Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/aA8U2cTpW7cOIbOkrvNKe_ulyjM.roa
File:                     aA8U2cTpW7cOIbOkrvNKe_ulyjM.roa (raw, json)
Hash identifier:          ysZ4cTSC1I7Z52C/XwFKnViVjeMXHOmrG6u2JxYh09k=
Subject key identifier:   68:0F:14:D9:C4:E9:5B:B7:0E:21:B3:A4:AE:F3:4A:7B:FB:A5:CA:33
Certificate issuer:       /CN=ec6d47b47e05b13d058b1cb42529a7c1866dcdf2
Certificate serial:       018CC4247FF8C90A827FA49ACAA4327AF726
Authority key identifier: EC:6D:47:B4:7E:05:B1:3D:05:8B:1C:B4:25:29:A7:C1:86:6D:CD:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7G1HtH4FsT0Fixy0JSmnwYZtzfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/aA8U2cTpW7cOIbOkrvNKe_ulyjM.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50624
IP address blocks:        185.23.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/7G1HtH4FsT0Fixy0JSmnwYZtzfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/7G1HtH4FsT0Fixy0JSmnwYZtzfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7G1HtH4FsT0Fixy0JSmnwYZtzfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7f:f8:c9:0a:82:7f:a4:9a:ca:a4:32:7a:f7:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6d47b47e05b13d058b1cb42529a7c1866dcdf2
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=680f14d9c4e95bb70e21b3a4aef34a7bfba5ca33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f0:9f:93:fb:74:cc:0f:3c:78:99:da:00:b3:
                    57:c6:6f:10:35:db:84:89:51:a4:d8:03:3c:b1:7a:
                    4a:3c:59:17:02:16:80:d8:19:fc:ae:e7:3a:80:cd:
                    a5:8f:14:b8:69:f2:53:8f:db:a0:04:14:82:e7:dd:
                    8d:2b:c3:79:0d:a9:38:da:b6:83:1a:15:4c:e8:d1:
                    45:6c:4c:26:f3:d6:6f:a6:23:b0:d0:df:27:ab:b8:
                    03:16:c0:bd:55:a3:4d:ec:b2:12:73:7e:1e:23:be:
                    f6:58:e8:ea:b5:f8:4b:67:d4:c3:6f:3d:0c:55:d8:
                    fb:a5:d6:fa:a8:6c:dd:0f:96:b4:97:6d:58:d5:c6:
                    03:4e:46:50:f4:57:c3:76:1d:5c:dc:6a:6e:3a:54:
                    5a:e1:87:18:20:4b:bb:20:1c:2d:00:4f:ae:05:1f:
                    21:d4:a4:36:df:f9:5d:01:e5:16:db:38:bd:27:ba:
                    6a:0b:b6:7f:bd:db:a2:08:ad:4a:ee:34:29:b3:7d:
                    f0:29:9e:59:24:c9:e6:7f:42:5d:28:48:5c:eb:52:
                    15:95:63:c3:f6:c3:14:14:23:de:e9:81:25:eb:f0:
                    50:3c:ce:ad:61:ec:99:25:5c:0b:e8:9e:9c:67:02:
                    56:c0:e2:a7:48:99:87:f9:42:96:b5:b4:6b:28:59:
                    00:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0F:14:D9:C4:E9:5B:B7:0E:21:B3:A4:AE:F3:4A:7B:FB:A5:CA:33
            X509v3 Authority Key Identifier:
                keyid:EC:6D:47:B4:7E:05:B1:3D:05:8B:1C:B4:25:29:A7:C1:86:6D:CD:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7G1HtH4FsT0Fixy0JSmnwYZtzfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/aA8U2cTpW7cOIbOkrvNKe_ulyjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2a591c-3c4a-4288-be91-c39adb98f429/1/7G1HtH4FsT0Fixy0JSmnwYZtzfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:46:bb:fd:b4:b9:f1:33:fb:dd:4d:52:5c:5e:dd:54:90:56:
         a8:49:27:6d:ee:f8:b2:b7:7b:91:66:37:c3:e6:dd:60:f8:09:
         7b:42:24:e0:6d:9e:f6:4d:0a:ff:0a:5a:a9:93:f3:04:6b:a3:
         64:89:c2:fd:1b:b9:15:d0:2b:bc:e7:d9:cc:90:50:f2:6f:35:
         f8:62:64:17:e3:dd:5a:b6:d9:80:f6:07:0f:a7:a8:5b:b0:b2:
         6a:86:9b:e3:6e:ea:da:dc:76:ed:ee:5c:09:81:3c:ff:e9:4b:
         16:a0:d3:14:64:5e:a6:d6:87:8c:4d:75:17:2d:7b:6c:42:63:
         57:54:da:dd:96:c0:19:bc:a8:ec:07:62:f6:d9:f8:60:40:e9:
         54:cd:7d:bd:dc:79:25:e1:7c:32:cd:a1:97:32:20:76:bc:02:
         3b:fa:e7:64:29:77:46:f9:63:71:14:1c:4f:fd:cf:25:6d:01:
         30:a9:77:f9:8a:41:1f:53:fd:e3:a4:f0:ae:d9:e9:a1:1c:13:
         90:87:fe:cf:89:2f:09:ff:94:c0:da:27:a7:3a:f6:fb:e8:81:
         95:61:57:0d:f0:88:13:88:da:83:4c:8b:6e:3b:2c:c0:3a:27:
         b1:e4:05:fa:c3:c9:e7:71:7d:11:4d:69:85:c0:05:e2:13:c6:
         e9:be:10:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJH/4yQqCf6SayqQyevcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmQ0N2I0N2UwNWIxM2QwNThiMWNiNDI1MjlhN2MxODY2
ZGNkZjIwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODBmMTRkOWM0ZTk1YmI3MGUyMWIzYTRhZWYzNGE3YmZiYTVjYTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvCfk/t0zA88eJnaALNXxm8QNduE
iVGk2AM8sXpKPFkXAhaA2Bn8ruc6gM2ljxS4afJTj9ugBBSC592NK8N5Dak42raD
GhVM6NFFbEwm89ZvpiOw0N8nq7gDFsC9VaNN7LISc34eI772WOjqtfhLZ9TDbz0M
Vdj7pdb6qGzdD5a0l21Y1cYDTkZQ9FfDdh1c3GpuOlRa4YcYIEu7IBwtAE+uBR8h
1KQ23/ldAeUW2zi9J7pqC7Z/vduiCK1K7jQps33wKZ5ZJMnmf0JdKEhc61IVlWPD
9sMUFCPe6YEl6/BQPM6tYeyZJVwL6J6cZwJWwOKnSJmH+UKWtbRrKFkAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgPFNnE6Vu3DiGzpK7zSnv7pcozMB8GA1UdIwQY
MBaAFOxtR7R+BbE9BYsctCUpp8GGbc3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0cxSHRINEZzVDBGaXh5MEpTbW53WVp0emZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8yYTU5MWMtM2M0YS00Mjg4LWJlOTEt
YzM5YWRiOThmNDI5LzEvYUE4VTJjVHBXN2NPSWJPa3J2TktlX3VseWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8yYTU5MWMtM2M0YS00Mjg4LWJlOTEtYzM5YWRiOThmNDI5
LzEvN0cxSHRINEZzVDBGaXh5MEpTbW53WVp0emZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRe8MA0G
CSqGSIb3DQEBCwUAA4IBAQAzRrv9tLnxM/vdTVJcXt1UkFaoSSdt7viyt3uRZjfD
5t1g+Al7QiTgbZ72TQr/Clqpk/MEa6NkicL9G7kV0Cu859nMkFDybzX4YmQX491a
ttmA9gcPp6hbsLJqhpvjbura3Hbt7lwJgTz/6UsWoNMUZF6m1oeMTXUXLXtsQmNX
VNrdlsAZvKjsB2L22fhgQOlUzX293Hkl4XwyzaGXMiB2vAI7+udkKXdG+WNxFBxP
/c8lbQEwqXf5ikEfU/3jpPCu2emhHBOQh/7PiS8J/5TA2ienOvb76IGVYVcN8IgT
iNqDTItuOyzAOiex5AX6w8nncX0RTWmFwAXiE8bpvhA/
-----END CERTIFICATE-----