Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/dh45Nip8jpW7cAQD_E4wGLTqVuY.roa
File:                     dh45Nip8jpW7cAQD_E4wGLTqVuY.roa (raw, json)
Hash identifier:          8YtCJtK3wevIpZCcnMCxjFM6/zRH9PDcAaMgcPAjEeM=
Subject key identifier:   76:1E:39:36:2A:7C:8E:95:BB:70:04:03:FC:4E:30:18:B4:EA:56:E6
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       018CC86F95A7EA8DAA631FE0DA54D3AB6D08
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/dh45Nip8jpW7cAQD_E4wGLTqVuY.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49870
IP address blocks:        185.224.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:95:a7:ea:8d:aa:63:1f:e0:da:54:d3:ab:6d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761e39362a7c8e95bb700403fc4e3018b4ea56e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5e:4a:c4:75:4b:15:6d:c0:ee:45:cb:2f:92:
                    b1:2d:d5:31:a8:88:6b:ef:7d:cd:7f:ca:c5:21:37:
                    f7:28:bb:ac:56:3f:91:20:c5:2f:93:c3:d5:50:3f:
                    f6:98:eb:23:23:14:12:6d:38:89:47:d3:2a:60:20:
                    88:be:74:ca:ad:3d:4b:4b:2b:ef:a2:ad:7a:ee:bd:
                    f4:8e:6d:df:10:40:7e:71:d9:51:27:6e:dc:6c:12:
                    50:33:36:7c:73:ac:08:ce:59:40:87:8c:b3:cd:ea:
                    b2:ab:2b:36:1b:7b:55:8c:41:86:49:c1:aa:b2:fe:
                    79:3f:2f:9f:91:e7:54:63:d9:dd:d9:e9:d4:fd:d7:
                    f9:0d:e5:5b:a8:aa:22:d1:0e:df:69:2f:26:e9:3b:
                    be:09:91:12:54:74:99:54:3f:93:f1:df:14:ad:ff:
                    79:7c:b4:be:4a:15:a1:8f:9a:17:b9:f7:97:40:8e:
                    81:ba:1e:f9:d1:ca:5c:bb:1f:70:76:3e:1f:4f:f6:
                    fe:bc:d8:3d:da:0e:1a:f3:09:9e:ec:6a:79:18:7d:
                    59:70:db:2c:cf:78:8d:76:b8:ab:d2:a3:94:31:ba:
                    45:2b:57:c5:34:c4:75:db:03:d4:3a:af:29:83:aa:
                    67:b2:7c:e0:09:7a:43:0d:9b:8a:02:51:ac:ad:e1:
                    eb:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1E:39:36:2A:7C:8E:95:BB:70:04:03:FC:4E:30:18:B4:EA:56:E6
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/dh45Nip8jpW7cAQD_E4wGLTqVuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a3:8d:fe:80:ed:02:e1:75:aa:92:66:bd:2b:bc:28:ad:93:
         b1:7a:37:df:c0:b5:8b:a7:7e:76:a7:12:30:11:e3:1f:9f:63:
         c3:87:8d:54:cc:b0:ee:bb:34:98:20:d7:60:09:dd:b0:a4:79:
         bb:01:e0:e7:9f:f4:8d:02:95:f7:d2:81:c1:0e:f3:bf:4a:06:
         23:f4:f2:dd:cd:61:0e:bc:11:e9:f3:5d:99:3f:a1:d5:44:5e:
         0f:dc:63:c7:5e:ee:b2:08:d0:6e:22:9b:6e:04:ab:fe:11:91:
         c8:d6:00:a5:56:36:2d:78:c1:25:3b:68:5e:fc:54:88:99:14:
         18:f3:fd:94:76:c5:47:97:a7:21:49:4f:dd:cb:bc:0c:78:6c:
         98:9b:ca:14:62:47:8a:ea:2d:60:da:2d:5f:1b:db:8a:ec:c8:
         26:7a:26:cc:d1:08:93:39:b9:a0:62:31:b1:68:e3:e3:63:ae:
         4a:fb:0d:2f:54:3d:2a:cd:73:38:13:60:f3:17:07:42:6e:df:
         00:06:ab:1b:21:d7:78:72:d8:bd:32:af:f3:6f:f8:09:b8:f8:
         ff:95:8c:a5:eb:35:9d:52:f8:ee:62:29:f7:55:a1:33:3d:04:
         ff:02:1f:73:cf:a1:91:17:2b:a2:2a:50:e3:57:65:d5:7a:1a:
         d0:07:af:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5Wn6o2qYx/g2lTTq20IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFlMzkzNjJhN2M4ZTk1YmI3MDA0MDNmYzRlMzAxOGI0ZWE1NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF5KxHVLFW3A7kXLL5KxLdUxqIhr
733Nf8rFITf3KLusVj+RIMUvk8PVUD/2mOsjIxQSbTiJR9MqYCCIvnTKrT1LSyvv
oq167r30jm3fEEB+cdlRJ27cbBJQMzZ8c6wIzllAh4yzzeqyqys2G3tVjEGGScGq
sv55Py+fkedUY9nd2enU/df5DeVbqKoi0Q7faS8m6Tu+CZESVHSZVD+T8d8Urf95
fLS+ShWhj5oXufeXQI6Buh750cpcux9wdj4fT/b+vNg92g4a8wme7Gp5GH1ZcNss
z3iNdrir0qOUMbpFK1fFNMR12wPUOq8pg6pnsnzgCXpDDZuKAlGsreHrpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYeOTYqfI6Vu3AEA/xOMBi06lbmMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvZGg0NU5pcDhqcFc3Y0FRRF9FNHdHTFRxVnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueCAMA0G
CSqGSIb3DQEBCwUAA4IBAQA1o43+gO0C4XWqkma9K7worZOxejffwLWLp352pxIw
EeMfn2PDh41UzLDuuzSYINdgCd2wpHm7AeDnn/SNApX30oHBDvO/SgYj9PLdzWEO
vBHp812ZP6HVRF4P3GPHXu6yCNBuIptuBKv+EZHI1gClVjYteMElO2he/FSImRQY
8/2UdsVHl6chSU/dy7wMeGyYm8oUYkeK6i1g2i1fG9uK7MgmeibM0QiTObmgYjGx
aOPjY65K+w0vVD0qzXM4E2DzFwdCbt8ABqsbIdd4cti9Mq/zb/gJuPj/lYyl6zWd
UvjuYin3VaEzPQT/Ah9zz6GRFyuiKlDjV2XVehrQB695
-----END CERTIFICATE-----