Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/mapaEsq065XxdnkP9H-R3EIiE9I.roa
File:                     mapaEsq065XxdnkP9H-R3EIiE9I.roa (raw, json)
Hash identifier:          VyGZdaQVAqEZi3SG1nrLtAZl1NuHGvdfcadqJcOD7Jk=
Subject key identifier:   99:AA:5A:12:CA:B4:EB:95:F1:76:79:0F:F4:7F:91:DC:42:22:13:D2
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       018FC97F814AA29039DCAB5454CFD81EF991
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/mapaEsq065XxdnkP9H-R3EIiE9I.roa
Signing time:             Thu 30 May 2024 12:35:27 +0000
ROA not before:           Thu 30 May 2024 12:35:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214972
IP address blocks:        185.150.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:7f:81:4a:a2:90:39:dc:ab:54:54:cf:d8:1e:f9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: May 30 12:35:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99aa5a12cab4eb95f176790ff47f91dc422213d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e1:74:f7:30:cd:01:7f:be:26:4f:f7:f3:29:
                    ee:1a:fe:e4:67:da:07:6c:d0:af:0d:31:4c:81:3e:
                    a6:53:8c:c2:f0:b7:f1:0c:bb:ab:87:fc:3c:e7:5c:
                    a4:57:39:38:90:e4:ed:67:b4:aa:06:5a:a2:f4:61:
                    76:8d:fc:0c:b4:c4:7a:bb:3e:c9:9f:44:20:fd:cb:
                    20:bf:6a:d3:4e:b0:a5:6f:54:c3:05:dc:6f:f5:6c:
                    17:58:d3:9a:e5:62:64:09:c1:85:c6:04:89:4a:38:
                    13:01:24:21:64:f6:34:5c:d0:0c:17:79:68:9a:8c:
                    3b:96:14:aa:af:0b:5d:8f:b6:55:4d:6d:c9:d1:eb:
                    28:e8:ab:c2:b1:a1:d3:72:48:f5:9b:d5:1a:61:13:
                    35:de:63:71:b0:42:69:46:4f:c7:17:a1:f7:3d:0e:
                    25:48:bb:18:e4:94:b4:2b:73:57:67:49:de:6a:10:
                    47:07:db:f0:6e:c7:fa:15:8d:ae:a5:08:47:4e:5a:
                    eb:c1:49:be:14:0a:e7:73:50:a3:43:4f:9d:7e:7f:
                    d3:84:5b:4f:51:de:2c:6b:d6:d0:d1:b0:5a:a4:08:
                    31:39:cd:e1:15:61:0d:e9:91:0e:ef:9c:24:ad:7e:
                    6a:91:d1:45:35:64:eb:10:46:b0:c2:bf:65:88:3f:
                    50:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:AA:5A:12:CA:B4:EB:95:F1:76:79:0F:F4:7F:91:DC:42:22:13:D2
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/mapaEsq065XxdnkP9H-R3EIiE9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c2:33:39:35:ac:05:d2:75:89:ed:3f:78:26:91:0d:9d:33:
         d5:2f:a9:7e:c9:9c:28:74:77:ec:55:f3:99:cb:c9:6d:32:ee:
         4b:7b:43:5f:7e:fe:50:fe:6b:66:e3:e3:6c:85:4c:05:a3:25:
         64:ef:b3:87:5b:7e:a0:91:54:e4:fc:15:13:93:ae:27:73:b2:
         84:63:02:2e:25:d6:48:71:b6:2a:44:c2:9f:b7:be:ad:61:ab:
         a3:b3:96:fc:22:87:64:f5:be:45:f3:96:7a:39:9e:ff:3c:41:
         3f:f3:53:17:7a:27:c0:19:af:00:c3:43:9f:0e:51:ee:c0:5f:
         b6:0f:0d:78:34:03:9c:45:04:91:ea:a9:38:2b:18:7a:a8:e6:
         1f:0b:5b:bd:4d:5a:21:28:d5:cc:9f:ed:9b:12:7b:f9:e2:ae:
         d0:9a:1a:29:50:60:e5:76:71:f1:6d:0d:b2:a0:06:5d:e2:af:
         d6:2b:3e:08:fb:71:9a:66:cf:08:05:6c:b2:31:44:99:f8:c7:
         4f:61:37:98:d3:7f:2c:09:41:2e:d1:29:c0:dd:c2:66:72:d0:
         61:59:14:1a:cd:c0:c1:e4:5e:7e:a0:b7:fb:12:19:fb:c4:9e:
         66:5a:a3:95:f4:bf:8e:10:2b:88:18:0f:52:e4:14:20:32:26:
         ab:24:37:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Jf4FKopA53KtUVM/YHvmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjQwNTMwMTIzNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWFhNWExMmNhYjRlYjk1ZjE3Njc5MGZmNDdmOTFkYzQyMjIxM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeF09zDNAX++Jk/38ynuGv7kZ9oH
bNCvDTFMgT6mU4zC8LfxDLurh/w851ykVzk4kOTtZ7SqBlqi9GF2jfwMtMR6uz7J
n0Qg/csgv2rTTrClb1TDBdxv9WwXWNOa5WJkCcGFxgSJSjgTASQhZPY0XNAMF3lo
mow7lhSqrwtdj7ZVTW3J0eso6KvCsaHTckj1m9UaYRM13mNxsEJpRk/HF6H3PQ4l
SLsY5JS0K3NXZ0neahBHB9vwbsf6FY2upQhHTlrrwUm+FArnc1CjQ0+dfn/ThFtP
Ud4sa9bQ0bBapAgxOc3hFWEN6ZEO75wkrX5qkdFFNWTrEEawwr9liD9Q0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmqWhLKtOuV8XZ5D/R/kdxCIhPSMB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvbWFwYUVzcTA2NVh4ZG5rUDlILVIzRUlpRTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZaBMA0G
CSqGSIb3DQEBCwUAA4IBAQAQwjM5NawF0nWJ7T94JpENnTPVL6l+yZwodHfsVfOZ
y8ltMu5Le0Nffv5Q/mtm4+NshUwFoyVk77OHW36gkVTk/BUTk64nc7KEYwIuJdZI
cbYqRMKft76tYaujs5b8Iodk9b5F85Z6OZ7/PEE/81MXeifAGa8Aw0OfDlHuwF+2
Dw14NAOcRQSR6qk4Kxh6qOYfC1u9TVohKNXMn+2bEnv54q7QmhopUGDldnHxbQ2y
oAZd4q/WKz4I+3GaZs8IBWyyMUSZ+MdPYTeY038sCUEu0SnA3cJmctBhWRQazcDB
5F5+oLf7Ehn7xJ5mWqOV9L+OECuIGA9S5BQgMiarJDeG
-----END CERTIFICATE-----