Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/oQd9BSSO8OeZmVzPbrxglhEv_MM.roa
File:                     oQd9BSSO8OeZmVzPbrxglhEv_MM.roa (raw, json)
Hash identifier:          Qi8fVpOZHk0jlCbb8lQ3amvSeG7iMbEidaK8MMmgu9o=
Subject key identifier:   A1:07:7D:05:24:8E:F0:E7:99:99:5C:CF:6E:BC:60:96:11:2F:FC:C3
Certificate issuer:       /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial:       018CC5DBECA9EF3ECDD0F65D8970A5A4BB8A
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/oQd9BSSO8OeZmVzPbrxglhEv_MM.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199659
IP address blocks:        185.43.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:a9:ef:3e:cd:d0:f6:5d:89:70:a5:a4:bb:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1077d05248ef0e799995ccf6ebc6096112ffcc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:34:cd:4a:01:fb:03:8a:a2:4f:4c:40:e1:25:
                    b9:96:78:56:c5:f2:84:ee:83:9f:36:62:e0:31:72:
                    1f:9e:bf:87:3a:c5:32:28:1a:26:7d:63:8a:f3:d9:
                    02:c9:8d:e6:79:d1:9b:4b:a8:b5:04:e1:b4:23:1e:
                    c6:69:c9:ee:fa:39:47:54:4c:3b:d5:e6:65:f6:a9:
                    65:3b:55:35:01:fe:d5:d2:3d:26:0a:8d:2f:79:19:
                    24:99:bf:83:ac:1f:95:3b:83:27:85:87:b4:f1:b3:
                    70:19:d6:de:b2:53:45:d6:74:7d:73:e5:be:d0:47:
                    5b:6f:76:bb:02:4f:d8:50:3d:15:5d:77:31:07:cb:
                    39:96:b2:06:03:22:11:92:8c:e7:3a:21:5d:29:e2:
                    91:78:a6:f4:d3:be:46:37:30:6d:5c:37:9d:7d:1c:
                    bb:84:38:17:a7:85:73:3e:69:b1:9e:dd:6f:08:51:
                    dd:d1:f6:38:f5:be:b9:23:b7:06:21:04:eb:97:2d:
                    6c:20:8c:e5:6a:62:13:7b:fd:d1:54:f7:2c:b4:53:
                    31:59:f1:5b:a9:12:25:ee:51:0a:2a:ec:d6:d3:e2:
                    8b:f2:60:4d:88:31:26:c9:6a:29:6d:46:e4:3c:f7:
                    40:47:bd:c1:7d:47:1e:88:eb:89:da:c7:61:24:7d:
                    0d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:07:7D:05:24:8E:F0:E7:99:99:5C:CF:6E:BC:60:96:11:2F:FC:C3
            X509v3 Authority Key Identifier:
                keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/oQd9BSSO8OeZmVzPbrxglhEv_MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ba:4b:46:92:66:9b:89:22:09:a2:ad:25:8c:f5:a0:ea:bb:
         8a:d3:f6:21:97:8b:64:25:b4:07:58:f6:b0:dd:4d:44:f7:a5:
         c2:d5:45:39:e0:6e:8f:66:ac:4d:f8:50:96:a4:10:45:19:f3:
         72:83:ce:82:8d:90:f6:5e:c8:73:e0:3c:12:a1:59:e5:7e:24:
         d3:3a:36:78:f1:ce:a0:a9:c5:fd:e8:c2:ab:05:a9:15:a0:ad:
         5f:ee:19:1d:58:56:7d:9b:8c:11:45:ca:93:1f:3b:2e:bd:27:
         53:4c:b4:5f:a8:d2:9d:66:1a:06:29:c6:11:fb:8c:7f:aa:ec:
         6b:bd:78:8a:9e:dc:75:87:23:ce:52:73:ac:0a:76:88:98:91:
         af:90:2f:4e:e6:b0:7f:56:b5:6e:bf:9b:e8:27:30:64:a6:f3:
         0e:98:6e:3d:3b:7c:89:01:a2:ca:0f:52:8e:73:42:1f:c9:a3:
         3a:1a:25:66:e3:33:cc:58:4f:37:35:c6:05:09:d2:cb:b8:4f:
         29:2e:da:36:77:e0:8c:fb:01:3d:17:4b:2b:6c:06:8d:d1:b0:
         7c:aa:86:b4:c7:ce:cf:f4:c3:cb:04:d0:bd:a8:84:15:30:0b:
         c6:f3:39:8f:39:06:e0:97:93:17:0b:64:7c:a4:9b:45:20:f5:
         1a:c7:9f:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+yp7z7N0PZdiXClpLuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA3N2QwNTI0OGVmMGU3OTk5OTVjY2Y2ZWJjNjA5NjExMmZmY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTTNSgH7A4qiT0xA4SW5lnhWxfKE
7oOfNmLgMXIfnr+HOsUyKBomfWOK89kCyY3medGbS6i1BOG0Ix7Gacnu+jlHVEw7
1eZl9qllO1U1Af7V0j0mCo0veRkkmb+DrB+VO4MnhYe08bNwGdbeslNF1nR9c+W+
0Edbb3a7Ak/YUD0VXXcxB8s5lrIGAyIRkoznOiFdKeKReKb0075GNzBtXDedfRy7
hDgXp4VzPmmxnt1vCFHd0fY49b65I7cGIQTrly1sIIzlamITe/3RVPcstFMxWfFb
qRIl7lEKKuzW0+KL8mBNiDEmyWopbUbkPPdAR73BfUceiOuJ2sdhJH0NPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEHfQUkjvDnmZlcz268YJYRL/zDMB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvb1FkOUJTU084T2VabVZ6UGJyeGdsaEV2X01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSuBMA0G
CSqGSIb3DQEBCwUAA4IBAQCYuktGkmabiSIJoq0ljPWg6ruK0/Yhl4tkJbQHWPaw
3U1E96XC1UU54G6PZqxN+FCWpBBFGfNyg86CjZD2Xshz4DwSoVnlfiTTOjZ48c6g
qcX96MKrBakVoK1f7hkdWFZ9m4wRRcqTHzsuvSdTTLRfqNKdZhoGKcYR+4x/quxr
vXiKntx1hyPOUnOsCnaImJGvkC9O5rB/VrVuv5voJzBkpvMOmG49O3yJAaLKD1KO
c0IfyaM6GiVm4zPMWE83NcYFCdLLuE8pLto2d+CM+wE9F0srbAaN0bB8qoa0x87P
9MPLBNC9qIQVMAvG8zmPOQbgl5MXC2R8pJtFIPUax58v
-----END CERTIFICATE-----