Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/1b7d5iTbFOG_rkIVoZ_hO2tjZfk.roa
File:                     1b7d5iTbFOG_rkIVoZ_hO2tjZfk.roa (raw, json)
Hash identifier:          f8Op1/YnkidPYR5MN+axcDyjVd6pr4i8HWFlB0Imemk=
Subject key identifier:   D5:BE:DD:E6:24:DB:14:E1:BF:AE:42:15:A1:9F:E1:3B:6B:63:65:F9
Certificate issuer:       /CN=1c72566ad628935c6ec75d0eddd317c7b0a76693
Certificate serial:       019107A0CDE6192D2813D83D25270F0F8DA0
Authority key identifier: 1C:72:56:6A:D6:28:93:5C:6E:C7:5D:0E:DD:D3:17:C7:B0:A7:66:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/1b7d5iTbFOG_rkIVoZ_hO2tjZfk.roa
Signing time:             Wed 31 Jul 2024 07:11:04 +0000
ROA not before:           Wed 31 Jul 2024 07:11:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197336
IP address blocks:        185.153.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:a0:cd:e6:19:2d:28:13:d8:3d:25:27:0f:0f:8d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c72566ad628935c6ec75d0eddd317c7b0a76693
        Validity
            Not Before: Jul 31 07:11:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5bedde624db14e1bfae4215a19fe13b6b6365f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e4:30:f4:f3:96:94:f3:9b:7b:42:e2:7a:3f:
                    95:65:68:3c:d6:b8:6f:5a:08:7d:cc:e5:a0:fe:11:
                    ed:ac:52:d2:c8:c5:a2:6a:4b:f4:1c:77:7c:59:4b:
                    0e:c3:5f:d8:4a:e0:45:d0:6c:0c:27:f6:e9:b4:21:
                    98:bc:7a:07:a0:07:e2:6d:18:5c:f8:3e:78:da:54:
                    54:6d:33:76:d5:e1:47:f6:61:e7:97:bb:7b:c2:e4:
                    cd:a6:25:e9:8f:ca:3c:f0:02:4c:f1:1c:b7:fe:7f:
                    e5:80:fe:f9:98:db:02:9d:0f:7f:d4:aa:a5:f9:94:
                    2d:93:2d:e5:19:62:f8:ea:8f:42:da:3e:2f:74:b4:
                    dc:d2:73:cb:b0:8f:81:61:3e:8c:e8:17:8f:cd:b5:
                    ad:df:3b:23:c7:5f:b6:78:fe:49:ed:1f:ea:04:84:
                    8d:26:de:7f:f8:b2:a5:9d:ad:d6:e0:3e:59:89:7d:
                    3d:0d:4f:00:e4:c2:bc:20:7a:48:74:31:66:e9:2f:
                    a6:aa:ed:0f:93:6f:49:45:f5:7c:a7:6f:fb:d6:5e:
                    89:8a:92:55:a0:79:7b:43:08:30:8a:f7:9d:98:40:
                    11:eb:ed:f0:d8:ca:b3:a8:cd:98:0a:12:12:7b:1c:
                    ac:bb:73:da:53:e7:8a:44:f8:a2:39:9a:f5:56:6f:
                    5d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BE:DD:E6:24:DB:14:E1:BF:AE:42:15:A1:9F:E1:3B:6B:63:65:F9
            X509v3 Authority Key Identifier:
                keyid:1C:72:56:6A:D6:28:93:5C:6E:C7:5D:0E:DD:D3:17:C7:B0:A7:66:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHJWatYok1xux10O3dMXx7CnZpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/1b7d5iTbFOG_rkIVoZ_hO2tjZfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/8ed7c9-0b45-4d21-a203-fc7521a25bba/1/HHJWatYok1xux10O3dMXx7CnZpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:c7:8f:e0:27:1b:b6:ff:ef:9b:06:5a:71:0b:b4:26:15:f8:
         d7:dc:ec:a7:ea:e3:a0:1c:08:21:c7:d9:1c:9a:2e:82:7d:f5:
         27:9f:58:84:85:e3:23:2e:60:e6:79:2b:c5:10:fc:ae:12:39:
         9f:d3:bd:68:34:c2:fb:1b:87:03:96:70:3a:33:66:a3:9d:8f:
         e5:78:d8:37:e7:09:90:4c:91:8b:51:41:bf:3f:78:ef:5f:18:
         0c:6d:9c:89:31:32:6b:4e:c5:68:80:03:be:03:cf:85:e8:6f:
         56:2a:a5:8b:f3:96:dc:bf:32:f2:6b:38:65:05:5e:b8:5c:82:
         5c:40:17:bb:54:68:ee:e3:11:b1:c8:3d:a8:43:61:8d:ba:82:
         d0:55:9c:71:7d:cd:d7:97:29:7a:d1:55:1b:15:f8:30:c3:17:
         0c:ab:de:62:22:72:ef:cc:75:18:31:8c:a3:b1:22:b3:02:d7:
         d7:d7:b9:a0:d0:eb:bb:7c:de:55:64:fa:9a:e4:f7:35:34:ad:
         97:74:5c:e7:64:71:07:8e:b9:1e:9c:79:61:f6:06:95:a7:dc:
         9e:a5:8f:e8:ab:6a:29:bd:84:76:1e:67:7c:65:7a:72:9e:de:
         5f:ef:a8:05:7c:4f:11:24:f4:67:e5:d2:cc:47:26:b4:b4:e6:
         e5:d5:1e:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEHoM3mGS0oE9g9JScPD42gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzI1NjZhZDYyODkzNWM2ZWM3NWQwZWRkZDMxN2M3YjBh
NzY2OTMwHhcNMjQwNzMxMDcxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWJlZGRlNjI0ZGIxNGUxYmZhZTQyMTVhMTlmZTEzYjZiNjM2NWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOQw9POWlPObe0Liej+VZWg81rhv
Wgh9zOWg/hHtrFLSyMWiakv0HHd8WUsOw1/YSuBF0GwMJ/bptCGYvHoHoAfibRhc
+D542lRUbTN21eFH9mHnl7t7wuTNpiXpj8o88AJM8Ry3/n/lgP75mNsCnQ9/1Kql
+ZQtky3lGWL46o9C2j4vdLTc0nPLsI+BYT6M6BePzbWt3zsjx1+2eP5J7R/qBISN
Jt5/+LKlna3W4D5ZiX09DU8A5MK8IHpIdDFm6S+mqu0Pk29JRfV8p2/71l6JipJV
oHl7QwgwivedmEAR6+3w2MqzqM2YChISexysu3PaU+eKRPiiOZr1Vm9dEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW+3eYk2xThv65CFaGf4TtrY2X5MB8GA1UdIwQY
MBaAFBxyVmrWKJNcbsddDt3TF8ewp2aTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhKV2F0WW9rMXh1eDEwTzNkTVh4N0NuWnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84ZWQ3YzktMGI0NS00ZDIxLWEyMDMt
ZmM3NTIxYTI1YmJhLzEvMWI3ZDVpVGJGT0dfcmtJVm9aX2hPMnRqWmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84ZWQ3YzktMGI0NS00ZDIxLWEyMDMtZmM3NTIxYTI1YmJh
LzEvSEhKV2F0WW9rMXh1eDEwTzNkTVh4N0NuWnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZkgMA0G
CSqGSIb3DQEBCwUAA4IBAQDHx4/gJxu2/++bBlpxC7QmFfjX3Oyn6uOgHAghx9kc
mi6CffUnn1iEheMjLmDmeSvFEPyuEjmf071oNML7G4cDlnA6M2ajnY/leNg35wmQ
TJGLUUG/P3jvXxgMbZyJMTJrTsVogAO+A8+F6G9WKqWL85bcvzLyazhlBV64XIJc
QBe7VGju4xGxyD2oQ2GNuoLQVZxxfc3Xlyl60VUbFfgwwxcMq95iInLvzHUYMYyj
sSKzAtfX17mg0Ou7fN5VZPqa5Pc1NK2XdFznZHEHjrkenHlh9gaVp9yepY/oq2op
vYR2Hmd8ZXpynt5f76gFfE8RJPRn5dLMRya0tObl1R7Y
-----END CERTIFICATE-----