Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hR3HXIvzfJc7q0vloNSqFJOEjKA.roa
File:                     hR3HXIvzfJc7q0vloNSqFJOEjKA.roa (raw, json)
Hash identifier:          797Un3j9GszPyx+Jmm4BzPdS7g50SLGy5kq5QigEeWo=
Subject key identifier:   85:1D:C7:5C:8B:F3:7C:97:3B:AB:4B:E5:A0:D4:AA:14:93:84:8C:A0
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       018DE5D529741B2A82DECC0B72E8662319A9
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hR3HXIvzfJc7q0vloNSqFJOEjKA.roa
Signing time:             Mon 26 Feb 2024 14:32:48 +0000
ROA not before:           Mon 26 Feb 2024 14:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     267507
IP address blocks:        185.21.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:d5:29:74:1b:2a:82:de:cc:0b:72:e8:66:23:19:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Feb 26 14:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=851dc75c8bf37c973bab4be5a0d4aa1493848ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c5:03:17:58:a9:5e:4c:0c:63:9b:4e:52:66:
                    11:7a:a3:92:65:96:78:95:82:ca:87:22:e7:d8:f9:
                    e2:dc:a6:ae:7a:57:d5:ab:94:e7:68:51:5a:68:93:
                    ca:0b:e4:0b:03:81:02:44:b7:0e:62:ad:90:be:84:
                    83:87:55:87:85:8c:63:bd:e2:1e:43:48:40:46:14:
                    47:84:a5:ca:fa:5c:91:56:4a:87:05:6c:d5:f2:f6:
                    81:41:02:8e:8b:64:a9:ed:2b:6a:76:30:e4:37:9d:
                    92:2e:03:bb:fe:ca:db:7e:bc:dd:e5:83:c7:b6:5e:
                    d6:8a:24:1d:f4:85:26:ff:87:9c:80:e2:74:dc:6c:
                    99:86:3d:82:d3:5d:fd:da:01:3d:d5:26:b6:04:5e:
                    35:9b:ff:a7:22:e4:c4:ad:c5:e7:d0:57:cb:63:d4:
                    27:33:4a:dd:43:a5:51:92:ec:d5:59:36:c1:f9:29:
                    9a:e1:0c:f1:5f:87:cf:12:4b:ef:c4:9f:9b:14:12:
                    c4:ef:30:8f:98:30:14:ee:b3:67:0f:e7:6b:0b:8c:
                    97:56:00:ce:d2:13:3c:4f:b7:c5:f8:42:7d:4d:3e:
                    5a:e5:88:93:1b:fa:52:8b:95:f7:82:e1:bb:b3:8f:
                    fb:14:1e:b5:fc:01:16:54:de:b6:2b:d8:25:33:f1:
                    f3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1D:C7:5C:8B:F3:7C:97:3B:AB:4B:E5:A0:D4:AA:14:93:84:8C:A0
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hR3HXIvzfJc7q0vloNSqFJOEjKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:c8:9c:27:c8:c5:5d:f8:21:99:27:ec:f5:ca:92:8c:93:2c:
         30:b1:2f:27:4d:a1:27:46:ea:d3:4a:fb:4b:0a:5d:df:ab:a1:
         ca:be:64:6b:0a:8f:4e:0c:f3:2f:44:55:33:a3:29:f8:57:c2:
         79:2c:b7:09:39:47:4b:c2:11:96:e8:aa:f8:1c:a3:2d:d5:3d:
         dc:0b:62:5b:4e:6b:10:17:5e:ae:e8:f9:fb:c9:34:92:41:3b:
         3b:52:07:58:34:2d:a3:02:c8:09:9b:4b:17:06:f5:90:55:56:
         12:c3:69:33:a2:05:6c:1d:a5:f8:49:eb:12:78:de:c1:c8:ae:
         13:e3:ff:7f:ac:45:87:1b:73:fd:fa:c9:f2:50:f9:63:a7:de:
         eb:4c:40:3c:93:58:e3:de:80:de:72:71:bf:81:35:50:aa:24:
         04:83:11:b9:89:99:cd:5a:c0:5b:50:33:1b:f6:7c:3c:6c:d0:
         63:df:b4:8f:9b:2f:fb:a9:36:09:cd:27:93:3a:e6:21:1e:ed:
         10:05:4d:6f:ca:8d:b1:00:1c:59:20:fd:c7:2e:46:6f:4a:71:
         c3:ea:af:75:ae:69:c0:04:97:f5:fa:4e:7f:07:a9:41:38:ca:
         77:30:a1:44:6f:1e:0c:f3:41:8c:fe:a7:dd:04:6e:51:81:8e:
         10:50:2b:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3l1Sl0GyqC3swLcuhmIxmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwMjI2MTQzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTFkYzc1YzhiZjM3Yzk3M2JhYjRiZTVhMGQ0YWExNDkzODQ4Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMUDF1ipXkwMY5tOUmYReqOSZZZ4
lYLKhyLn2Pni3KauelfVq5TnaFFaaJPKC+QLA4ECRLcOYq2QvoSDh1WHhYxjveIe
Q0hARhRHhKXK+lyRVkqHBWzV8vaBQQKOi2Sp7StqdjDkN52SLgO7/srbfrzd5YPH
tl7WiiQd9IUm/4ecgOJ03GyZhj2C01392gE91Sa2BF41m/+nIuTErcXn0FfLY9Qn
M0rdQ6VRkuzVWTbB+Sma4QzxX4fPEkvvxJ+bFBLE7zCPmDAU7rNnD+drC4yXVgDO
0hM8T7fF+EJ9TT5a5YiTG/pSi5X3guG7s4/7FB61/AEWVN62K9glM/Hz/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUdx1yL83yXO6tL5aDUqhSThIygMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvaFIzSFhJdnpmSmM3cTB2bG9OU3FGSk9FaktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX8MA0G
CSqGSIb3DQEBCwUAA4IBAQCuyJwnyMVd+CGZJ+z1ypKMkywwsS8nTaEnRurTSvtL
Cl3fq6HKvmRrCo9ODPMvRFUzoyn4V8J5LLcJOUdLwhGW6Kr4HKMt1T3cC2JbTmsQ
F16u6Pn7yTSSQTs7UgdYNC2jAsgJm0sXBvWQVVYSw2kzogVsHaX4SesSeN7ByK4T
4/9/rEWHG3P9+snyUPljp97rTEA8k1jj3oDecnG/gTVQqiQEgxG5iZnNWsBbUDMb
9nw8bNBj37SPmy/7qTYJzSeTOuYhHu0QBU1vyo2xABxZIP3HLkZvSnHD6q91rmnA
BJf1+k5/B6lBOMp3MKFEbx4M80GM/qfdBG5RgY4QUCsB
-----END CERTIFICATE-----