Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/09xuDhxewxxak2CN__JL1yeS8Es.roa
File:                     09xuDhxewxxak2CN__JL1yeS8Es.roa (raw, json)
Hash identifier:          5WE00+ypoVFtWlILdfUD0CdpVawKnTGeU+0dQN5VAbs=
Subject key identifier:   D3:DC:6E:0E:1C:5E:C3:1C:5A:93:60:8D:FF:F2:4B:D7:27:92:F0:4B
Certificate issuer:       /CN=5b673422eff7e41c5e06d78e529f491f59150ff9
Certificate serial:       018CC64ABF1E0F840D8059003E38AA046D57
Authority key identifier: 5B:67:34:22:EF:F7:E4:1C:5E:06:D7:8E:52:9F:49:1F:59:15:0F:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2c0Iu_35BxeBteOUp9JH1kVD_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/09xuDhxewxxak2CN__JL1yeS8Es.roa
Signing time:             Mon 01 Jan 2024 18:30:36 +0000
ROA not before:           Mon 01 Jan 2024 18:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208703
IP address blocks:        185.41.220.0/24 maxlen: 24
                          185.41.223.0/24 maxlen: 24
                          185.41.222.0/24 maxlen: 24
                          185.41.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/W2c0Iu_35BxeBteOUp9JH1kVD_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/W2c0Iu_35BxeBteOUp9JH1kVD_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2c0Iu_35BxeBteOUp9JH1kVD_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bf:1e:0f:84:0d:80:59:00:3e:38:aa:04:6d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b673422eff7e41c5e06d78e529f491f59150ff9
        Validity
            Not Before: Jan  1 18:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3dc6e0e1c5ec31c5a93608dfff24bd72792f04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3c:5c:48:d5:f7:84:51:5f:90:23:4a:fe:21:
                    e9:91:bf:d0:f2:8f:af:9a:28:97:8c:4b:ec:14:41:
                    d8:d4:30:59:31:f8:73:6e:12:59:a2:28:82:64:51:
                    27:02:bf:2f:41:c2:1d:0e:4b:06:d7:8a:96:59:2d:
                    47:06:c6:9f:22:d7:5b:ab:2c:6a:e6:53:ee:e7:ad:
                    2d:aa:cd:e9:3b:2b:e5:47:04:a5:c3:8b:ce:81:52:
                    57:1d:39:78:81:9d:d1:20:74:49:46:f1:d0:13:f9:
                    a7:a6:2d:14:53:ef:94:03:27:c9:6c:d8:00:a9:92:
                    71:18:d3:dd:e9:bb:e8:c2:b8:29:76:7e:2f:43:f5:
                    58:5b:40:40:76:dd:d6:81:c2:84:b1:69:f2:d6:ec:
                    7e:1b:7f:66:db:9c:63:2f:a0:5e:21:2c:37:11:d9:
                    ea:ba:e2:08:89:4d:c2:6a:01:e4:b2:43:b3:14:5f:
                    10:d3:f0:4a:8d:28:e7:bc:09:77:ad:7c:2f:80:36:
                    51:33:35:77:38:2f:20:5a:1a:49:56:cf:5b:0a:7b:
                    51:ce:b0:40:ca:45:f3:ee:a6:95:ef:9c:f9:38:03:
                    9a:7a:4f:e6:b2:5d:44:1e:1d:74:c1:b6:0f:97:56:
                    4c:92:70:6b:38:72:0c:de:13:35:a7:3c:7d:10:1e:
                    98:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DC:6E:0E:1C:5E:C3:1C:5A:93:60:8D:FF:F2:4B:D7:27:92:F0:4B
            X509v3 Authority Key Identifier:
                keyid:5B:67:34:22:EF:F7:E4:1C:5E:06:D7:8E:52:9F:49:1F:59:15:0F:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2c0Iu_35BxeBteOUp9JH1kVD_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/09xuDhxewxxak2CN__JL1yeS8Es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c7d22b-2147-4336-9009-f9355fd98b6b/1/W2c0Iu_35BxeBteOUp9JH1kVD_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:5c:dd:a7:53:85:27:07:07:c0:8b:80:ee:07:b5:3d:3c:70:
         2a:4e:65:49:fe:3e:4f:b9:01:05:40:07:b4:73:a0:ac:0a:9d:
         07:f8:29:fb:de:0f:3d:a2:cd:db:35:6b:23:ce:a2:24:80:db:
         65:c1:de:9a:a0:66:bd:b2:82:55:a5:64:c7:cc:e5:8b:bc:f2:
         d4:e8:3c:5b:05:bf:11:05:aa:84:ba:66:4e:96:9d:b3:55:23:
         f8:86:09:9c:c7:45:d0:65:88:d0:c6:30:7b:68:e6:de:ef:49:
         67:06:c2:3a:2a:82:b0:21:21:e8:a4:b1:5b:57:ee:fc:74:9e:
         a3:75:36:3b:0a:de:f7:35:c9:37:69:a2:c5:b9:41:32:64:fb:
         1a:c6:cb:50:2b:b5:2d:27:f2:85:b2:fe:01:11:0e:51:f8:45:
         00:2f:ce:02:7d:c4:6b:57:73:17:c2:b3:f4:28:92:e7:d2:ff:
         0c:d5:1a:2f:98:92:e1:a6:31:dd:8e:f2:5e:89:e1:04:9a:06:
         81:36:39:6c:92:f1:3c:a7:ba:f8:e1:fd:cd:2a:11:72:e9:60:
         c0:9c:cf:c9:3c:25:3f:f4:ff:fa:1c:86:71:d5:e1:2a:3f:fe:
         d9:cf:63:7c:32:10:c8:f2:ac:ad:d8:19:dd:31:43:7f:37:37:
         c9:fe:61:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSr8eD4QNgFkAPjiqBG1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjczNDIyZWZmN2U0MWM1ZTA2ZDc4ZTUyOWY0OTFmNTkx
NTBmZjkwHhcNMjQwMTAxMTgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RjNmUwZTFjNWVjMzFjNWE5MzYwOGRmZmYyNGJkNzI3OTJmMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTxcSNX3hFFfkCNK/iHpkb/Q8o+v
miiXjEvsFEHY1DBZMfhzbhJZoiiCZFEnAr8vQcIdDksG14qWWS1HBsafItdbqyxq
5lPu560tqs3pOyvlRwSlw4vOgVJXHTl4gZ3RIHRJRvHQE/mnpi0UU++UAyfJbNgA
qZJxGNPd6bvowrgpdn4vQ/VYW0BAdt3WgcKEsWny1ux+G39m25xjL6BeISw3Ednq
uuIIiU3CagHkskOzFF8Q0/BKjSjnvAl3rXwvgDZRMzV3OC8gWhpJVs9bCntRzrBA
ykXz7qaV75z5OAOaek/msl1EHh10wbYPl1ZMknBrOHIM3hM1pzx9EB6YrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPcbg4cXsMcWpNgjf/yS9cnkvBLMB8GA1UdIwQY
MBaAFFtnNCLv9+QcXgbXjlKfSR9ZFQ/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJjMEl1XzM1QnhlQnRlT1VwOUpIMWtWRF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jN2QyMmItMjE0Ny00MzM2LTkwMDkt
ZjkzNTVmZDk4YjZiLzEvMDl4dURoeGV3eHhhazJDTl9fSkwxeWVTOEVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jN2QyMmItMjE0Ny00MzM2LTkwMDktZjkzNTVmZDk4YjZi
LzEvVzJjMEl1XzM1QnhlQnRlT1VwOUpIMWtWRF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSncMA0G
CSqGSIb3DQEBCwUAA4IBAQAlXN2nU4UnBwfAi4DuB7U9PHAqTmVJ/j5PuQEFQAe0
c6CsCp0H+Cn73g89os3bNWsjzqIkgNtlwd6aoGa9soJVpWTHzOWLvPLU6DxbBb8R
BaqEumZOlp2zVSP4hgmcx0XQZYjQxjB7aObe70lnBsI6KoKwISHopLFbV+78dJ6j
dTY7Ct73Nck3aaLFuUEyZPsaxstQK7UtJ/KFsv4BEQ5R+EUAL84CfcRrV3MXwrP0
KJLn0v8M1RovmJLhpjHdjvJeieEEmgaBNjlskvE8p7r44f3NKhFy6WDAnM/JPCU/
9P/6HIZx1eEqP/7Zz2N8MhDI8qyt2BndMUN/NzfJ/mHw
-----END CERTIFICATE-----