Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/W5dou1-3e3Q495D9hGQNQyrG-r0.roa
File:                     W5dou1-3e3Q495D9hGQNQyrG-r0.roa (raw, json)
Hash identifier:          ML7A/EMna8XT8Y6TuV9l06uT+8y3IL9Uz8Vp9s9nsQI=
Subject key identifier:   5B:97:68:BB:5F:B7:7B:74:38:F7:90:FD:84:64:0D:43:2A:C6:FA:BD
Certificate issuer:       /CN=258f5a8e295ad1d7b48a1e11958790052b57a253
Certificate serial:       018CC26D63F088434710C63BFEEA6D0B0F86
Authority key identifier: 25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/W5dou1-3e3Q495D9hGQNQyrG-r0.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35169
IP address blocks:        145.226.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 22:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:f0:88:43:47:10:c6:3b:fe:ea:6d:0b:0f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258f5a8e295ad1d7b48a1e11958790052b57a253
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b9768bb5fb77b7438f790fd84640d432ac6fabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:16:b0:92:87:5a:7b:6d:b6:65:bf:79:6a:1a:
                    9e:4d:1f:62:95:e5:a4:83:a1:f4:97:6a:ba:a4:cb:
                    95:1c:11:f2:aa:c9:8e:cc:a0:c2:69:44:2a:6c:cc:
                    d0:32:f1:29:69:3c:a1:df:e7:a0:19:d2:45:61:0a:
                    02:55:d6:90:0e:a1:34:7f:50:69:b1:20:ed:47:31:
                    38:42:f4:47:97:36:9d:3e:ec:b9:c7:a7:46:f9:bf:
                    06:11:b5:7f:2b:1d:ee:6d:d6:89:93:26:0a:0b:60:
                    e8:d4:cc:99:95:7d:6f:69:b2:d7:3b:33:f6:4b:ee:
                    6a:1b:be:2d:f9:ca:10:d1:ea:91:ed:7c:69:ad:fd:
                    b1:4e:28:8e:5d:85:8d:e3:f0:ef:2d:da:bd:ab:de:
                    0f:38:f4:84:3c:43:27:7b:f6:dc:21:d5:7a:ff:fe:
                    80:5c:5e:60:54:52:32:6c:b9:32:3c:e7:d8:5b:31:
                    73:5a:56:1b:8e:b1:d6:88:04:b5:67:47:b1:33:fd:
                    98:60:b9:28:21:7c:15:56:92:41:34:e9:b2:f2:e1:
                    9c:f6:5e:d5:4e:37:78:44:fe:c8:d1:c1:df:b6:72:
                    5a:27:cd:c4:4b:b9:c4:f9:9c:93:fb:ca:2c:95:30:
                    74:ca:b1:7c:4f:1b:75:c0:11:0d:61:b0:4c:0a:a6:
                    6c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:97:68:BB:5F:B7:7B:74:38:F7:90:FD:84:64:0D:43:2A:C6:FA:BD
            X509v3 Authority Key Identifier:
                keyid:25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/W5dou1-3e3Q495D9hGQNQyrG-r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.226.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:55:cf:f4:11:fc:b5:75:0c:21:66:f5:98:a0:ca:00:d6:5a:
         a3:e7:20:b3:a2:46:0f:39:db:c4:67:a4:46:0c:0e:e3:b0:73:
         13:55:c7:f9:f1:58:5f:69:a4:3e:c1:23:c1:11:23:96:5f:9d:
         e0:bd:7e:39:6d:78:e6:cf:0d:87:b1:e8:36:f8:74:9c:52:9d:
         33:8a:0c:f1:33:39:04:a9:f4:74:ef:73:98:e3:4d:d6:bb:dc:
         37:1c:67:1a:ed:26:d6:e6:6c:8b:34:f6:70:1c:3e:4f:54:58:
         8c:bf:5c:b7:80:98:5f:9d:7e:6e:b1:51:db:a1:4d:43:0f:32:
         7a:db:fa:cc:df:d0:bc:df:ae:9e:56:b0:8c:50:4e:d7:5d:68:
         98:95:8d:82:e2:a5:3c:33:dd:92:ff:f7:7b:71:21:c5:ba:76:
         8f:8b:38:73:c4:86:73:e9:f5:74:95:2a:72:07:df:54:cd:42:
         bc:c1:59:34:67:8a:45:89:45:6d:84:46:95:b8:d6:60:b7:0a:
         df:2f:c7:1b:3a:18:38:6f:ed:55:f6:95:98:67:a8:0a:d8:be:
         1f:9b:04:1a:f9:00:8b:08:2f:df:25:1c:6a:97:d5:90:0b:6d:
         ec:8d:5e:d0:d8:07:6e:74:49:47:1a:7e:ca:33:db:f0:42:9b:
         37:4a:be:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWPwiENHEMY7/uptCw+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OGY1YThlMjk1YWQxZDdiNDhhMWUxMTk1ODc5MDA1MmI1
N2EyNTMwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjk3NjhiYjVmYjc3Yjc0MzhmNzkwZmQ4NDY0MGQ0MzJhYzZmYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBawkodae222Zb95ahqeTR9ileWk
g6H0l2q6pMuVHBHyqsmOzKDCaUQqbMzQMvEpaTyh3+egGdJFYQoCVdaQDqE0f1Bp
sSDtRzE4QvRHlzadPuy5x6dG+b8GEbV/Kx3ubdaJkyYKC2Do1MyZlX1vabLXOzP2
S+5qG74t+coQ0eqR7Xxprf2xTiiOXYWN4/DvLdq9q94POPSEPEMne/bcIdV6//6A
XF5gVFIybLkyPOfYWzFzWlYbjrHWiAS1Z0exM/2YYLkoIXwVVpJBNOmy8uGc9l7V
Tjd4RP7I0cHftnJaJ83ES7nE+ZyT+8oslTB0yrF8Txt1wBENYbBMCqZslwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuXaLtft3t0OPeQ/YRkDUMqxvq9MB8GA1UdIwQY
MBaAFCWPWo4pWtHXtIoeEZWHkAUrV6JTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzkt
NDU4YTI3MzYxNTdhLzEvVzVkb3UxLTNlM1E0OTVEOWhHUU5ReXJHLXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzktNDU4YTI3MzYxNTdh
LzEvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkeJnMA0G
CSqGSIb3DQEBCwUAA4IBAQCcVc/0Efy1dQwhZvWYoMoA1lqj5yCzokYPOdvEZ6RG
DA7jsHMTVcf58VhfaaQ+wSPBESOWX53gvX45bXjmzw2Hseg2+HScUp0zigzxMzkE
qfR073OY403Wu9w3HGca7SbW5myLNPZwHD5PVFiMv1y3gJhfnX5usVHboU1DDzJ6
2/rM39C8366eVrCMUE7XXWiYlY2C4qU8M92S//d7cSHFunaPizhzxIZz6fV0lSpy
B99UzUK8wVk0Z4pFiUVthEaVuNZgtwrfL8cbOhg4b+1V9pWYZ6gK2L4fmwQa+QCL
CC/fJRxql9WQC23sjV7Q2AdudElHGn7KM9vwQps3Sr4/
-----END CERTIFICATE-----