Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/RAVrWVAnw_qOVwAr74kc0s3Uwrc.roa
File:                     RAVrWVAnw_qOVwAr74kc0s3Uwrc.roa (raw, json)
Hash identifier:          qm7+Q8wcuXXmvW0nficrN6uQmd8Pj+Ua8GzPSq8HHIw=
Subject key identifier:   44:05:6B:59:50:27:C3:FA:8E:57:00:2B:EF:89:1C:D2:CD:D4:C2:B7
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018DA6FFDADED3E4C694B79E78A50BF52E1C
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/RAVrWVAnw_qOVwAr74kc0s3Uwrc.roa
Signing time:             Wed 14 Feb 2024 09:43:22 +0000
ROA not before:           Wed 14 Feb 2024 09:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35758
IP address blocks:        5.253.186.0/24 maxlen: 24
                          185.114.205.0/24 maxlen: 24
                          185.219.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 10:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:ff:da:de:d3:e4:c6:94:b7:9e:78:a5:0b:f5:2e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Feb 14 09:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44056b595027c3fa8e57002bef891cd2cdd4c2b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:f3:bc:bb:74:da:dc:74:25:c8:db:fa:f7:
                    f6:8e:77:3c:65:5a:c7:6d:27:d7:3e:a4:1f:b4:a6:
                    35:7d:f9:a6:b8:1e:2a:36:67:60:08:29:db:b9:b3:
                    88:83:20:6a:6d:c3:fa:8b:a4:c8:f7:2d:64:5e:45:
                    26:54:26:61:6f:d3:e4:a4:80:d1:6e:ed:e1:0b:db:
                    aa:6d:44:c8:c3:59:f1:66:d2:f5:fe:01:c1:9d:b8:
                    77:88:cc:30:2c:f4:5b:42:8b:46:7e:b8:38:cd:8f:
                    fb:b2:ad:9c:07:74:45:65:6d:bd:04:23:a4:3a:6d:
                    4d:64:51:55:31:e9:66:ba:cf:a6:d8:71:b4:1b:28:
                    4d:69:9f:fb:99:a4:07:82:75:ed:72:5e:c9:1f:a0:
                    13:46:4b:05:00:5e:a9:8b:76:97:56:ed:b3:3d:6b:
                    35:94:06:0c:5c:25:a4:c7:80:c0:0a:36:b1:8f:39:
                    c0:50:01:d4:ac:4c:bc:68:21:a2:76:68:a8:78:98:
                    18:8b:1a:28:80:dd:7b:09:df:b7:ee:0d:3c:c2:2d:
                    69:d8:b1:c2:b7:2e:f7:8c:a6:8e:19:a7:3c:51:17:
                    f4:b2:fa:36:ad:e0:66:75:d2:c8:22:17:97:ca:f1:
                    7f:b0:81:cb:27:3a:c1:8e:f6:52:62:13:b7:f0:1a:
                    a3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:05:6B:59:50:27:C3:FA:8E:57:00:2B:EF:89:1C:D2:CD:D4:C2:B7
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/RAVrWVAnw_qOVwAr74kc0s3Uwrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.186.0/24
                  185.114.205.0/24
                  185.219.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:4e:16:50:b1:ad:dc:c0:cc:ac:b1:26:df:54:3e:59:1b:74:
         d7:8c:1a:13:1f:8b:46:dd:7b:09:e8:ba:4e:19:1a:3d:a1:4a:
         06:cc:0e:da:14:9e:98:50:3e:51:d1:0a:47:44:47:bb:47:cd:
         6b:c3:05:b4:d2:0a:32:34:dd:5c:be:51:ca:04:d5:40:df:e1:
         ca:88:bc:04:f4:f1:e8:27:cd:5b:82:31:92:a1:a2:7e:95:65:
         95:f0:83:42:dd:ac:08:ba:ce:d5:f5:29:19:a1:fc:33:53:13:
         35:a2:1f:ed:14:02:25:dd:db:10:19:53:4b:35:5b:9a:e6:c8:
         c4:9d:a6:e6:69:2f:19:48:47:d2:88:cb:bd:33:99:ea:e8:45:
         bd:30:97:8c:1a:d6:cf:17:ee:2e:cb:a9:b4:cf:32:96:81:1d:
         c8:12:21:7d:85:e3:a5:6f:89:84:38:3e:0d:cc:54:ba:63:70:
         a2:98:d7:f5:95:4f:df:37:e3:c5:68:a9:46:7b:c7:30:9b:a0:
         f2:b7:53:b7:dd:9d:ac:8b:bc:45:b0:b8:8b:a1:d8:a6:f2:ff:
         2b:f2:6a:c0:93:5c:ea:18:61:57:dd:45:e6:41:37:e0:68:06:
         82:cc:63:b5:ca:96:b7:b3:3f:3d:97:5f:fc:09:a4:75:6a:9f:
         51:b0:c5:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2m/9re0+TGlLeeeKUL9S4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMjE0MDk0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDA1NmI1OTUwMjdjM2ZhOGU1NzAwMmJlZjg5MWNkMmNkZDRjMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuHzvLt02tx0Jcjb+vf2jnc8ZVrH
bSfXPqQftKY1ffmmuB4qNmdgCCnbubOIgyBqbcP6i6TI9y1kXkUmVCZhb9PkpIDR
bu3hC9uqbUTIw1nxZtL1/gHBnbh3iMwwLPRbQotGfrg4zY/7sq2cB3RFZW29BCOk
Om1NZFFVMelmus+m2HG0GyhNaZ/7maQHgnXtcl7JH6ATRksFAF6pi3aXVu2zPWs1
lAYMXCWkx4DACjaxjznAUAHUrEy8aCGidmioeJgYixoogN17Cd+37g08wi1p2LHC
ty73jKaOGac8URf0svo2reBmddLIIheXyvF/sIHLJzrBjvZSYhO38BqjIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEQFa1lQJ8P6jlcAK++JHNLN1MK3MB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvUkFWcldWQW53X3FPVndBcjc0a2MwczNVd3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABf26AwQA
uXLNAwQAuduiMA0GCSqGSIb3DQEBCwUAA4IBAQBtThZQsa3cwMyssSbfVD5ZG3TX
jBoTH4tG3XsJ6LpOGRo9oUoGzA7aFJ6YUD5R0QpHREe7R81rwwW00goyNN1cvlHK
BNVA3+HKiLwE9PHoJ81bgjGSoaJ+lWWV8INC3awIus7V9SkZofwzUxM1oh/tFAIl
3dsQGVNLNVua5sjEnabmaS8ZSEfSiMu9M5nq6EW9MJeMGtbPF+4uy6m0zzKWgR3I
EiF9heOlb4mEOD4NzFS6Y3CimNf1lU/fN+PFaKlGe8cwm6Dyt1O33Z2si7xFsLiL
odim8v8r8mrAk1zqGGFX3UXmQTfgaAaCzGO1ypa3sz89l1/8CaR1ap9RsMXI
-----END CERTIFICATE-----