Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/l2GuIY_FWphj2gl0U31gEf0g1kQ.roa
File:                     l2GuIY_FWphj2gl0U31gEf0g1kQ.roa (raw, json)
Hash identifier:          HPG98+n1LY4e2Fj73UDLJRgrZeFnoNd+/qMmycP8EO0=
Subject key identifier:   97:61:AE:21:8F:C5:5A:98:63:DA:09:74:53:7D:60:11:FD:20:D6:44
Certificate issuer:       /CN=ad9ef3c5b03ffc56dd30fc1d060d1588f264b2b3
Certificate serial:       018CC5DC244CAB5566A4FF02845E126DB3BC
Authority key identifier: AD:9E:F3:C5:B0:3F:FC:56:DD:30:FC:1D:06:0D:15:88:F2:64:B2:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZ7zxbA__FbdMPwdBg0ViPJksrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/l2GuIY_FWphj2gl0U31gEf0g1kQ.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.137.157.0/24 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/rZ7zxbA__FbdMPwdBg0ViPJksrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/rZ7zxbA__FbdMPwdBg0ViPJksrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZ7zxbA__FbdMPwdBg0ViPJksrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:24:4c:ab:55:66:a4:ff:02:84:5e:12:6d:b3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9ef3c5b03ffc56dd30fc1d060d1588f264b2b3
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9761ae218fc55a9863da0974537d6011fd20d644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ff:f8:8a:f9:03:cc:8e:7a:99:37:d5:8e:a0:
                    bd:40:89:54:fc:1f:24:15:f5:8f:56:de:a9:b3:68:
                    94:10:24:12:0b:7b:48:3d:8a:e2:33:3e:f9:8d:8c:
                    15:19:35:22:67:f1:90:34:67:d9:8a:8f:11:82:82:
                    dc:e5:62:03:54:0a:73:74:e1:77:69:ac:63:80:dc:
                    a7:7b:91:97:f6:89:fb:19:e3:1b:db:72:e1:fb:45:
                    3e:b6:1d:94:0d:ca:28:28:da:a0:31:e1:2f:fd:b5:
                    61:bb:cf:ed:32:08:c5:0e:54:2d:2c:1c:36:8e:94:
                    a5:1b:fb:c4:f5:37:c8:00:c3:50:4c:a3:8f:df:2c:
                    9c:65:b0:69:b8:ec:da:8a:34:9e:19:20:72:c2:7a:
                    62:cc:58:69:8a:37:df:1f:40:96:9e:f7:82:64:4c:
                    b2:87:71:f4:ca:94:b8:eb:9e:ec:00:46:f5:34:19:
                    12:77:42:17:dd:ba:03:8b:24:bf:c9:ae:31:21:9f:
                    b7:cd:e8:69:ca:cc:c5:7a:3c:16:21:c3:31:4f:a4:
                    65:9b:a0:89:f3:d3:15:cf:7f:7c:43:c8:d4:41:9d:
                    ac:db:cd:3c:f6:6c:e4:24:83:c2:d0:96:ef:90:4f:
                    53:d0:04:85:e7:de:03:89:ae:b0:28:39:e0:c5:40:
                    df:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:61:AE:21:8F:C5:5A:98:63:DA:09:74:53:7D:60:11:FD:20:D6:44
            X509v3 Authority Key Identifier:
                keyid:AD:9E:F3:C5:B0:3F:FC:56:DD:30:FC:1D:06:0D:15:88:F2:64:B2:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZ7zxbA__FbdMPwdBg0ViPJksrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/l2GuIY_FWphj2gl0U31gEf0g1kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/725a6f-0f29-492d-b231-9771b268f0ef/1/rZ7zxbA__FbdMPwdBg0ViPJksrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7e:ac:b6:ef:59:93:90:59:ff:02:60:de:86:ad:62:46:8b:
         31:fb:bd:60:8a:00:df:d1:cc:bc:9a:be:d9:51:1e:ca:f8:c5:
         9b:a7:b1:23:b4:a4:d6:c4:83:1d:96:58:ca:bd:24:de:eb:71:
         80:7c:b5:c4:f4:92:b3:08:99:dd:68:7a:18:9e:88:85:12:93:
         b1:2f:1b:cb:df:e9:26:c7:62:39:49:36:ce:b1:2a:82:66:ce:
         71:8e:84:59:ab:3c:93:f9:3b:26:62:f5:65:ba:20:f0:f8:f7:
         e3:4b:c7:f7:bb:3f:f2:15:64:b9:3f:12:97:06:40:c7:e3:87:
         ad:4a:54:be:f7:52:55:f3:d4:a2:cd:e2:36:e5:20:e3:04:64:
         24:e8:3a:96:fc:be:4c:13:cb:9c:33:90:f4:68:d8:98:e5:77:
         7c:82:5d:c6:42:96:e6:b2:d5:fd:6c:55:7a:9f:d4:d4:c1:b8:
         25:6a:c8:5b:46:3f:b8:80:b0:ef:13:14:3d:7c:96:0f:06:d6:
         52:09:a8:5c:86:07:89:da:c2:cd:85:7b:30:b3:92:51:07:ca:
         29:01:6c:d1:80:09:0d:a9:ac:1c:42:68:55:bf:63:62:8c:62:
         43:f9:96:d8:0d:e2:b8:a0:69:af:70:ac:90:e5:8d:d8:d7:96:
         c0:05:1c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CRMq1VmpP8ChF4SbbO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOWVmM2M1YjAzZmZjNTZkZDMwZmMxZDA2MGQxNTg4ZjI2
NGIyYjMwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzYxYWUyMThmYzU1YTk4NjNkYTA5NzQ1MzdkNjAxMWZkMjBkNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0P/4ivkDzI56mTfVjqC9QIlU/B8k
FfWPVt6ps2iUECQSC3tIPYriMz75jYwVGTUiZ/GQNGfZio8RgoLc5WIDVApzdOF3
aaxjgNyne5GX9on7GeMb23Lh+0U+th2UDcooKNqgMeEv/bVhu8/tMgjFDlQtLBw2
jpSlG/vE9TfIAMNQTKOP3yycZbBpuOzaijSeGSBywnpizFhpijffH0CWnveCZEyy
h3H0ypS4657sAEb1NBkSd0IX3boDiyS/ya4xIZ+3zehpyszFejwWIcMxT6Rlm6CJ
89MVz398Q8jUQZ2s28089mzkJIPC0JbvkE9T0ASF594Dia6wKDngxUDfNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdhriGPxVqYY9oJdFN9YBH9INZEMB8GA1UdIwQY
MBaAFK2e88WwP/xW3TD8HQYNFYjyZLKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclo3enhiQV9fRmJkTVB3ZEJnMFZpUEprc3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjVhNmYtMGYyOS00OTJkLWIyMzEt
OTc3MWIyNjhmMGVmLzEvbDJHdUlZX0ZXcGhqMmdsMFUzMWdFZjBnMWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjVhNmYtMGYyOS00OTJkLWIyMzEtOTc3MWIyNjhmMGVm
LzEvclo3enhiQV9fRmJkTVB3ZEJnMFZpUEprc3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYmdMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fqy271mTkFn/AmDehq1iRosx+71gigDf0cy8mr7Z
UR7K+MWbp7EjtKTWxIMdlljKvSTe63GAfLXE9JKzCJndaHoYnoiFEpOxLxvL3+km
x2I5STbOsSqCZs5xjoRZqzyT+TsmYvVluiDw+PfjS8f3uz/yFWS5PxKXBkDH44et
SlS+91JV89SizeI25SDjBGQk6DqW/L5ME8ucM5D0aNiY5Xd8gl3GQpbmstX9bFV6
n9TUwbglashbRj+4gLDvExQ9fJYPBtZSCahchgeJ2sLNhXsws5JRB8opAWzRgAkN
qawcQmhVv2NijGJD+ZbYDeK4oGmvcKyQ5Y3Y15bABRyZ
-----END CERTIFICATE-----