e8:b2:02:e9:1b:6c:d9:d4:49:45:9e:5c:a8:
                    69:73:48:0f:bf:79:68:04:56:20:c5:ec:27:1e:0b:
                    06:b8:a4:4b:83:50:84:55:19:6f:9b:a8:5e:20:78:
                    b2:1d:ae:1e:92:c8:bc:77:fd:3a:34:5c:ce:83:a5:
                    7a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:10:19:BF:62:15:5E:30:20:1E:45:25:A0:00:28:2F:17:E1:BB:20
            X509v3 Authority Key Identifier:
                keyid:1E:23:42:42:95:7B:B1:BE:12:96:81:72:1F:9C:2C:D0:8D:F0:7B:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HiNCQpV7sb4SloFyH5ws0I3we6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/0xAZv2IVXjAgHkUloAAoLxfhuyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/HiNCQpV7sb4SloFyH5ws0I3we6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:8d:52:76:01:39:5a:f4:ea:88:b2:b2:16:0d:5c:59:40:cb:
         1b:0c:ad:dd:b2:a6:6b:33:37:f7:db:7f:f3:8e:14:06:a9:82:
         18:00:3a:f0:b7:c2:a8:a8:18:2c:61:36:d3:56:28:7f:7b:ea:
         7d:28:76:95:1d:2f:fd:81:ef:5b:65:6f:62:27:7b:ff:3d:fd:
         a6:c5:4d:26:b0:81:49:f6:ff:b6:4b:8a:d2:31:b2:3c:e1:eb:
         7c:b7:dd:f7:cd:98:c1:e6:65:9b:20:10:22:c5:58:d1:54:44:
         17:1d:a0:19:7c:98:26:19:ec:7c:c6:7b:51:2b:b3:c8:37:08:
         20:da:32:40:08:2c:a8:4b:9b:83:ea:02:d7:2e:e4:36:5d:c9:
         fb:ea:83:ae:32:bb:02:cf:6b:a0:cc:25:9e:d1:9b:c4:34:cf:
         b1:c5:66:aa:d1:17:30:93:e9:24:3e:61:6d:2a:d9:6a:37:b6:
         ef:7b:11:87:17:82:bf:9d:d4:d6:31:64:ae:06:de:0b:49:34:
         0d:77:7d:d6:7d:b5:60:8b:57:3f:50:dc:1c:f1:88:fd:f8:f1:
         a2:15:7c:45:f4:65:92:49:06:33:7e:65:4a:0f:3d:d0:1f:02:
         a6:2e:e9:dd:68:29:63:14:c4:88:3e:8a:12:e0:d6:f2:15:a4:
         48:76:8c:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYCT+pXBaLaP/nSN5p0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMjM0MjQyOTU3YmIxYmUxMjk2ODE3MjFmOWMyY2QwOGRm
MDdiYWEwHhcNMjQwMTAyMDAzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzEwMTliZjYyMTU1ZTMwMjAxZTQ1MjVhMDAwMjgyZjE3ZTFiYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHBuQfAgbQM3F8M+uFw5BBQ6Owfh
08T/FuDe/nHtiYKEK5zGkEdPC5UQ8JUW5AgQEq/58ZRmNd+YnKVyZgLF7eaHNKi6
xgjJKWU9k0Fau5p/SUJ2k3UM8t2Fs45wuYdigmrluHFXNKaRvRBrU7nSAaY5qPfV
qJB4MmBYrIcwSRHUc+0K/qiMQT9L1h/zx/yWsykn8BTnw9mzeHPL1MncU/hor5KU
TRE1Z96etAcKMAtN/UH371alPX/2FNcYoDYdsKLmSOiyAukbbNnUSUWeXKhpc0gP
v3loBFYgxewnHgsGuKRLg1CEVRlvm6heIHiyHa4eksi8d/06NFzOg6V68QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMQGb9iFV4wIB5FJaAAKC8X4bsgMB8GA1UdIwQY
MBaAFB4jQkKVe7G+EpaBch+cLNCN8HuqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGlOQ1FwVjdzYjRTbG9GeUg1d3MwSTN3ZTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iM2FlMzMtNmQ2Mi00MDkzLTkyZWMt
NTYzODUyNmZmNjQxLzEvMHhBWnYySVZYakFnSGtVbG9BQW9MeGZodXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iM2FlMzMtNmQ2Mi00MDkzLTkyZWMtNTYzODUyNmZmNjQx
LzEvSGlOQ1FwVjdzYjRTbG9GeUg1d3MwSTN3ZTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuShIMA0G
CSqGSIb3DQEBCwUAA4IBAQAWjVJ2ATla9OqIsrIWDVxZQMsbDK3dsqZrMzf323/z
jhQGqYIYADrwt8KoqBgsYTbTVih/e+p9KHaVHS/9ge9bZW9iJ3v/Pf2mxU0msIFJ
9v+2S4rSMbI84et8t933zZjB5mWbIBAixVjRVEQXHaAZfJgmGex8xntRK7PINwgg
2jJACCyoS5uD6gLXLuQ2Xcn76oOuMrsCz2ugzCWe0ZvENM+xxWaq0Rcwk+kkPmFt
KtlqN7bvexGHF4K/ndTWMWSuBt4LSTQNd33WfbVgi1c/UNwc8Yj9+PGiFXxF9GWS
SQYzfmVKDz3QHwKmLundaCljFMSIPooS4NbyFaRIdoyq
-----END CERTIFICATE-----