Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/IZDsl3LqAPlVcvQzeK4_KyMEf6U.roa
File:                     IZDsl3LqAPlVcvQzeK4_KyMEf6U.roa (raw, json)
Hash identifier:          MabAgPwQVpUqwLH0AKanWVHraGjwkltbS18jIaeEF60=
Subject key identifier:   21:90:EC:97:72:EA:00:F9:55:72:F4:33:78:AE:3F:2B:23:04:7F:A5
Certificate issuer:       /CN=7b385e86167d5ccc22fd85892560ae760b5f2898
Certificate serial:       018CC3488C61DC6CA3F5BFCAF5333F3DA66B
Authority key identifier: 7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/IZDsl3LqAPlVcvQzeK4_KyMEf6U.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        185.226.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8c:61:dc:6c:a3:f5:bf:ca:f5:33:3f:3d:a6:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b385e86167d5ccc22fd85892560ae760b5f2898
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2190ec9772ea00f95572f43378ae3f2b23047fa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e1:18:04:69:ea:da:49:00:bc:70:59:4f:13:
                    f3:dc:ed:5e:50:6b:87:80:c3:1b:23:ff:e6:e8:41:
                    8f:4f:7e:08:9e:e4:94:98:de:54:f7:a0:2b:e8:5e:
                    9e:4b:2b:c9:ca:04:dd:19:a1:72:2a:33:16:6b:24:
                    3c:2b:13:04:f7:8e:c2:78:a7:59:3a:01:9c:69:c0:
                    f9:9b:af:af:a5:92:d5:49:11:09:8f:84:bd:e7:50:
                    ed:7a:d8:8e:8e:bd:a2:24:21:61:62:3b:11:dc:25:
                    a2:9e:7c:ba:df:43:77:4f:65:fa:71:6e:26:e2:4f:
                    71:35:1b:cd:62:93:82:4e:ff:3c:61:f4:a4:cf:dc:
                    f5:b3:75:40:d3:2f:76:67:57:e5:1b:e8:8e:30:a3:
                    df:8d:31:be:86:fd:92:e6:f5:ac:48:cc:53:b1:ca:
                    7e:f9:76:70:65:b3:e4:3b:e2:49:08:59:af:6f:f1:
                    18:4c:e4:be:bd:c6:4c:7d:58:92:f7:69:82:38:4e:
                    b7:f7:d1:85:be:d4:1c:83:a5:52:f2:f6:85:b2:84:
                    ba:80:6a:4d:a4:b3:ce:3d:4e:da:16:72:ec:7d:67:
                    80:a4:6b:c7:e3:48:f5:a6:eb:99:99:77:7d:a2:98:
                    9d:11:d6:62:56:9d:ee:ed:46:12:07:07:61:97:ec:
                    b5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:90:EC:97:72:EA:00:F9:55:72:F4:33:78:AE:3F:2B:23:04:7F:A5
            X509v3 Authority Key Identifier:
                keyid:7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/IZDsl3LqAPlVcvQzeK4_KyMEf6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:54:4f:9c:6f:ae:7c:1f:4a:1f:4b:e4:9f:e6:68:b3:c9:da:
         00:2b:4c:64:08:7d:bb:70:3e:8f:da:7e:cd:18:4d:74:bc:a4:
         a7:83:a0:d8:57:e1:1b:e1:56:be:dd:16:4e:83:5f:05:a0:80:
         62:47:47:d6:a1:46:99:ee:1f:5e:57:3a:5c:3f:5a:9f:f3:75:
         a8:b8:57:c4:6c:16:dd:fb:51:6b:59:fb:82:f4:0f:36:69:c9:
         cb:32:2f:4e:56:89:45:78:e5:05:74:0a:af:76:dc:3f:e7:e8:
         5f:aa:9c:15:b6:1e:bc:66:e9:ce:ae:52:ed:e9:ba:1f:aa:26:
         97:e7:2a:52:64:6b:53:1e:0f:99:75:ca:64:33:1b:3b:84:fc:
         5e:48:1a:f3:12:83:0d:3a:7f:68:45:c5:63:9c:fa:c7:23:fc:
         86:33:21:ca:9f:e2:d3:b3:8a:a2:8e:a5:5d:76:5e:a0:13:10:
         5f:e6:68:22:b7:a3:67:f6:ed:f1:c4:cc:0d:11:2b:87:59:48:
         aa:8d:f1:c9:4d:58:3c:a8:59:40:d5:07:74:e9:44:fe:0f:d9:
         07:f8:57:94:6e:b2:67:fd:54:76:c6:81:be:80:ae:46:ce:e0:
         4a:56:70:b6:49:5b:db:ed:07:81:5c:a1:8c:0d:a9:e9:30:af:
         6c:a2:ab:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSIxh3Gyj9b/K9TM/PaZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMzg1ZTg2MTY3ZDVjY2MyMmZkODU4OTI1NjBhZTc2MGI1
ZjI4OTgwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTkwZWM5NzcyZWEwMGY5NTU3MmY0MzM3OGFlM2YyYjIzMDQ3ZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuEYBGnq2kkAvHBZTxPz3O1eUGuH
gMMbI//m6EGPT34InuSUmN5U96Ar6F6eSyvJygTdGaFyKjMWayQ8KxME947CeKdZ
OgGcacD5m6+vpZLVSREJj4S951DtetiOjr2iJCFhYjsR3CWinny630N3T2X6cW4m
4k9xNRvNYpOCTv88YfSkz9z1s3VA0y92Z1flG+iOMKPfjTG+hv2S5vWsSMxTscp+
+XZwZbPkO+JJCFmvb/EYTOS+vcZMfViS92mCOE6399GFvtQcg6VS8vaFsoS6gGpN
pLPOPU7aFnLsfWeApGvH40j1puuZmXd9opidEdZiVp3u7UYSBwdhl+y1AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGQ7Jdy6gD5VXL0M3iuPysjBH+lMB8GA1UdIwQY
MBaAFHs4XoYWfVzMIv2FiSVgrnYLXyiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmIt
ZWE3ODhhZDMyOTZhLzEvSVpEc2wzTHFBUGxWY3ZRemVLNF9LeU1FZjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmItZWE3ODhhZDMyOTZh
LzEvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKKMA0G
CSqGSIb3DQEBCwUAA4IBAQBsVE+cb658H0ofS+Sf5mizydoAK0xkCH27cD6P2n7N
GE10vKSng6DYV+Eb4Va+3RZOg18FoIBiR0fWoUaZ7h9eVzpcP1qf83WouFfEbBbd
+1FrWfuC9A82acnLMi9OVolFeOUFdAqvdtw/5+hfqpwVth68ZunOrlLt6bofqiaX
5ypSZGtTHg+ZdcpkMxs7hPxeSBrzEoMNOn9oRcVjnPrHI/yGMyHKn+LTs4qijqVd
dl6gExBf5mgit6Nn9u3xxMwNESuHWUiqjfHJTVg8qFlA1Qd06UT+D9kH+FeUbrJn
/VR2xoG+gK5GzuBKVnC2SVvb7QeBXKGMDanpMK9soquM
-----END CERTIFICATE-----