Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/brcpdVvk9tMsxvlQ_FwaqUARVks.roa
File:                     brcpdVvk9tMsxvlQ_FwaqUARVks.roa (raw, json)
Hash identifier:          +oNtanQy+HUyVHQKTujiOiV5ja5c4NX2cxGdbElvwJw=
Subject key identifier:   6E:B7:29:75:5B:E4:F6:D3:2C:C6:F9:50:FC:5C:1A:A9:40:11:56:4B
Certificate issuer:       /CN=680121b199b291de7763d8c1caa7b3cdc3561810
Certificate serial:       018FC19ED3BAC03A25A370AB0A734A5BFCDD
Authority key identifier: 68:01:21:B1:99:B2:91:DE:77:63:D8:C1:CA:A7:B3:CD:C3:56:18:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aAEhsZmykd53Y9jByqezzcNWGBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/brcpdVvk9tMsxvlQ_FwaqUARVks.roa
Signing time:             Tue 28 May 2024 23:52:42 +0000
ROA not before:           Tue 28 May 2024 23:52:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        185.128.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/aAEhsZmykd53Y9jByqezzcNWGBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/aAEhsZmykd53Y9jByqezzcNWGBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aAEhsZmykd53Y9jByqezzcNWGBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c1:9e:d3:ba:c0:3a:25:a3:70:ab:0a:73:4a:5b:fc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=680121b199b291de7763d8c1caa7b3cdc3561810
        Validity
            Not Before: May 28 23:52:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eb729755be4f6d32cc6f950fc5c1aa94011564b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:57:5b:73:07:d8:c3:3c:5f:47:2c:bd:b3:
                    25:b1:87:02:53:d5:60:5d:69:26:9d:14:39:41:f1:
                    50:61:9a:16:27:d3:9e:52:cc:1e:17:05:d8:c3:64:
                    8d:44:7c:3f:93:b9:62:28:ad:6a:fa:0d:bf:72:38:
                    4f:85:7e:18:e0:de:09:96:39:1b:77:62:ca:0b:2e:
                    bc:4a:38:97:9f:f7:f2:e9:dd:de:f7:21:41:9d:f7:
                    ae:a2:4a:08:4b:e8:e1:ee:96:8f:9a:7a:34:a8:8a:
                    1c:7a:fc:06:ab:75:16:06:64:c5:8f:ae:23:0f:f9:
                    71:ea:2f:4f:f4:ef:3f:2d:e7:a8:d3:1a:9e:cb:18:
                    93:11:f0:d3:75:2a:72:c0:48:42:75:44:c9:00:22:
                    8e:c3:af:2d:92:1e:55:c0:22:b7:9b:3f:9c:08:c4:
                    61:d4:72:8f:2d:5e:59:be:6c:5a:49:4c:d4:75:af:
                    fa:e1:35:df:da:5a:12:20:8e:45:68:41:a7:a8:df:
                    4f:f6:31:70:09:e8:9e:c0:0c:dc:c3:c2:fe:4d:15:
                    9a:0d:cd:51:d7:52:36:26:cd:ba:ea:38:a1:b1:e6:
                    aa:14:ce:68:a5:34:54:20:30:8a:80:89:75:67:45:
                    b3:b4:29:33:ba:c5:a4:f3:d3:bc:9a:ea:5e:f9:36:
                    63:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B7:29:75:5B:E4:F6:D3:2C:C6:F9:50:FC:5C:1A:A9:40:11:56:4B
            X509v3 Authority Key Identifier:
                keyid:68:01:21:B1:99:B2:91:DE:77:63:D8:C1:CA:A7:B3:CD:C3:56:18:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aAEhsZmykd53Y9jByqezzcNWGBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/brcpdVvk9tMsxvlQ_FwaqUARVks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/2dcee7-b0c5-41c8-a36c-badd1cd2dcec/1/aAEhsZmykd53Y9jByqezzcNWGBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:9c:a5:6c:f7:e7:76:ad:4c:6c:9d:3c:5c:3e:cf:2b:29:fc:
         2b:f6:bf:02:08:8d:6e:c0:e4:da:d9:d8:58:fe:65:5c:0e:d3:
         b6:5e:72:43:0f:a5:04:4d:74:df:57:d0:9e:3d:5d:fd:7f:c2:
         b8:f1:c1:f8:03:f0:88:a0:55:c2:26:5c:36:e9:4f:4e:5f:b2:
         dd:b6:7b:a7:5b:5f:d8:a3:f4:df:13:07:9c:4e:6a:62:31:eb:
         28:32:44:09:14:3d:02:44:da:b9:f1:e9:a2:9c:95:b9:50:93:
         1b:b0:ef:1f:b0:ca:77:93:4c:7b:82:c5:6b:4e:a4:9f:45:c8:
         9a:3d:2d:d6:e0:16:a4:8c:6a:68:a8:78:7a:75:0d:5d:90:3c:
         b6:8c:a3:4a:cc:0c:93:ca:88:36:6b:78:0f:f0:31:f6:64:60:
         cb:65:8f:c1:ca:10:c6:fb:92:a8:da:83:fa:d0:ee:97:b8:36:
         60:66:b7:f6:1c:35:23:7a:6b:5a:7d:c1:40:8a:98:99:de:2e:
         cb:d5:9e:b2:b4:48:39:96:f4:28:8d:2f:51:92:28:1b:fa:2f:
         b8:75:d8:85:01:57:68:b1:0f:58:bd:74:f8:1f:80:83:c3:40:
         1a:17:a3:60:68:7d:0a:cc:87:90:00:47:82:84:52:7e:a0:65:
         2e:50:28:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/BntO6wDolo3CrCnNKW/zdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MDEyMWIxOTliMjkxZGU3NzYzZDhjMWNhYTdiM2NkYzM1
NjE4MTAwHhcNMjQwNTI4MjM1MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWI3Mjk3NTViZTRmNmQzMmNjNmY5NTBmYzVjMWFhOTQwMTE1NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1xXW3MH2MM8X0csvbMlsYcCU9Vg
XWkmnRQ5QfFQYZoWJ9OeUsweFwXYw2SNRHw/k7liKK1q+g2/cjhPhX4Y4N4Jljkb
d2LKCy68SjiXn/fy6d3e9yFBnfeuokoIS+jh7paPmno0qIocevwGq3UWBmTFj64j
D/lx6i9P9O8/Leeo0xqeyxiTEfDTdSpywEhCdUTJACKOw68tkh5VwCK3mz+cCMRh
1HKPLV5ZvmxaSUzUda/64TXf2loSII5FaEGnqN9P9jFwCeiewAzcw8L+TRWaDc1R
11I2Js266jihseaqFM5opTRUIDCKgIl1Z0WztCkzusWk89O8mupe+TZj0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG63KXVb5PbTLMb5UPxcGqlAEVZLMB8GA1UdIwQY
MBaAFGgBIbGZspHed2PYwcqns83DVhgQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUFFaHNabXlrZDUzWTlqQnlxZXp6Y05XR0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8yZGNlZTctYjBjNS00MWM4LWEzNmMt
YmFkZDFjZDJkY2VjLzEvYnJjcGRWdms5dE1zeHZsUV9Gd2FxVUFSVmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8yZGNlZTctYjBjNS00MWM4LWEzNmMtYmFkZDFjZDJkY2Vj
LzEvYUFFaHNabXlrZDUzWTlqQnlxZXp6Y05XR0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDiMA0G
CSqGSIb3DQEBCwUAA4IBAQCFnKVs9+d2rUxsnTxcPs8rKfwr9r8CCI1uwOTa2dhY
/mVcDtO2XnJDD6UETXTfV9CePV39f8K48cH4A/CIoFXCJlw26U9OX7LdtnunW1/Y
o/TfEwecTmpiMesoMkQJFD0CRNq58eminJW5UJMbsO8fsMp3k0x7gsVrTqSfRcia
PS3W4BakjGpoqHh6dQ1dkDy2jKNKzAyTyog2a3gP8DH2ZGDLZY/ByhDG+5Ko2oP6
0O6XuDZgZrf2HDUjemtafcFAipiZ3i7L1Z6ytEg5lvQojS9Rkigb+i+4ddiFAVdo
sQ9YvXT4H4CDw0AaF6NgaH0KzIeQAEeChFJ+oGUuUChk
-----END CERTIFICATE-----