Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Ba5paKioxMLoYxD-REypXj-rIlE.roa
File:                     Ba5paKioxMLoYxD-REypXj-rIlE.roa (raw, json)
Hash identifier:          CDc5DrQrG1ZlsEAr5af7vgG3iJ82aOWjuFQ74HHRPZg=
Subject key identifier:   05:AE:69:68:A8:A8:C4:C2:E8:63:10:FE:44:4C:A9:5E:3F:AB:22:51
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BE564778FC7796C307309568F0DA
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Ba5paKioxMLoYxD-REypXj-rIlE.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49697
IP address blocks:        185.121.69.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:be:56:47:78:fc:77:96:c3:07:30:95:68:f0:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05ae6968a8a8c4c2e86310fe444ca95e3fab2251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b9:7e:8f:55:57:87:5d:e8:4f:10:cb:30:9b:
                    df:7b:fd:de:a9:09:ac:f6:c2:3a:27:24:7a:e9:4a:
                    cc:5a:3d:d2:97:05:c0:f3:d9:27:03:8e:cd:a9:57:
                    80:44:d9:df:52:f5:09:05:6e:1c:34:5b:6b:b0:db:
                    1a:19:c5:2b:ab:e8:a3:a4:18:63:8f:d6:bb:d8:aa:
                    76:6f:d7:0e:19:c9:de:0c:47:71:f8:16:e8:32:08:
                    e0:b6:d0:5b:7d:d4:ee:14:d7:1c:70:69:65:ae:e7:
                    15:d5:36:25:88:c0:2f:3f:33:6e:8b:96:c2:93:51:
                    2d:f9:57:c4:4a:31:c4:b1:7a:dc:24:f9:00:d6:71:
                    5c:c9:2d:52:2c:35:39:95:2f:fc:4b:b0:19:d4:a0:
                    27:0e:07:fb:c7:4e:0b:6e:73:c9:81:3f:2e:fb:fd:
                    38:30:28:47:e6:b0:97:6c:8f:c3:d2:40:cc:f9:a1:
                    4a:86:c7:dd:48:7e:b3:1a:9c:84:39:f1:ed:52:20:
                    d4:fd:eb:33:2b:36:f8:fa:07:81:f6:db:99:e3:55:
                    75:ea:4b:1c:e4:31:af:f4:87:f0:78:79:77:fc:5d:
                    48:ec:a9:27:4c:1a:e1:40:cc:d7:35:4b:01:78:dc:
                    1e:4e:86:e4:1d:71:11:04:a7:e2:05:a0:0f:91:20:
                    b0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AE:69:68:A8:A8:C4:C2:E8:63:10:FE:44:4C:A9:5E:3F:AB:22:51
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Ba5paKioxMLoYxD-REypXj-rIlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:4f:ee:75:d8:60:5b:93:5f:60:7b:dd:37:ea:58:7a:3e:86:
         5c:b2:c7:94:63:9a:c9:91:59:24:a1:20:97:d2:f6:64:f5:21:
         b9:25:22:0f:a7:30:5a:8a:b2:41:a4:4a:77:83:d3:0e:29:e0:
         d3:54:ea:dd:17:05:4c:5a:53:6b:54:36:a9:56:6f:fe:6a:13:
         a3:eb:71:6a:40:da:33:6d:cf:ee:20:60:0b:df:79:b9:b1:26:
         fd:e9:24:77:ba:1e:0e:56:0e:50:41:ea:19:56:a9:90:6c:64:
         e1:29:20:cc:5b:55:2f:f2:9f:e6:82:34:d2:44:17:3c:66:e4:
         37:f5:16:89:e9:95:90:e2:2b:a2:27:ea:65:b9:6b:13:06:86:
         be:46:90:de:0d:fd:49:78:b7:18:5a:4f:7d:3c:4b:11:ae:bb:
         0c:14:0a:54:3e:a7:fb:0c:4e:7c:be:42:ec:3b:c8:f3:3e:fa:
         59:91:85:ce:2c:d4:45:f1:cc:30:eb:ff:f3:ce:0a:8a:35:cb:
         0e:9d:a9:6b:df:cd:3d:b5:b8:27:44:e5:35:21:8d:a6:9d:5e:
         cd:74:dd:93:68:4c:01:97:b8:f1:08:5b:0e:fe:c5:44:21:6c:
         b5:db:23:fe:3e:10:a3:06:fe:7a:86:bf:52:e2:a3:4a:7c:bb:
         1e:20:a0:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAL5WR3j8d5bDBzCVaPDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWFlNjk2OGE4YThjNGMyZTg2MzEwZmU0NDRjYTk1ZTNmYWIyMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7l+j1VXh13oTxDLMJvfe/3eqQms
9sI6JyR66UrMWj3SlwXA89knA47NqVeARNnfUvUJBW4cNFtrsNsaGcUrq+ijpBhj
j9a72Kp2b9cOGcneDEdx+BboMgjgttBbfdTuFNcccGllrucV1TYliMAvPzNui5bC
k1Et+VfESjHEsXrcJPkA1nFcyS1SLDU5lS/8S7AZ1KAnDgf7x04LbnPJgT8u+/04
MChH5rCXbI/D0kDM+aFKhsfdSH6zGpyEOfHtUiDU/eszKzb4+geB9tuZ41V16ksc
5DGv9IfweHl3/F1I7KknTBrhQMzXNUsBeNweTobkHXERBKfiBaAPkSCwkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWuaWioqMTC6GMQ/kRMqV4/qyJRMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQmE1cGFLaW94TUxvWXhELVJFeXBYai1ySWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlFMA0G
CSqGSIb3DQEBCwUAA4IBAQDmT+512GBbk19ge9036lh6PoZcsseUY5rJkVkkoSCX
0vZk9SG5JSIPpzBairJBpEp3g9MOKeDTVOrdFwVMWlNrVDapVm/+ahOj63FqQNoz
bc/uIGAL33m5sSb96SR3uh4OVg5QQeoZVqmQbGThKSDMW1Uv8p/mgjTSRBc8ZuQ3
9RaJ6ZWQ4iuiJ+pluWsTBoa+RpDeDf1JeLcYWk99PEsRrrsMFApUPqf7DE58vkLs
O8jzPvpZkYXOLNRF8cww6//zzgqKNcsOnalr3809tbgnROU1IY2mnV7NdN2TaEwB
l7jxCFsO/sVEIWy12yP+PhCjBv56hr9S4qNKfLseIKDL
-----END CERTIFICATE-----