Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/AowOtO1H6kaN3cJqp89CzccGR2U.roa
File:                     AowOtO1H6kaN3cJqp89CzccGR2U.roa (raw, json)
Hash identifier:          Rd9fp9AjL5AHCt40XcUrljzPdfglDXiODmvDMo0P8+Y=
Subject key identifier:   02:8C:0E:B4:ED:47:EA:46:8D:DD:C2:6A:A7:CF:42:CD:C7:06:47:65
Certificate issuer:       /CN=1c766b058c096753a34ad625d53275cd2dba5b33
Certificate serial:       018CC5000A181089593688690DBA71F2DCB3
Authority key identifier: 1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/AowOtO1H6kaN3cJqp89CzccGR2U.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44285
IP address blocks:        185.171.54.0/24 maxlen: 24
                          185.171.55.0/24 maxlen: 24
                          185.171.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:18:10:89:59:36:88:69:0d:ba:71:f2:dc:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c766b058c096753a34ad625d53275cd2dba5b33
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=028c0eb4ed47ea468dddc26aa7cf42cdc7064765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f9:87:4e:8f:cf:79:1f:ac:7a:2a:f7:df:b5:
                    83:05:6a:6d:c0:67:5b:8b:58:bb:0b:19:7c:7e:54:
                    63:13:af:28:cf:4d:a3:83:84:42:7d:70:12:21:c6:
                    f3:56:c3:aa:b6:5b:20:d7:86:50:82:b2:b8:26:6c:
                    01:b0:97:79:18:0e:a9:4c:c6:ed:c0:72:a6:81:5d:
                    f2:1a:65:38:b3:4c:38:27:9c:32:e6:fb:cf:be:18:
                    37:b1:3b:52:61:3e:b5:fa:3b:bf:d2:4a:b4:5d:c3:
                    b2:01:ef:00:17:99:a5:76:6f:e4:80:2e:c0:ce:c7:
                    f8:cd:8b:14:cd:9e:65:38:20:38:2b:68:14:31:f3:
                    74:5e:84:dd:34:94:2b:5c:6e:10:cb:b9:1b:84:6e:
                    c1:50:40:a5:3e:f5:6f:35:9e:68:ec:76:78:3f:fc:
                    39:af:2e:0d:7a:27:6c:bb:23:aa:40:55:51:d6:a2:
                    c2:08:72:06:98:e7:ae:16:15:b1:d2:1e:36:6b:d8:
                    80:0d:2a:ad:77:5a:62:47:7f:cf:58:d4:63:b4:44:
                    2e:e6:5f:92:6a:27:60:87:f1:7a:ec:4c:f4:ff:35:
                    c7:bb:e4:df:31:80:a3:df:cf:59:a5:9c:41:c6:0a:
                    7c:98:be:4a:88:6e:d0:ae:b8:b5:bd:d7:3e:41:65:
                    30:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8C:0E:B4:ED:47:EA:46:8D:DD:C2:6A:A7:CF:42:CD:C7:06:47:65
            X509v3 Authority Key Identifier:
                keyid:1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/AowOtO1H6kaN3cJqp89CzccGR2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.52.0/24
                  185.171.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:b4:4a:de:d4:85:da:a0:a2:d5:60:92:d9:e1:17:ad:bd:b8:
         37:ce:26:34:6f:c5:cc:69:57:3b:f1:13:37:d5:f3:bc:75:5b:
         df:97:67:e6:b7:47:63:a3:a2:ed:5c:cb:23:af:3d:42:9a:b1:
         7c:22:f0:55:31:18:1f:57:0f:be:e1:fe:b9:1e:53:c0:76:6a:
         e2:e9:ad:28:27:15:0f:30:2e:f6:ff:23:dc:ad:da:2f:39:0e:
         56:12:b1:c2:59:3c:fe:3f:1c:27:b3:2f:61:b2:ef:0c:ce:ea:
         35:b9:ee:d3:50:77:3d:38:d7:af:09:c7:c3:ef:45:59:20:ac:
         5e:38:19:fe:cc:f2:79:45:8d:81:50:13:a7:b1:09:a3:19:93:
         db:bb:7a:b2:d2:26:e9:03:9a:d1:65:bb:89:22:b8:df:cc:5b:
         04:2f:d6:03:78:cb:9e:19:eb:14:4e:15:4a:93:78:5a:d0:d0:
         16:23:d7:fc:05:d7:58:be:71:8c:a2:4a:4d:5e:87:dd:c4:13:
         39:c2:7f:48:9c:ac:89:cb:41:a8:b8:7d:43:bc:ef:7a:ee:d0:
         ac:04:e6:45:4b:77:3b:06:31:2c:7a:54:18:4e:c5:d3:c3:ea:
         b7:6c:e5:a6:13:b0:dd:eb:f2:85:49:87:b0:1c:65:16:c3:b8:
         46:9c:b9:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAAoYEIlZNohpDbpx8tyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzY2YjA1OGMwOTY3NTNhMzRhZDYyNWQ1MzI3NWNkMmRi
YTViMzMwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhjMGViNGVkNDdlYTQ2OGRkZGMyNmFhN2NmNDJjZGM3MDY0NzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPmHTo/PeR+seir337WDBWptwGdb
i1i7Cxl8flRjE68oz02jg4RCfXASIcbzVsOqtlsg14ZQgrK4JmwBsJd5GA6pTMbt
wHKmgV3yGmU4s0w4J5wy5vvPvhg3sTtSYT61+ju/0kq0XcOyAe8AF5mldm/kgC7A
zsf4zYsUzZ5lOCA4K2gUMfN0XoTdNJQrXG4Qy7kbhG7BUEClPvVvNZ5o7HZ4P/w5
ry4NeidsuyOqQFVR1qLCCHIGmOeuFhWx0h42a9iADSqtd1piR3/PWNRjtEQu5l+S
aidgh/F67Ez0/zXHu+TfMYCj389ZpZxBxgp8mL5KiG7Qrri1vdc+QWUwRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAKMDrTtR+pGjd3CaqfPQs3HBkdlMB8GA1UdIwQY
MBaAFBx2awWMCWdTo0rWJdUydc0tulszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzIt
ODE5MTdkZmZkY2Q3LzEvQW93T3RPMUg2a2FOM2NKcXA4OUN6Y2NHUjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzItODE5MTdkZmZkY2Q3
LzEvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuas0AwQB
uas2MA0GCSqGSIb3DQEBCwUAA4IBAQCVtEre1IXaoKLVYJLZ4Retvbg3ziY0b8XM
aVc78RM31fO8dVvfl2fmt0djo6LtXMsjrz1CmrF8IvBVMRgfVw++4f65HlPAdmri
6a0oJxUPMC72/yPcrdovOQ5WErHCWTz+Pxwnsy9hsu8Mzuo1ue7TUHc9ONevCcfD
70VZIKxeOBn+zPJ5RY2BUBOnsQmjGZPbu3qy0ibpA5rRZbuJIrjfzFsEL9YDeMue
GesUThVKk3ha0NAWI9f8BddYvnGMokpNXofdxBM5wn9InKyJy0GouH1DvO967tCs
BOZFS3c7BjEselQYTsXTw+q3bOWmE7Dd6/KFSYewHGUWw7hGnLlF
-----END CERTIFICATE-----