Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/07Xr_BOlJOk9Jd9oI04ohkKa2-k.roa
File:                     07Xr_BOlJOk9Jd9oI04ohkKa2-k.roa (raw, json)
Hash identifier:          A1FwipOeVahs60pF4b/Ffn+5YuvjPZ07+DRvGvQqSqM=
Subject key identifier:   D3:B5:EB:FC:13:A5:24:E9:3D:25:DF:68:23:4E:28:86:42:9A:DB:E9
Certificate issuer:       /CN=a09fda047b3a0b1c820435e699388660da32c63f
Certificate serial:       018FE24A2A144CE80920E50F4D0DC4B61FE3
Authority key identifier: A0:9F:DA:04:7B:3A:0B:1C:82:04:35:E6:99:38:86:60:DA:32:C6:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/07Xr_BOlJOk9Jd9oI04ohkKa2-k.roa
Signing time:             Tue 04 Jun 2024 08:07:42 +0000
ROA not before:           Tue 04 Jun 2024 08:07:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        185.18.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:4a:2a:14:4c:e8:09:20:e5:0f:4d:0d:c4:b6:1f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a09fda047b3a0b1c820435e699388660da32c63f
        Validity
            Not Before: Jun  4 08:07:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3b5ebfc13a524e93d25df68234e2886429adbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6c:dc:a6:95:29:3a:20:c7:a2:01:ea:15:b1:
                    4a:27:f1:09:86:ef:bb:0e:50:1d:5a:4d:50:0d:33:
                    50:36:2b:da:19:17:e8:3c:a0:ca:aa:d6:26:cb:5e:
                    ed:44:d8:40:1a:b0:3a:f8:df:d8:ea:e5:aa:2c:35:
                    ba:f0:e5:f9:d5:d9:0e:56:3c:aa:c9:08:1f:4d:d4:
                    34:56:b9:8f:c9:ff:c1:d1:87:a8:23:18:be:ed:95:
                    98:f9:d5:4b:68:f6:05:38:56:4c:4f:31:cc:4b:7b:
                    5d:34:27:ce:cb:ba:ab:e1:19:46:a8:e0:dd:69:d0:
                    2e:3f:6b:d6:73:b5:12:1c:37:eb:0a:f6:c6:8e:dd:
                    b1:c3:ad:77:13:4e:d2:9c:b4:b5:df:b1:ab:e4:a4:
                    cc:80:6e:34:70:90:25:84:44:a7:29:35:ac:ab:ab:
                    6e:1e:44:31:60:2f:09:25:f1:f4:a8:5d:9b:b7:b7:
                    dc:66:b2:5d:a2:5f:7a:ef:b3:0d:ae:0e:bd:27:2c:
                    69:62:8e:1c:f5:cc:02:5c:4a:52:e7:f6:5b:b0:4c:
                    ff:ef:f2:c2:55:1b:fc:86:b9:e2:86:34:e9:bc:1c:
                    ac:46:50:bd:73:c0:33:20:d0:4d:79:d0:b1:6e:e7:
                    e1:b0:f2:d1:c0:b0:7f:a0:ff:41:07:c1:d3:5b:dc:
                    c7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B5:EB:FC:13:A5:24:E9:3D:25:DF:68:23:4E:28:86:42:9A:DB:E9
            X509v3 Authority Key Identifier:
                keyid:A0:9F:DA:04:7B:3A:0B:1C:82:04:35:E6:99:38:86:60:DA:32:C6:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/07Xr_BOlJOk9Jd9oI04ohkKa2-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:bc:50:8d:96:89:f4:a9:7d:3c:4a:4b:70:35:3b:18:08:df:
         66:cc:83:5d:98:7e:25:e0:0d:be:37:4c:ec:08:c5:ba:17:d0:
         a8:5d:7c:93:f5:7c:14:70:20:de:32:ab:77:92:78:f6:ef:34:
         32:53:2f:37:75:7e:fb:17:29:05:03:9b:71:bf:64:89:08:bc:
         57:62:d5:3a:8e:f7:89:9c:fb:c4:59:ce:a2:a6:68:e7:ce:29:
         94:00:6c:de:f6:d0:a5:13:63:38:f1:8d:03:d3:62:ae:b5:89:
         b4:89:05:43:b8:cc:f7:d9:37:a3:a3:db:72:60:2b:e2:06:ec:
         e9:9f:d6:1c:ab:59:a5:65:62:e1:cf:89:8a:be:ad:41:49:b2:
         f1:15:83:bd:f3:11:f2:0e:1f:d6:d9:d0:4a:0f:d6:70:96:1a:
         f6:c2:f6:96:8b:e8:87:9e:39:fb:22:06:5b:9c:63:f3:80:c9:
         e8:dc:6e:cc:fd:b4:7d:00:27:31:d7:aa:76:f7:fa:8a:34:8b:
         d5:83:39:38:bc:21:41:10:32:c9:7d:41:99:01:74:1e:24:5f:
         5e:29:06:74:26:3f:17:de:ac:ca:d2:e4:01:07:b3:e9:09:92:
         33:ce:c6:d5:bc:31:40:c2:8f:56:21:bd:d4:fa:33:b3:d9:60:
         86:e2:db:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/iSioUTOgJIOUPTQ3Eth/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOWZkYTA0N2IzYTBiMWM4MjA0MzVlNjk5Mzg4NjYwZGEz
MmM2M2YwHhcNMjQwNjA0MDgwNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I1ZWJmYzEzYTUyNGU5M2QyNWRmNjgyMzRlMjg4NjQyOWFkYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWzcppUpOiDHogHqFbFKJ/EJhu+7
DlAdWk1QDTNQNivaGRfoPKDKqtYmy17tRNhAGrA6+N/Y6uWqLDW68OX51dkOVjyq
yQgfTdQ0VrmPyf/B0YeoIxi+7ZWY+dVLaPYFOFZMTzHMS3tdNCfOy7qr4RlGqODd
adAuP2vWc7USHDfrCvbGjt2xw613E07SnLS137Gr5KTMgG40cJAlhESnKTWsq6tu
HkQxYC8JJfH0qF2bt7fcZrJdol9677MNrg69JyxpYo4c9cwCXEpS5/ZbsEz/7/LC
VRv8hrnihjTpvBysRlC9c8AzINBNedCxbufhsPLRwLB/oP9BB8HTW9zHdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO16/wTpSTpPSXfaCNOKIZCmtvpMB8GA1UdIwQY
MBaAFKCf2gR7OgscggQ15pk4hmDaMsY/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0pfYUJIczZDeHlDQkRYbW1UaUdZTm95eGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84YjRkMzItMDM2NS00ZGFhLTlkNWIt
Mjk5MjBlNTE2N2Q5LzEvMDdYcl9CT2xKT2s5SmQ5b0kwNG9oa0thMi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84YjRkMzItMDM2NS00ZGFhLTlkNWItMjk5MjBlNTE2N2Q5
LzEvb0pfYUJIczZDeHlDQkRYbW1UaUdZTm95eGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRLeMA0G
CSqGSIb3DQEBCwUAA4IBAQAqvFCNlon0qX08SktwNTsYCN9mzINdmH4l4A2+N0zs
CMW6F9CoXXyT9XwUcCDeMqt3knj27zQyUy83dX77FykFA5txv2SJCLxXYtU6jveJ
nPvEWc6ipmjnzimUAGze9tClE2M48Y0D02KutYm0iQVDuMz32Tejo9tyYCviBuzp
n9Ycq1mlZWLhz4mKvq1BSbLxFYO98xHyDh/W2dBKD9Zwlhr2wvaWi+iHnjn7IgZb
nGPzgMno3G7M/bR9ACcx16p29/qKNIvVgzk4vCFBEDLJfUGZAXQeJF9eKQZ0Jj8X
3qzK0uQBB7PpCZIzzsbVvDFAwo9WIb3U+jOz2WCG4ttT
-----END CERTIFICATE-----