Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/wSlwUb5GO5ZtBuqccRIThVO6NgI.roa
File:                     wSlwUb5GO5ZtBuqccRIThVO6NgI.roa (raw, json)
Hash identifier:          5ywOsPIhppIq1zmUtkLPubAwy2lR9esYtf8OnPdWzjI=
Subject key identifier:   C1:29:70:51:BE:46:3B:96:6D:06:EA:9C:71:12:13:85:53:BA:36:02
Certificate issuer:       /CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
Certificate serial:       018F5ED3998EEDA12F5626F7C4F79309D4B5
Authority key identifier: 83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/wSlwUb5GO5ZtBuqccRIThVO6NgI.roa
Signing time:             Thu 09 May 2024 19:27:56 +0000
ROA not before:           Thu 09 May 2024 19:27:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        185.115.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5e:d3:99:8e:ed:a1:2f:56:26:f7:c4:f7:93:09:d4:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
        Validity
            Not Before: May  9 19:27:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1297051be463b966d06ea9c7112138553ba3602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:15:d7:38:b9:82:97:1f:f6:4e:4f:de:47:c5:
                    b2:04:c5:6e:63:0d:a4:1c:66:52:37:53:7a:a5:db:
                    3e:ff:c9:8c:d8:0f:06:cf:97:17:b0:b1:90:e4:29:
                    fa:b0:88:38:9b:52:fb:63:6b:60:07:df:77:1e:10:
                    c3:4d:7c:1b:28:80:a6:17:09:1c:60:02:6d:91:d2:
                    e1:b7:e4:43:1f:83:26:88:a2:43:69:9b:31:b6:dd:
                    21:e8:e8:11:62:76:57:dc:16:f9:11:5a:54:a0:8b:
                    31:ae:e2:53:04:16:e6:31:14:28:4a:fc:d5:76:a4:
                    29:42:78:7b:8d:10:9a:3e:39:4f:77:a2:71:8e:1a:
                    dc:c9:77:9f:c2:68:c7:50:c4:fb:05:60:c2:89:dc:
                    98:b7:d7:88:8f:58:69:dd:1b:ca:1b:0d:00:f4:f4:
                    8c:94:26:56:13:79:bc:bd:84:aa:92:42:38:96:3c:
                    45:26:73:7b:f2:bc:60:6b:da:4d:09:00:3d:64:b6:
                    4f:ae:18:e7:a5:79:d5:34:5b:7f:1e:66:3e:44:37:
                    c9:52:17:1c:9b:5d:87:37:ca:03:b3:f5:86:f9:10:
                    11:cf:53:92:e3:8c:4f:f4:9a:47:8f:32:20:3c:09:
                    ae:ce:d9:22:24:7a:e1:4e:76:0a:17:ff:f6:82:87:
                    6c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:29:70:51:BE:46:3B:96:6D:06:EA:9C:71:12:13:85:53:BA:36:02
            X509v3 Authority Key Identifier:
                keyid:83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/wSlwUb5GO5ZtBuqccRIThVO6NgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:9a:50:56:85:9a:7b:15:97:c1:1a:02:5c:48:f7:d1:38:e6:
         52:25:42:9e:fe:65:1c:75:c3:a3:31:df:00:6b:75:3d:5c:93:
         0b:36:68:c4:22:a5:fb:13:24:4d:96:fb:ba:12:d3:df:03:30:
         6c:50:65:3b:7b:79:44:25:36:61:96:96:91:cb:bc:cf:6a:79:
         c4:55:28:2d:21:6c:2c:d1:a4:a6:1f:dd:2b:34:b4:31:f9:38:
         d9:4a:15:76:a3:a1:75:f0:14:c5:b8:27:fe:16:85:85:d4:b9:
         94:02:aa:08:2b:b0:bd:59:ff:62:4e:64:8c:d4:ae:ca:a4:bd:
         fc:16:27:53:49:4c:55:03:ad:42:83:dc:5e:ae:a0:7f:44:ba:
         4a:5d:b4:9b:a6:28:f6:f1:e7:95:ea:7d:3f:cc:fb:67:40:75:
         56:70:6f:ad:ad:35:05:84:08:3c:7a:a3:07:fc:92:58:f6:1f:
         c4:cf:d9:41:7d:e8:50:cf:06:d3:49:1b:37:23:20:9a:42:85:
         91:d2:a0:f6:2b:50:b7:de:28:2b:0b:b0:9b:0c:8f:15:a9:51:
         20:e5:b7:35:4c:dc:3e:0a:a8:8e:42:ae:b3:2a:94:04:29:2b:
         f1:87:11:60:66:d3:ca:1e:82:f3:16:af:f6:3b:e1:ce:a6:6b:
         f2:bc:de:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9e05mO7aEvVib3xPeTCdS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYjViNDkxM2NjNzhlNDA4MDNjMDBiZWM2YjFhOWRjNDhm
ZjM2ODQwHhcNMjQwNTA5MTkyNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTI5NzA1MWJlNDYzYjk2NmQwNmVhOWM3MTEyMTM4NTUzYmEzNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BXXOLmClx/2Tk/eR8WyBMVuYw2k
HGZSN1N6pds+/8mM2A8Gz5cXsLGQ5Cn6sIg4m1L7Y2tgB993HhDDTXwbKICmFwkc
YAJtkdLht+RDH4MmiKJDaZsxtt0h6OgRYnZX3Bb5EVpUoIsxruJTBBbmMRQoSvzV
dqQpQnh7jRCaPjlPd6JxjhrcyXefwmjHUMT7BWDCidyYt9eIj1hp3RvKGw0A9PSM
lCZWE3m8vYSqkkI4ljxFJnN78rxga9pNCQA9ZLZPrhjnpXnVNFt/HmY+RDfJUhcc
m12HN8oDs/WG+RARz1OS44xP9JpHjzIgPAmuztkiJHrhTnYKF//2godsJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEpcFG+RjuWbQbqnHESE4VTujYCMB8GA1UdIwQY
MBaAFIO1tJE8x45AgDwAvsaxqdxI/zaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2Yt
ODY3OTY1ZWI1MGNhLzEvd1Nsd1ViNUdPNVp0QnVxY2NSSVRoVk82TmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2YtODY3OTY1ZWI1MGNh
LzEvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOhMA0G
CSqGSIb3DQEBCwUAA4IBAQAVmlBWhZp7FZfBGgJcSPfROOZSJUKe/mUcdcOjMd8A
a3U9XJMLNmjEIqX7EyRNlvu6EtPfAzBsUGU7e3lEJTZhlpaRy7zPannEVSgtIWws
0aSmH90rNLQx+TjZShV2o6F18BTFuCf+FoWF1LmUAqoIK7C9Wf9iTmSM1K7KpL38
FidTSUxVA61Cg9xerqB/RLpKXbSbpij28eeV6n0/zPtnQHVWcG+trTUFhAg8eqMH
/JJY9h/Ez9lBfehQzwbTSRs3IyCaQoWR0qD2K1C33igrC7CbDI8VqVEg5bc1TNw+
CqiOQq6zKpQEKSvxhxFgZtPKHoLzFq/2O+HOpmvyvN5Y
-----END CERTIFICATE-----