Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/DaQa9vXgPUCcf-UShgKzEytlwo8.roa
File:                     DaQa9vXgPUCcf-UShgKzEytlwo8.roa (raw, json)
Hash identifier:          SjpgCU1d8WEZsmFQ3kOh5ASWP+5viK3yZIESqS6e0Mc=
Subject key identifier:   0D:A4:1A:F6:F5:E0:3D:40:9C:7F:E5:12:86:02:B3:13:2B:65:C2:8F
Certificate issuer:       /CN=10af800ce95bfbb1f473b0b5f9f7b93175930e89
Certificate serial:       018CC726F8FF7686919904A819F3280841E3
Authority key identifier: 10:AF:80:0C:E9:5B:FB:B1:F4:73:B0:B5:F9:F7:B9:31:75:93:0E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/DaQa9vXgPUCcf-UShgKzEytlwo8.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201265
IP address blocks:        185.32.160.0/22 maxlen: 24
                          2a00:a5a1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f8:ff:76:86:91:99:04:a8:19:f3:28:08:41:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10af800ce95bfbb1f473b0b5f9f7b93175930e89
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0da41af6f5e03d409c7fe5128602b3132b65c28f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:86:b3:61:e0:b9:1b:a6:98:9a:48:b5:24:ff:
                    38:1c:62:da:ce:9a:d5:95:de:f5:a8:36:94:dc:8e:
                    08:96:72:e3:97:df:5c:e0:7c:2f:dc:91:59:4d:85:
                    11:df:c2:a1:35:eb:99:9b:5c:d8:f1:b5:31:ce:20:
                    47:0f:7e:46:7f:32:c2:49:0c:ec:ec:01:4e:e7:99:
                    8b:0c:ac:64:14:ba:4a:41:3b:24:e2:6f:12:76:03:
                    62:1e:dd:5b:5f:4e:1e:a6:9f:6d:ed:3d:c4:a3:0f:
                    5a:11:eb:0e:42:66:fb:60:3d:1f:ad:9c:68:cc:f4:
                    49:87:f4:0b:98:fd:8b:d0:d3:fe:ce:e7:60:1d:06:
                    7a:a0:a6:e9:7a:08:8c:c1:46:0c:71:63:f2:54:68:
                    00:51:42:41:ed:8a:e7:6a:e9:37:97:16:ec:93:53:
                    1d:1f:75:3c:3c:07:4f:02:2d:a1:7c:a1:24:62:74:
                    72:61:04:ec:82:0e:aa:f1:b2:2b:f9:d1:b3:bb:94:
                    cf:00:5f:f1:1a:0e:41:59:7b:c1:79:56:4a:b9:5b:
                    e7:13:c9:50:64:f6:1b:f0:cb:18:f8:4c:9d:50:83:
                    cc:bc:e6:af:83:3f:11:3c:90:f4:7c:e3:61:e9:cd:
                    90:e5:68:90:7d:55:d0:05:ac:29:53:27:64:a3:50:
                    0c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A4:1A:F6:F5:E0:3D:40:9C:7F:E5:12:86:02:B3:13:2B:65:C2:8F
            X509v3 Authority Key Identifier:
                keyid:10:AF:80:0C:E9:5B:FB:B1:F4:73:B0:B5:F9:F7:B9:31:75:93:0E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EK-ADOlb-7H0c7C1-fe5MXWTDok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/DaQa9vXgPUCcf-UShgKzEytlwo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9a78e6-3bf7-42b6-8cbf-119942f3d7a7/1/EK-ADOlb-7H0c7C1-fe5MXWTDok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.160.0/22
                IPv6:
                  2a00:a5a1::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:0e:5e:a0:8a:39:84:86:da:f7:d4:f7:56:e1:02:c1:18:ba:
         a6:b4:36:01:6c:64:01:e0:fa:94:a2:b8:40:e4:c0:2a:40:f9:
         7d:34:9b:4f:35:6f:a6:59:c7:8e:a3:c3:38:27:d4:ab:2f:8d:
         9f:69:10:c5:ce:d7:14:54:8a:6a:4c:d0:c6:98:c4:92:5b:0d:
         47:cd:66:9d:41:08:3e:b3:76:c6:cc:cc:7a:f7:99:3c:d1:15:
         9f:de:c3:44:f6:26:d4:c8:9c:a5:a6:dd:5c:b0:71:92:71:18:
         77:4d:15:7c:b4:04:47:2a:c6:53:e0:1f:77:81:67:49:f7:6c:
         f2:c1:73:1c:09:65:1b:b5:83:8f:d4:57:44:8b:ea:e1:a9:47:
         ad:be:7f:1c:9f:5a:49:41:8c:97:e2:9e:6b:a4:e0:58:af:4c:
         90:1c:cf:83:ed:b3:28:b8:c2:e7:79:b1:f6:2b:d0:21:22:5c:
         6a:01:b1:c4:41:63:18:61:07:94:bd:07:41:fb:4d:4f:2d:61:
         2d:ab:e6:8d:94:1b:7e:78:e5:40:7c:3e:67:08:81:f9:a8:f3:
         fb:ad:0e:9b:43:4e:59:4b:3f:8c:57:5b:83:5d:b6:cc:89:30:
         95:f1:e1:d1:f0:be:3b:ea:96:43:4f:78:71:1c:b9:fb:54:7c:
         08:3f:7f:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvj/doaRmQSoGfMoCEHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYWY4MDBjZTk1YmZiYjFmNDczYjBiNWY5ZjdiOTMxNzU5
MzBlODkwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGE0MWFmNmY1ZTAzZDQwOWM3ZmU1MTI4NjAyYjMxMzJiNjVjMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oazYeC5G6aYmki1JP84HGLazprV
ld71qDaU3I4IlnLjl99c4Hwv3JFZTYUR38KhNeuZm1zY8bUxziBHD35GfzLCSQzs
7AFO55mLDKxkFLpKQTsk4m8SdgNiHt1bX04epp9t7T3Eow9aEesOQmb7YD0frZxo
zPRJh/QLmP2L0NP+zudgHQZ6oKbpegiMwUYMcWPyVGgAUUJB7Yrnauk3lxbsk1Md
H3U8PAdPAi2hfKEkYnRyYQTsgg6q8bIr+dGzu5TPAF/xGg5BWXvBeVZKuVvnE8lQ
ZPYb8MsY+EydUIPMvOavgz8RPJD0fONh6c2Q5WiQfVXQBawpUydko1AMaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA2kGvb14D1AnH/lEoYCsxMrZcKPMB8GA1UdIwQY
MBaAFBCvgAzpW/ux9HOwtfn3uTF1kw6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUstQURPbGItN0gwYzdDMS1mZTVNWFdURG9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85YTc4ZTYtM2JmNy00MmI2LThjYmYt
MTE5OTQyZjNkN2E3LzEvRGFRYTl2WGdQVUNjZi1VU2hnS3pFeXRsd284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85YTc4ZTYtM2JmNy00MmI2LThjYmYtMTE5OTQyZjNkN2E3
LzEvRUstQURPbGItN0gwYzdDMS1mZTVNWFdURG9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSCgMA0E
AgACMAcDBQAqAKWhMA0GCSqGSIb3DQEBCwUAA4IBAQAPDl6gijmEhtr31PdW4QLB
GLqmtDYBbGQB4PqUorhA5MAqQPl9NJtPNW+mWceOo8M4J9SrL42faRDFztcUVIpq
TNDGmMSSWw1HzWadQQg+s3bGzMx695k80RWf3sNE9ibUyJylpt1csHGScRh3TRV8
tARHKsZT4B93gWdJ92zywXMcCWUbtYOP1FdEi+rhqUetvn8cn1pJQYyX4p5rpOBY
r0yQHM+D7bMouMLnebH2K9AhIlxqAbHEQWMYYQeUvQdB+01PLWEtq+aNlBt+eOVA
fD5nCIH5qPP7rQ6bQ05ZSz+MV1uDXbbMiTCV8eHR8L476pZDT3hxHLn7VHwIP39Y
-----END CERTIFICATE-----