Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oLwFsKOs-_yBR0XvexxpgW8KE88.roa
File:                     oLwFsKOs-_yBR0XvexxpgW8KE88.roa (raw, json)
Hash identifier:          zfjH49g1WttP9Rir9LCKF1UnrIXwZIomJGVvsMsBtAM=
Subject key identifier:   A0:BC:05:B0:A3:AC:FB:FC:81:47:45:EF:7B:1C:69:81:6F:0A:13:CF
Certificate issuer:       /CN=82468b53967545e28e9267ccbf0069d87b259869
Certificate serial:       018FBB4798406786AD9DD9D6749A164152AF
Authority key identifier: 82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oLwFsKOs-_yBR0XvexxpgW8KE88.roa
Signing time:             Mon 27 May 2024 18:19:42 +0000
ROA not before:           Mon 27 May 2024 18:19:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54339
IP address blocks:        185.38.222.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bb:47:98:40:67:86:ad:9d:d9:d6:74:9a:16:41:52:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82468b53967545e28e9267ccbf0069d87b259869
        Validity
            Not Before: May 27 18:19:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0bc05b0a3acfbfc814745ef7b1c69816f0a13cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c2:5d:61:79:2a:9d:cb:80:e1:fe:13:a9:81:
                    d6:c0:f8:91:de:b2:ad:fe:bc:9b:69:53:e2:3c:e0:
                    85:7f:cf:48:9d:62:ac:44:de:ab:60:94:1e:c1:23:
                    e4:7d:90:f5:92:17:de:23:20:49:08:11:d7:c6:61:
                    cd:3d:de:09:53:94:ba:a3:a0:ab:d7:4f:49:23:d0:
                    9b:10:4e:30:f6:24:20:0d:a3:2e:c0:8d:22:49:f5:
                    97:d6:25:3c:1d:30:d2:60:ba:9f:a8:ba:e8:49:13:
                    77:27:7d:c0:89:00:c9:56:32:94:8c:1a:3b:a2:02:
                    43:d7:fb:0f:fa:f7:11:40:e0:ee:fd:c9:90:1b:76:
                    6b:2b:f5:02:59:23:5d:e1:53:02:2a:fd:c2:d8:da:
                    ed:55:10:ad:ad:c4:36:20:b5:63:02:0d:52:21:b3:
                    64:30:65:ae:c2:ff:cf:97:56:c4:e7:ff:76:8d:6b:
                    ce:b8:86:9c:9a:97:6b:b5:ea:b1:8f:75:a6:e4:83:
                    fc:a0:e0:aa:49:18:d7:e0:16:ff:55:5b:11:2f:3d:
                    2f:8d:b5:53:b3:92:30:6e:78:6b:77:51:69:25:2f:
                    85:43:82:85:fd:72:46:44:ca:02:38:fb:b6:93:c0:
                    74:9d:17:cf:ab:f9:82:fa:e7:ac:f5:b8:e6:60:b0:
                    9a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BC:05:B0:A3:AC:FB:FC:81:47:45:EF:7B:1C:69:81:6F:0A:13:CF
            X509v3 Authority Key Identifier:
                keyid:82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oLwFsKOs-_yBR0XvexxpgW8KE88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:91:18:85:de:da:b4:81:58:4c:bf:63:ae:8f:d9:3c:d1:8d:
         ad:a2:73:67:68:de:57:57:f3:54:38:85:db:ff:43:56:10:1e:
         1c:0d:0e:ce:6d:0b:e6:ce:b5:b5:d0:5f:2f:8a:cb:38:86:af:
         88:59:83:cd:5c:fb:70:57:c8:70:97:28:4b:71:94:b1:03:85:
         b5:2f:f9:22:a7:de:46:80:45:20:af:5f:50:56:93:e9:dd:1c:
         4b:31:20:21:87:19:2e:c6:3a:6c:ac:dc:5e:31:1d:55:ca:8c:
         7c:30:a3:2b:97:a8:0b:e1:01:cc:6a:fc:36:f4:cf:58:26:0f:
         ba:c3:b3:d9:e9:22:ba:ef:66:94:ca:c4:fa:1f:fa:e9:98:99:
         c6:bb:ee:93:6f:63:d6:45:72:11:8c:ed:21:e4:f8:14:1a:7a:
         e5:47:31:05:7c:87:ae:d3:f6:c7:b0:95:ee:e9:58:96:73:de:
         7b:df:db:e5:fb:f5:c3:0d:49:38:46:b1:aa:68:d7:2e:8e:6b:
         b2:fc:bf:54:df:2a:81:10:5d:bc:68:68:19:93:23:ba:77:eb:
         72:ce:d1:90:b6:c7:3f:24:8f:e5:48:85:b9:90:66:f2:67:d2:
         9b:53:f7:4d:c4:6f:8f:58:4b:60:e1:08:ec:9c:ad:8b:5b:7e:
         85:bc:80:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+7R5hAZ4atndnWdJoWQVKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNDY4YjUzOTY3NTQ1ZTI4ZTkyNjdjY2JmMDA2OWQ4N2Iy
NTk4NjkwHhcNMjQwNTI3MTgxOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJjMDViMGEzYWNmYmZjODE0NzQ1ZWY3YjFjNjk4MTZmMGExM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sJdYXkqncuA4f4TqYHWwPiR3rKt
/rybaVPiPOCFf89InWKsRN6rYJQewSPkfZD1khfeIyBJCBHXxmHNPd4JU5S6o6Cr
109JI9CbEE4w9iQgDaMuwI0iSfWX1iU8HTDSYLqfqLroSRN3J33AiQDJVjKUjBo7
ogJD1/sP+vcRQODu/cmQG3ZrK/UCWSNd4VMCKv3C2NrtVRCtrcQ2ILVjAg1SIbNk
MGWuwv/Pl1bE5/92jWvOuIacmpdrteqxj3Wm5IP8oOCqSRjX4Bb/VVsRLz0vjbVT
s5Iwbnhrd1FpJS+FQ4KF/XJGRMoCOPu2k8B0nRfPq/mC+ues9bjmYLCaWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC8BbCjrPv8gUdF73scaYFvChPPMB8GA1UdIwQY
MBaAFIJGi1OWdUXijpJnzL8Aadh7JZhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEt
OGFjMmJhZjY5NmM4LzEvb0x3RnNLT3MtX3lCUjBYdmV4eHBnVzhLRTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEtOGFjMmJhZjY5NmM4
LzEvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSbeMA0G
CSqGSIb3DQEBCwUAA4IBAQBwkRiF3tq0gVhMv2Ouj9k80Y2tonNnaN5XV/NUOIXb
/0NWEB4cDQ7ObQvmzrW10F8viss4hq+IWYPNXPtwV8hwlyhLcZSxA4W1L/kip95G
gEUgr19QVpPp3RxLMSAhhxkuxjpsrNxeMR1Vyox8MKMrl6gL4QHMavw29M9YJg+6
w7PZ6SK672aUysT6H/rpmJnGu+6Tb2PWRXIRjO0h5PgUGnrlRzEFfIeu0/bHsJXu
6ViWc95739vl+/XDDUk4RrGqaNcujmuy/L9U3yqBEF28aGgZkyO6d+tyztGQtsc/
JI/lSIW5kGbyZ9KbU/dNxG+PWEtg4QjsnK2LW36FvIBu
-----END CERTIFICATE-----