Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ixl9t23B8-0dUb_X_u5YhgB4Pz0.roa
File:                     ixl9t23B8-0dUb_X_u5YhgB4Pz0.roa (raw, json)
Hash identifier:          qCDxc6QE+WJ3WxTxQ65PBF6unhoLlMHmHLURCxLd60c=
Subject key identifier:   8B:19:7D:B7:6D:C1:F3:ED:1D:51:BF:D7:FE:EE:58:86:00:78:3F:3D
Certificate issuer:       /CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
Certificate serial:       018CC425371B1D308B0AC0896F18E2FAA455
Authority key identifier: 1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ixl9t23B8-0dUb_X_u5YhgB4Pz0.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.192.58.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:37:1b:1d:30:8b:0a:c0:89:6f:18:e2:fa:a4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b197db76dc1f3ed1d51bfd7feee588600783f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a2:03:a6:8d:30:90:ef:29:36:98:ca:2a:53:
                    85:d1:a6:32:4c:5e:4d:ca:23:62:a7:7a:ca:9d:4f:
                    8e:d0:15:a1:11:63:28:a5:f4:90:6d:8e:39:f6:d5:
                    f4:5e:1b:57:93:0a:6b:41:be:da:18:c5:d6:8f:8f:
                    a4:59:5b:52:e8:9e:67:27:59:4b:2d:08:de:d1:94:
                    0f:7c:3a:d8:1c:b1:56:fe:7c:70:9a:5c:d1:a3:9d:
                    13:32:62:e7:99:43:0a:3e:66:04:18:9f:51:75:1f:
                    11:be:cb:21:46:44:6e:51:84:13:8d:46:e7:6e:d0:
                    bb:77:c9:81:9b:bd:e0:c5:1e:d5:3b:61:aa:8b:ea:
                    56:3a:04:af:d4:c8:8c:29:40:45:2d:3f:bc:5c:67:
                    6c:34:9d:3a:c1:50:ad:b2:e7:7b:e7:77:46:75:f5:
                    c7:55:46:3d:8d:ea:fa:29:6f:1e:e3:27:95:21:25:
                    44:9e:65:9d:dc:04:ff:21:db:39:03:56:4d:0b:bb:
                    f7:98:2d:96:3d:d2:91:ae:0c:cb:af:a6:30:0d:c6:
                    48:6c:e4:9d:7d:1f:84:32:2b:34:f1:fa:14:c4:b5:
                    18:aa:4d:a1:f7:a9:37:c2:32:c3:7a:65:56:37:64:
                    6e:9b:ab:c6:b4:4a:1b:79:b3:09:ef:3a:cb:3b:3f:
                    da:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:19:7D:B7:6D:C1:F3:ED:1D:51:BF:D7:FE:EE:58:86:00:78:3F:3D
            X509v3 Authority Key Identifier:
                keyid:1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ixl9t23B8-0dUb_X_u5YhgB4Pz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e6:51:5f:5a:59:27:c0:a5:b7:f7:50:7f:25:4f:d4:8a:ae:6e:
         a8:2b:4a:25:d6:1a:43:71:32:99:ca:2e:d5:1c:69:b8:0d:a9:
         8f:18:26:6c:77:4a:de:7d:46:2c:ec:b6:f3:7d:3d:4a:bd:30:
         81:25:ed:02:cc:e4:b5:8a:a0:2d:3a:f0:ff:7d:89:49:99:08:
         70:2c:9d:41:fa:59:61:61:c1:85:40:42:dd:5d:72:48:2b:23:
         01:eb:bb:37:c1:0d:58:7a:28:11:14:a6:de:41:62:a0:68:5c:
         4c:9c:c5:c8:4d:4a:2b:71:74:e4:c9:4f:cc:22:27:4c:80:55:
         c7:2a:7b:ae:5c:40:43:a8:ba:44:a9:6d:9c:cc:5e:bb:87:71:
         6e:e0:84:5c:69:df:22:5a:d0:11:93:cf:18:7a:11:c0:fb:c8:
         b3:f8:3d:29:6a:5e:81:ff:4d:ae:94:0b:eb:5a:8d:91:2c:32:
         49:27:6c:96:09:dd:9d:f1:0b:ee:f7:2a:c3:81:ae:63:d6:77:
         c3:95:a1:a9:62:28:00:00:f0:2a:ac:68:b8:8a:8c:46:4f:9f:
         b0:59:41:f3:32:c8:09:ef:97:9a:fa:0c:32:4c:32:d4:1c:da:
         ef:d3:f8:6c:f7:c5:25:2d:bf:63:89:c4:cc:54:29:7b:1d:43:
         8a:55:38:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTcbHTCLCsCJbxji+qRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRkMTE1NTQyNDdiZDJiZDMwMWNlYTQzZmY1MTgwMzcy
YzM4ZTQwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjE5N2RiNzZkYzFmM2VkMWQ1MWJmZDdmZWVlNTg4NjAwNzgzZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqIDpo0wkO8pNpjKKlOF0aYyTF5N
yiNip3rKnU+O0BWhEWMopfSQbY459tX0XhtXkwprQb7aGMXWj4+kWVtS6J5nJ1lL
LQje0ZQPfDrYHLFW/nxwmlzRo50TMmLnmUMKPmYEGJ9RdR8RvsshRkRuUYQTjUbn
btC7d8mBm73gxR7VO2Gqi+pWOgSv1MiMKUBFLT+8XGdsNJ06wVCtsud753dGdfXH
VUY9jer6KW8e4yeVISVEnmWd3AT/Ids5A1ZNC7v3mC2WPdKRrgzLr6YwDcZIbOSd
fR+EMis08foUxLUYqk2h96k3wjLDemVWN2Rum6vGtEobebMJ7zrLOz/aLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsZfbdtwfPtHVG/1/7uWIYAeD89MB8GA1UdIwQY
MBaAFBpN0RVUJHvSvTAc6kP/UYA3LDjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUt
M2JhNWYzMGNhYWJmLzEvaXhsOXQyM0I4LTBkVWJfWF91NVloZ0I0UHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUtM2JhNWYzMGNhYWJm
LzEvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucA6MA0G
CSqGSIb3DQEBCwUAA4IBAQDmUV9aWSfApbf3UH8lT9SKrm6oK0ol1hpDcTKZyi7V
HGm4DamPGCZsd0refUYs7LbzfT1KvTCBJe0CzOS1iqAtOvD/fYlJmQhwLJ1B+llh
YcGFQELdXXJIKyMB67s3wQ1YeigRFKbeQWKgaFxMnMXITUorcXTkyU/MIidMgFXH
KnuuXEBDqLpEqW2czF67h3Fu4IRcad8iWtARk88YehHA+8iz+D0pal6B/02ulAvr
Wo2RLDJJJ2yWCd2d8Qvu9yrDga5j1nfDlaGpYigAAPAqrGi4ioxGT5+wWUHzMsgJ
75ea+gwyTDLUHNrv0/hs98UlLb9jicTMVCl7HUOKVTh+
-----END CERTIFICATE-----