Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h1JhC3pj6L5H4u9v4rYKFNZZ_DM.roa
File:                     h1JhC3pj6L5H4u9v4rYKFNZZ_DM.roa (raw, json)
Hash identifier:          F/V4CulY/M2rxE7v3eX5GIvTTpmAfWAXMllEF5O80h4=
Subject key identifier:   87:52:61:0B:7A:63:E8:BE:47:E2:EF:6F:E2:B6:0A:14:D6:59:FC:33
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018E4545C85FB59D457D4FC58BC174A41253
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h1JhC3pj6L5H4u9v4rYKFNZZ_DM.roa
Signing time:             Sat 16 Mar 2024 03:19:44 +0000
ROA not before:           Sat 16 Mar 2024 03:19:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        185.126.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:45:45:c8:5f:b5:9d:45:7d:4f:c5:8b:c1:74:a4:12:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Mar 16 03:19:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8752610b7a63e8be47e2ef6fe2b60a14d659fc33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:b9:d7:ec:14:35:4d:b9:4a:cb:46:be:01:
                    00:9d:d6:de:bb:4c:ee:6f:78:25:4a:be:ff:2d:98:
                    59:97:91:86:45:35:e7:c9:70:94:e4:b5:2b:e3:33:
                    b2:8b:bd:07:6b:64:29:be:44:44:01:7a:fd:13:b7:
                    d0:cf:42:24:72:47:ab:da:ef:b4:7b:47:7e:30:b2:
                    71:df:8f:dd:ac:c0:da:4a:ec:a8:30:ad:06:c7:fc:
                    55:4d:47:3c:a0:89:15:9c:c6:32:7a:03:f4:a0:08:
                    aa:6d:29:81:9c:ef:8b:0a:50:a1:60:5b:5c:80:cb:
                    e1:ef:ea:b2:9c:b7:b4:12:a2:9a:8c:d0:bd:54:47:
                    ac:59:f5:1c:62:38:06:9f:81:22:df:d3:c7:61:d3:
                    a5:6b:e7:7f:4e:af:8d:45:cd:2c:51:d4:43:f7:56:
                    59:e2:68:44:a5:65:6a:8c:92:4f:58:28:0f:43:69:
                    17:a9:bc:8c:36:ce:19:7d:87:3a:20:45:6c:81:b1:
                    8a:bd:70:de:eb:02:d5:7d:08:79:a1:b9:c0:76:dc:
                    9b:9b:04:55:b8:bb:a5:c4:68:ec:ea:91:11:f6:20:
                    01:b5:7f:ab:d1:c4:12:de:91:49:c8:b3:3c:8d:2c:
                    c0:89:86:5a:d5:0b:34:a9:a4:a4:64:b1:86:7f:89:
                    45:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:52:61:0B:7A:63:E8:BE:47:E2:EF:6F:E2:B6:0A:14:D6:59:FC:33
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h1JhC3pj6L5H4u9v4rYKFNZZ_DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:87:75:b2:fb:d9:2b:09:93:78:a0:83:18:8d:dc:74:5f:db:
         71:d4:94:ff:4d:c5:b2:f3:b7:db:2d:d3:47:63:02:50:7e:39:
         bb:98:1e:35:97:12:81:7c:f0:bc:23:35:35:5c:8a:08:da:ba:
         c1:40:64:38:0d:8a:f7:12:26:1d:c7:8e:e4:e4:97:75:45:f3:
         90:5a:8b:7f:28:fe:04:c3:9e:21:43:32:62:49:d5:5e:65:55:
         36:01:5e:b8:b1:75:93:7b:6b:67:c9:a0:3b:dc:dd:9e:d2:d4:
         7b:11:97:45:8b:72:fe:24:7c:eb:79:b7:cb:4a:72:cc:19:7b:
         5e:36:58:d1:1a:70:2f:bb:0c:1b:9e:2c:5c:98:82:43:49:41:
         b8:20:2e:bf:18:c4:61:a0:2d:fe:4b:cb:f0:0a:69:a2:99:4c:
         19:1a:d3:2a:8e:0c:b7:3d:d1:b3:54:8c:4f:60:81:36:31:31:
         8a:db:0d:3f:28:2d:da:b4:50:b0:bc:9f:65:3b:4b:f2:ce:25:
         6e:4d:b5:70:04:cd:02:91:08:cf:74:35:ee:78:3b:b1:45:04:
         06:c4:ad:8f:7c:9b:75:6a:4c:07:54:9e:07:11:78:95:55:cb:
         16:7c:41:53:29:68:fa:58:2f:d1:78:33:1c:ae:5e:a2:05:19:
         f3:d7:cf:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5FRchftZ1FfU/Fi8F0pBJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMzE2MDMxOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzUyNjEwYjdhNjNlOGJlNDdlMmVmNmZlMmI2MGExNGQ2NTlmYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrG51+wUNU25SstGvgEAndbeu0zu
b3glSr7/LZhZl5GGRTXnyXCU5LUr4zOyi70Ha2QpvkREAXr9E7fQz0Ikcker2u+0
e0d+MLJx34/drMDaSuyoMK0Gx/xVTUc8oIkVnMYyegP0oAiqbSmBnO+LClChYFtc
gMvh7+qynLe0EqKajNC9VEesWfUcYjgGn4Ei39PHYdOla+d/Tq+NRc0sUdRD91ZZ
4mhEpWVqjJJPWCgPQ2kXqbyMNs4ZfYc6IEVsgbGKvXDe6wLVfQh5obnAdtybmwRV
uLulxGjs6pER9iABtX+r0cQS3pFJyLM8jSzAiYZa1Qs0qaSkZLGGf4lFSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdSYQt6Y+i+R+Lvb+K2ChTWWfwzMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvaDFKaEMzcGo2TDVINHU5djRyWUtGTlpaX0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6eMA0G
CSqGSIb3DQEBCwUAA4IBAQA6h3Wy+9krCZN4oIMYjdx0X9tx1JT/TcWy87fbLdNH
YwJQfjm7mB41lxKBfPC8IzU1XIoI2rrBQGQ4DYr3EiYdx47k5Jd1RfOQWot/KP4E
w54hQzJiSdVeZVU2AV64sXWTe2tnyaA73N2e0tR7EZdFi3L+JHzrebfLSnLMGXte
NljRGnAvuwwbnixcmIJDSUG4IC6/GMRhoC3+S8vwCmmimUwZGtMqjgy3PdGzVIxP
YIE2MTGK2w0/KC3atFCwvJ9lO0vyziVuTbVwBM0CkQjPdDXueDuxRQQGxK2PfJt1
akwHVJ4HEXiVVcsWfEFTKWj6WC/ReDMcrl6iBRnz18/c
-----END CERTIFICATE-----