Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/ImUbG56xL64NjmE2g13mjqnkcRg.roa
File:                     ImUbG56xL64NjmE2g13mjqnkcRg.roa (raw, json)
Hash identifier:          cMRDpXpYiT/QflRn/lwc62pGkCMPkA4Un2vEY1m7Gqg=
Subject key identifier:   22:65:1B:1B:9E:B1:2F:AE:0D:8E:61:36:83:5D:E6:8E:A9:E4:71:18
Certificate issuer:       /CN=7319007a28ade0781d312d8d49472db367670416
Certificate serial:       018CC8014DFC8180892328FB7E9183B21F58
Authority key identifier: 73:19:00:7A:28:AD:E0:78:1D:31:2D:8D:49:47:2D:B3:67:67:04:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxkAeiit4HgdMS2NSUcts2dnBBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/ImUbG56xL64NjmE2g13mjqnkcRg.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203980
IP address blocks:        185.253.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/cxkAeiit4HgdMS2NSUcts2dnBBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/cxkAeiit4HgdMS2NSUcts2dnBBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxkAeiit4HgdMS2NSUcts2dnBBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4d:fc:81:80:89:23:28:fb:7e:91:83:b2:1f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7319007a28ade0781d312d8d49472db367670416
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22651b1b9eb12fae0d8e6136835de68ea9e47118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1d:5e:fe:5a:3f:3d:2e:42:de:03:2c:98:3c:
                    58:b3:47:30:35:a0:42:0d:a7:09:c1:8c:ab:fd:7f:
                    6d:df:0a:bb:55:f0:74:de:5f:e9:b9:79:a8:43:96:
                    a7:16:a1:13:ca:b0:a8:5d:14:7a:83:f2:a0:d1:a6:
                    77:5e:c6:bd:0f:e3:c6:f1:7c:eb:3c:ce:1e:c5:f9:
                    74:f4:15:5d:19:a5:3a:e5:f8:0c:87:07:53:54:b2:
                    10:49:ae:63:7f:f2:b5:ba:5f:2e:80:57:fd:0b:aa:
                    72:a0:d7:dc:75:ac:c5:8a:58:4b:92:40:4c:87:71:
                    21:96:e4:20:32:a5:c5:48:60:3a:52:27:6d:27:0b:
                    90:05:5a:bf:5d:c9:e1:69:2e:f4:26:72:54:4b:c3:
                    d9:cf:df:b5:7f:46:e8:89:49:e7:f8:23:14:40:f4:
                    13:34:32:fd:8f:14:92:86:0c:e0:1b:8e:8c:f7:32:
                    18:66:7d:d4:1a:83:64:e9:a7:4f:ef:f9:08:07:6d:
                    75:a4:06:bd:b5:69:c9:26:c8:aa:02:42:09:d9:07:
                    2c:94:6e:a0:25:a0:9c:44:1a:ac:b4:fd:d7:d1:30:
                    97:59:bc:52:4b:0d:bf:d4:02:87:22:81:a5:94:d6:
                    97:dd:c4:78:92:c9:13:59:c5:8d:2f:59:be:38:50:
                    76:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:65:1B:1B:9E:B1:2F:AE:0D:8E:61:36:83:5D:E6:8E:A9:E4:71:18
            X509v3 Authority Key Identifier:
                keyid:73:19:00:7A:28:AD:E0:78:1D:31:2D:8D:49:47:2D:B3:67:67:04:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxkAeiit4HgdMS2NSUcts2dnBBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/ImUbG56xL64NjmE2g13mjqnkcRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/f8c7e2-3282-4ebb-8508-9f9494966c54/1/cxkAeiit4HgdMS2NSUcts2dnBBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:9e:0c:de:86:54:79:b5:b8:34:ce:7b:09:90:34:0d:8f:f5:
         3b:19:7e:89:12:3a:8c:8f:4a:87:4b:8e:00:f1:ca:ed:ce:0c:
         d1:5b:a6:1c:44:5e:82:35:fc:05:e0:4d:1b:85:d1:cb:de:69:
         e0:dd:0d:98:c7:e0:bb:26:4e:89:90:b7:be:ac:91:e9:d8:12:
         36:91:48:b8:b2:2e:0a:b1:3c:d6:34:4c:9b:54:41:72:c2:01:
         43:0d:82:29:de:87:65:39:88:e4:7b:dc:52:81:ef:cb:8a:d5:
         6c:63:a2:56:8d:a8:92:fe:79:96:12:c1:e5:f3:ca:26:69:19:
         c5:f0:6f:00:d1:ac:7f:6f:fd:9f:63:14:8a:88:b2:9d:3a:8f:
         76:fa:19:8c:96:a5:86:46:50:24:9f:71:aa:79:bd:20:f6:e6:
         ad:30:99:ef:88:df:32:14:4c:db:0b:86:3e:5d:ec:87:33:6a:
         59:c1:78:c6:7b:cf:32:af:c2:f1:20:03:3b:56:9b:f6:11:46:
         c3:b8:e8:6c:82:37:c3:ef:c0:21:55:fb:e9:13:44:99:5d:98:
         33:66:aa:3f:01:a6:ab:6f:a5:6c:3c:f2:26:31:bc:3c:ac:a9:
         ad:c1:74:7b:50:51:9a:a8:d2:75:00:d8:3e:de:cb:16:ff:2a:
         99:f4:0f:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAU38gYCJIyj7fpGDsh9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTkwMDdhMjhhZGUwNzgxZDMxMmQ4ZDQ5NDcyZGIzNjc2
NzA0MTYwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjY1MWIxYjllYjEyZmFlMGQ4ZTYxMzY4MzVkZTY4ZWE5ZTQ3MTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh1e/lo/PS5C3gMsmDxYs0cwNaBC
DacJwYyr/X9t3wq7VfB03l/puXmoQ5anFqETyrCoXRR6g/Kg0aZ3Xsa9D+PG8Xzr
PM4exfl09BVdGaU65fgMhwdTVLIQSa5jf/K1ul8ugFf9C6pyoNfcdazFilhLkkBM
h3EhluQgMqXFSGA6UidtJwuQBVq/XcnhaS70JnJUS8PZz9+1f0boiUnn+CMUQPQT
NDL9jxSShgzgG46M9zIYZn3UGoNk6adP7/kIB211pAa9tWnJJsiqAkIJ2QcslG6g
JaCcRBqstP3X0TCXWbxSSw2/1AKHIoGllNaX3cR4kskTWcWNL1m+OFB2pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJlGxuesS+uDY5hNoNd5o6p5HEYMB8GA1UdIwQY
MBaAFHMZAHooreB4HTEtjUlHLbNnZwQWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hrQWVpaXQ0SGdkTVMyTlNVY3RzMmRuQkJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9mOGM3ZTItMzI4Mi00ZWJiLTg1MDgt
OWY5NDk0OTY2YzU0LzEvSW1VYkc1NnhMNjROam1FMmcxM21qcW5rY1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9mOGM3ZTItMzI4Mi00ZWJiLTg1MDgtOWY5NDk0OTY2YzU0
LzEvY3hrQWVpaXQ0SGdkTVMyTlNVY3RzMmRuQkJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf1KMA0G
CSqGSIb3DQEBCwUAA4IBAQBCngzehlR5tbg0znsJkDQNj/U7GX6JEjqMj0qHS44A
8crtzgzRW6YcRF6CNfwF4E0bhdHL3mng3Q2Yx+C7Jk6JkLe+rJHp2BI2kUi4si4K
sTzWNEybVEFywgFDDYIp3odlOYjke9xSge/LitVsY6JWjaiS/nmWEsHl88omaRnF
8G8A0ax/b/2fYxSKiLKdOo92+hmMlqWGRlAkn3Gqeb0g9uatMJnviN8yFEzbC4Y+
XeyHM2pZwXjGe88yr8LxIAM7Vpv2EUbDuOhsgjfD78AhVfvpE0SZXZgzZqo/Aaar
b6VsPPImMbw8rKmtwXR7UFGaqNJ1ANg+3ssW/yqZ9A8f
-----END CERTIFICATE-----