Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/Ej52IaK6gAAaqKWnNVYoE_pSsLk.roa
File:                     Ej52IaK6gAAaqKWnNVYoE_pSsLk.roa (raw, json)
Hash identifier:          FGSH+3nm4Br2B9dibK0Tm/tkpzYfQrjqpAgxjKirT1U=
Subject key identifier:   12:3E:76:21:A2:BA:80:00:1A:A8:A5:A7:35:56:28:13:FA:52:B0:B9
Certificate issuer:       /CN=c115b327e84761685022f47328d6f4cbd6d3041e
Certificate serial:       018CC26CFF644013F4EB7BFCF042EB34C521
Authority key identifier: C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/Ej52IaK6gAAaqKWnNVYoE_pSsLk.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.152.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ff:64:40:13:f4:eb:7b:fc:f0:42:eb:34:c5:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c115b327e84761685022f47328d6f4cbd6d3041e
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=123e7621a2ba80001aa8a5a735562813fa52b0b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e5:13:9a:92:32:be:42:e9:9b:5f:4d:a5:9c:
                    b7:fe:e9:30:8c:c2:45:b8:cd:c4:dc:11:6c:9b:c1:
                    b0:75:23:8c:c6:3e:d5:1d:44:f9:b4:7d:44:c0:96:
                    23:1a:00:19:2f:12:06:4b:08:2b:03:15:dd:fa:87:
                    b6:51:2a:f4:8b:30:5b:45:67:20:11:86:b3:d1:0a:
                    7d:03:ae:4e:6e:e6:8d:64:06:35:27:6b:d3:35:b6:
                    da:c4:15:70:b8:f3:e5:db:76:e2:89:f6:e1:98:ec:
                    ed:6b:93:40:02:86:76:f5:4e:9f:6b:b6:b7:4b:35:
                    33:da:0f:12:be:86:26:be:a9:e8:f8:47:d6:f0:b8:
                    be:1f:b8:f9:a1:5a:61:28:19:5e:ea:b5:bd:fd:8c:
                    fe:8f:c9:0f:c2:04:41:bc:17:79:e6:e8:e1:38:ce:
                    0b:46:11:a4:dd:04:c6:d0:99:6b:1b:91:bc:22:22:
                    50:2e:0c:b5:5c:7c:ca:c9:7f:ab:a1:1a:3c:83:0f:
                    38:3d:95:2f:21:99:57:ed:5d:eb:14:44:4b:d3:08:
                    4e:ff:00:75:b7:67:c9:cc:74:4f:50:34:0f:67:8b:
                    e9:8c:45:d3:89:f8:f6:52:6b:49:b2:d7:d8:83:d7:
                    b9:2c:ed:00:2e:9d:99:21:31:5c:c3:f8:43:f6:c0:
                    98:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:3E:76:21:A2:BA:80:00:1A:A8:A5:A7:35:56:28:13:FA:52:B0:B9
            X509v3 Authority Key Identifier:
                keyid:C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/Ej52IaK6gAAaqKWnNVYoE_pSsLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:ba:7b:6b:da:d0:98:fd:9b:f8:10:24:ae:8d:78:fb:42:95:
         21:6e:90:54:8b:73:05:88:46:c4:c4:1d:ba:47:df:55:86:45:
         3a:11:0d:75:a9:e7:9d:fb:a9:a7:c0:d8:4b:8e:bb:de:ee:5c:
         63:ea:89:ea:52:45:c4:fa:57:a0:4a:c1:e9:43:46:9e:7e:4c:
         26:a1:f8:7d:16:2d:94:06:64:5f:61:46:ea:7d:97:a3:73:38:
         00:ca:a3:f3:35:53:88:7b:ae:f1:de:94:31:34:da:da:85:84:
         9f:43:a5:4b:7a:92:46:63:9c:8b:a1:8a:e5:2f:93:99:c3:d2:
         06:9e:e2:bf:6a:2d:bb:f6:75:f0:9f:0f:19:75:8c:1d:e3:a4:
         b5:e1:2f:e9:d3:09:7f:ab:d5:14:cb:36:5a:16:f0:60:48:7f:
         ff:2b:22:51:5d:1e:c7:4b:ec:5d:b0:57:e4:9e:0b:c4:dd:b0:
         0f:fa:2b:18:cd:27:08:f7:c1:1c:11:cd:86:0e:12:02:5e:b3:
         7a:67:b0:1b:21:00:6b:f0:ee:80:0b:a6:6d:e5:6a:21:53:b0:
         d0:c7:81:ad:cf:4f:61:13:e8:93:e1:6b:e4:a9:8c:77:65:e8:
         a4:a8:a5:db:90:08:74:27:c0:cd:5c:c3:6c:27:ac:24:29:04:
         0d:c9:1c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbP9kQBP063v88ELrNMUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTViMzI3ZTg0NzYxNjg1MDIyZjQ3MzI4ZDZmNGNiZDZk
MzA0MWUwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjNlNzYyMWEyYmE4MDAwMWFhOGE1YTczNTU2MjgxM2ZhNTJiMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+UTmpIyvkLpm19NpZy3/ukwjMJF
uM3E3BFsm8GwdSOMxj7VHUT5tH1EwJYjGgAZLxIGSwgrAxXd+oe2USr0izBbRWcg
EYaz0Qp9A65ObuaNZAY1J2vTNbbaxBVwuPPl23biifbhmOzta5NAAoZ29U6fa7a3
SzUz2g8SvoYmvqno+EfW8Li+H7j5oVphKBle6rW9/Yz+j8kPwgRBvBd55ujhOM4L
RhGk3QTG0JlrG5G8IiJQLgy1XHzKyX+roRo8gw84PZUvIZlX7V3rFERL0whO/wB1
t2fJzHRPUDQPZ4vpjEXTifj2UmtJstfYg9e5LO0ALp2ZITFcw/hD9sCYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBI+diGiuoAAGqilpzVWKBP6UrC5MB8GA1UdIwQY
MBaAFMEVsyfoR2FoUCL0cyjW9MvW0wQeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMt
MjI0ZmQ3OGVmODI3LzEvRWo1MklhSzZnQUFhcUtXbk5WWW9FX3BTc0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMtMjI0ZmQ3OGVmODI3
LzEvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZisMA0G
CSqGSIb3DQEBCwUAA4IBAQB9untr2tCY/Zv4ECSujXj7QpUhbpBUi3MFiEbExB26
R99VhkU6EQ11qeed+6mnwNhLjrve7lxj6onqUkXE+legSsHpQ0aefkwmofh9Fi2U
BmRfYUbqfZejczgAyqPzNVOIe67x3pQxNNrahYSfQ6VLepJGY5yLoYrlL5OZw9IG
nuK/ai279nXwnw8ZdYwd46S14S/p0wl/q9UUyzZaFvBgSH//KyJRXR7HS+xdsFfk
ngvE3bAP+isYzScI98EcEc2GDhICXrN6Z7AbIQBr8O6AC6Zt5WohU7DQx4Gtz09h
E+iT4WvkqYx3ZeikqKXbkAh0J8DNXMNsJ6wkKQQNyRy3
-----END CERTIFICATE-----