Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/1SdxEVGy6IBXt3y6d2ij2sl2ENk.roa
File:                     1SdxEVGy6IBXt3y6d2ij2sl2ENk.roa (raw, json)
Hash identifier:          HXRxvMrLJzW7AF1JKVzvtmU29/hvgRScroQgx/WQ0rg=
Subject key identifier:   D5:27:71:11:51:B2:E8:80:57:B7:7C:BA:77:68:A3:DA:C9:76:10:D9
Certificate issuer:       /CN=f6a0ffcab44a6ab76285fd8b15fba9ae0472c00a
Certificate serial:       018CC26D3DB06B4DBD56A6A20FBCB090D4DE
Authority key identifier: F6:A0:FF:CA:B4:4A:6A:B7:62:85:FD:8B:15:FB:A9:AE:04:72:C0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/1SdxEVGy6IBXt3y6d2ij2sl2ENk.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61145
IP address blocks:        185.8.112.0/22 maxlen: 24
                          194.38.12.0/22 maxlen: 22
                          2a03:38c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3d:b0:6b:4d:bd:56:a6:a2:0f:bc:b0:90:d4:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6a0ffcab44a6ab76285fd8b15fba9ae0472c00a
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d527711151b2e88057b77cba7768a3dac97610d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:62:89:9f:a0:42:8a:01:c8:1c:a5:c2:b0:5f:
                    3c:d7:56:df:ff:8c:bd:5e:7b:d7:d6:e7:b1:59:45:
                    4b:98:19:b7:0a:19:b4:67:3a:05:1a:cb:d9:0d:7c:
                    8b:86:c7:b5:f8:ae:9f:c3:1b:61:05:7f:7b:71:c4:
                    d9:c4:e7:fb:b5:4c:39:38:d6:35:db:41:e4:4c:86:
                    8a:2d:fd:f8:a2:8a:0d:68:36:3d:e9:a0:2f:70:e4:
                    73:fb:bf:56:56:03:56:02:1d:b9:bf:36:ca:39:a5:
                    42:49:e3:6b:8f:48:28:e3:9f:53:6a:51:a7:40:4a:
                    46:68:4f:1f:53:6f:92:4a:0e:14:3b:6e:b5:1e:9f:
                    5f:f4:93:b0:68:a5:7d:d3:7e:3b:20:dc:1c:38:58:
                    8b:2b:90:9e:60:ee:ef:8f:26:cb:36:0d:43:05:5e:
                    cf:38:ba:ef:8c:df:fa:1f:82:e2:84:f7:37:a4:df:
                    95:fa:53:b9:73:d0:3c:5c:77:e4:c2:8f:79:a4:26:
                    47:39:ae:05:cc:dd:4c:38:f6:cd:25:99:04:cd:f9:
                    26:9a:44:09:20:36:0e:76:ee:bf:c6:c3:65:12:0a:
                    2e:6e:1b:48:4b:49:b2:6a:ba:c2:57:4e:ec:ff:6a:
                    97:47:c2:4a:6e:15:d1:ee:be:1b:c3:6b:ba:f9:e9:
                    3d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:27:71:11:51:B2:E8:80:57:B7:7C:BA:77:68:A3:DA:C9:76:10:D9
            X509v3 Authority Key Identifier:
                keyid:F6:A0:FF:CA:B4:4A:6A:B7:62:85:FD:8B:15:FB:A9:AE:04:72:C0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/1SdxEVGy6IBXt3y6d2ij2sl2ENk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.112.0/22
                  194.38.12.0/22
                IPv6:
                  2a03:38c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:ad:44:91:e7:5a:42:11:fc:7f:48:a3:c7:9f:08:c6:8d:09:
         e6:4c:59:57:a1:93:fe:46:f2:24:66:d9:ba:e0:a4:cf:9a:4d:
         05:dd:9e:57:da:49:a3:49:f4:96:91:00:e8:11:12:6b:d8:14:
         e6:89:56:c2:df:e0:21:ab:5f:4e:d6:66:33:dd:7a:27:8f:ee:
         68:c4:59:48:96:90:b9:56:6f:6c:61:c2:55:89:85:a9:10:af:
         f5:6c:c0:33:63:cb:7d:22:10:af:9f:32:9e:6e:b8:1f:4e:55:
         c1:87:eb:fc:b5:41:aa:c8:2b:32:18:58:0a:db:df:0a:76:0f:
         8e:ec:42:ed:4d:7e:47:46:12:fd:b5:22:24:c3:e2:8d:eb:67:
         b8:e5:1c:7e:c5:90:37:0d:b2:04:b5:88:23:8a:6a:84:61:66:
         20:07:5d:42:ef:b4:87:00:7d:ef:e5:6a:d3:be:10:06:3a:4c:
         bf:45:6a:ce:6a:9a:80:9a:81:99:0d:d6:a5:79:ef:78:ad:46:
         c0:88:ae:f1:56:a2:83:d6:a9:6d:f9:c2:87:83:47:60:8b:2c:
         d3:13:c6:c0:b3:72:72:a9:1e:e0:1d:c3:09:64:45:f1:6e:5e:
         94:b4:d2:9a:c7:52:c0:8c:af:9b:a7:bd:44:fa:b7:22:02:b9:
         43:67:60:01
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbT2wa029VqaiD7ywkNTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YTBmZmNhYjQ0YTZhYjc2Mjg1ZmQ4YjE1ZmJhOWFlMDQ3
MmMwMGEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI3NzExMTUxYjJlODgwNTdiNzdjYmE3NzY4YTNkYWM5NzYxMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WKJn6BCigHIHKXCsF8811bf/4y9
XnvX1uexWUVLmBm3Chm0ZzoFGsvZDXyLhse1+K6fwxthBX97ccTZxOf7tUw5ONY1
20HkTIaKLf34oooNaDY96aAvcORz+79WVgNWAh25vzbKOaVCSeNrj0go459TalGn
QEpGaE8fU2+SSg4UO261Hp9f9JOwaKV90347INwcOFiLK5CeYO7vjybLNg1DBV7P
OLrvjN/6H4LihPc3pN+V+lO5c9A8XHfkwo95pCZHOa4FzN1MOPbNJZkEzfkmmkQJ
IDYOdu6/xsNlEgoubhtIS0myarrCV07s/2qXR8JKbhXR7r4bw2u6+ek9fQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNUncRFRsuiAV7d8undoo9rJdhDZMB8GA1UdIwQY
MBaAFPag/8q0Smq3YoX9ixX7qa4EcsAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXFEX3lyUkthcmRpaGYyTEZmdXByZ1J5d0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9hNWUwNTgtZjQ3NS00N2NjLWI5ZWMt
YWU0NjA5NDM4OWJhLzEvMVNkeEVWR3k2SUJYdDN5NmQyaWoyc2wyRU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9hNWUwNTgtZjQ3NS00N2NjLWI5ZWMtYWU0NjA5NDM4OWJh
LzEvOXFEX3lyUkthcmRpaGYyTEZmdXByZ1J5d0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQhwAwQC
wiYMMA0EAgACMAcDBQAqAzjAMA0GCSqGSIb3DQEBCwUAA4IBAQAlrUSR51pCEfx/
SKPHnwjGjQnmTFlXoZP+RvIkZtm64KTPmk0F3Z5X2kmjSfSWkQDoERJr2BTmiVbC
3+Ahq19O1mYz3Xonj+5oxFlIlpC5Vm9sYcJViYWpEK/1bMAzY8t9IhCvnzKebrgf
TlXBh+v8tUGqyCsyGFgK298Kdg+O7ELtTX5HRhL9tSIkw+KN62e45Rx+xZA3DbIE
tYgjimqEYWYgB11C77SHAH3v5WrTvhAGOky/RWrOapqAmoGZDdalee94rUbAiK7x
VqKD1qlt+cKHg0dgiyzTE8bAs3JyqR7gHcMJZEXxbl6UtNKax1LAjK+bp71E+rci
ArlDZ2AB
-----END CERTIFICATE-----