Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/ciaLEow_VCUI6Y9EhWoOqmPoXlU.roa
File:                     ciaLEow_VCUI6Y9EhWoOqmPoXlU.roa (raw, json)
Hash identifier:          zLk/YXGfjywOQ3dk1p1gUZfr4hKaPMXAYPiXektSHXI=
Subject key identifier:   72:26:8B:12:8C:3F:54:25:08:E9:8F:44:85:6A:0E:AA:63:E8:5E:55
Certificate issuer:       /CN=5fa4d80464978f6ebfba95f745a3305726f72d93
Certificate serial:       018CC7952010AEAA57192848971F31CB4745
Authority key identifier: 5F:A4:D8:04:64:97:8F:6E:BF:BA:95:F7:45:A3:30:57:26:F7:2D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X6TYBGSXj26_upX3RaMwVyb3LZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/ciaLEow_VCUI6Y9EhWoOqmPoXlU.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5542
IP address blocks:        185.123.211.0/24 maxlen: 24
                          185.123.208.0/24 maxlen: 24
                          185.123.210.0/24 maxlen: 24
                          185.123.209.0/24 maxlen: 24
                          185.123.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/X6TYBGSXj26_upX3RaMwVyb3LZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/X6TYBGSXj26_upX3RaMwVyb3LZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X6TYBGSXj26_upX3RaMwVyb3LZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:20:10:ae:aa:57:19:28:48:97:1f:31:cb:47:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fa4d80464978f6ebfba95f745a3305726f72d93
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72268b128c3f542508e98f44856a0eaa63e85e55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0c:5c:c8:91:3d:e5:a7:0e:32:70:35:73:83:
                    e1:e4:62:32:f1:cb:c8:5c:e6:c3:b6:ac:a6:e0:e1:
                    26:27:f7:a0:22:c8:c7:e4:f5:17:86:98:e7:2c:66:
                    2b:fe:4d:c9:03:9b:d7:a7:e8:c4:ad:d7:dd:16:71:
                    05:d1:45:9f:62:14:86:67:85:6f:88:d4:5e:82:17:
                    ba:f0:d1:1a:a2:a8:75:0d:08:ac:e4:90:20:22:fa:
                    5b:9a:3a:b0:99:f1:c4:bf:d8:2a:55:4a:8a:40:17:
                    36:01:0f:74:c5:21:ce:67:23:d7:20:99:52:8a:6e:
                    69:b3:4f:90:20:c7:c2:0e:16:2b:41:97:a4:ca:3f:
                    33:1c:b3:8f:f3:37:4f:eb:46:9a:11:d9:8c:2a:6b:
                    a9:b6:3f:d6:f4:ab:d7:f0:ce:c7:16:5c:8c:1b:83:
                    d5:0b:38:7e:64:f5:b4:25:62:a4:d4:f3:09:7b:68:
                    1d:b0:3e:35:8f:27:57:37:7f:26:8c:ad:c2:a9:2f:
                    38:4e:1a:34:6c:55:11:2d:69:82:41:ea:c6:6d:eb:
                    25:e0:55:65:82:2c:15:5a:56:0f:2c:70:6e:f4:06:
                    a1:50:77:56:6e:77:07:f1:b6:e2:97:69:f0:0c:35:
                    42:f4:92:fc:4f:2c:e0:2e:01:9a:49:31:8c:2a:20:
                    69:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:26:8B:12:8C:3F:54:25:08:E9:8F:44:85:6A:0E:AA:63:E8:5E:55
            X509v3 Authority Key Identifier:
                keyid:5F:A4:D8:04:64:97:8F:6E:BF:BA:95:F7:45:A3:30:57:26:F7:2D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X6TYBGSXj26_upX3RaMwVyb3LZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/ciaLEow_VCUI6Y9EhWoOqmPoXlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e050b4-9ba0-4e85-9d76-4fa6242b8a3a/1/X6TYBGSXj26_upX3RaMwVyb3LZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:bb:50:3b:8d:bd:03:c0:de:a6:71:bd:29:02:49:16:94:73:
         5d:15:0c:71:55:3a:85:aa:36:68:c8:d1:f8:11:87:fc:48:a3:
         35:f8:c1:95:d9:d0:ed:3e:fe:6c:23:44:cf:2c:d3:e4:3d:04:
         44:64:9d:c1:ef:ba:93:e1:1f:7a:de:a1:6f:54:b1:2a:d6:ce:
         ac:41:5b:d0:3e:86:60:7d:f7:5b:2b:3f:73:0b:de:60:6d:a5:
         d1:73:f8:61:ad:7a:24:ab:02:e6:1d:44:dc:9c:ef:92:45:fd:
         cd:d2:85:ef:70:d6:2a:21:0e:9f:bd:68:2f:52:33:6e:93:91:
         03:cd:5a:d4:bc:ee:52:6b:8a:d9:73:46:e1:e8:7b:f7:d6:20:
         c2:73:2f:d7:41:4e:f0:d0:b3:b9:e3:75:43:0d:1c:b9:eb:19:
         b9:d1:88:dc:52:1a:e6:af:14:8c:87:bb:1e:e4:34:e4:e9:a8:
         68:9e:43:95:6d:7f:33:91:3a:25:6e:47:df:d5:57:20:6c:44:
         20:71:4f:7e:d7:40:f1:42:a8:75:b4:a7:92:95:49:9f:03:e1:
         f2:42:1b:9f:f2:c0:05:d5:59:51:10:ab:58:64:c9:5c:ba:b1:
         c8:8a:c0:5f:b1:b7:fe:0a:c0:1c:eb:48:86:e2:94:0f:19:6d:
         56:90:8c:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSAQrqpXGShIlx8xy0dFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYTRkODA0NjQ5NzhmNmViZmJhOTVmNzQ1YTMzMDU3MjZm
NzJkOTMwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI2OGIxMjhjM2Y1NDI1MDhlOThmNDQ4NTZhMGVhYTYzZTg1ZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwxcyJE95acOMnA1c4Ph5GIy8cvI
XObDtqym4OEmJ/egIsjH5PUXhpjnLGYr/k3JA5vXp+jErdfdFnEF0UWfYhSGZ4Vv
iNReghe68NEaoqh1DQis5JAgIvpbmjqwmfHEv9gqVUqKQBc2AQ90xSHOZyPXIJlS
im5ps0+QIMfCDhYrQZekyj8zHLOP8zdP60aaEdmMKmuptj/W9KvX8M7HFlyMG4PV
Czh+ZPW0JWKk1PMJe2gdsD41jydXN38mjK3CqS84Tho0bFURLWmCQerGbesl4FVl
giwVWlYPLHBu9AahUHdWbncH8bbil2nwDDVC9JL8TyzgLgGaSTGMKiBpKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHImixKMP1QlCOmPRIVqDqpj6F5VMB8GA1UdIwQY
MBaAFF+k2ARkl49uv7qV90WjMFcm9y2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDZUWUJHU1hqMjZfdXBYM1JhTXdWeWIzTFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMDUwYjQtOWJhMC00ZTg1LTlkNzYt
NGZhNjI0MmI4YTNhLzEvY2lhTEVvd19WQ1VJNlk5RWhXb09xbVBvWGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMDUwYjQtOWJhMC00ZTg1LTlkNzYtNGZhNjI0MmI4YTNh
LzEvWDZUWUJHU1hqMjZfdXBYM1JhTXdWeWIzTFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXvQMA0G
CSqGSIb3DQEBCwUAA4IBAQAfu1A7jb0DwN6mcb0pAkkWlHNdFQxxVTqFqjZoyNH4
EYf8SKM1+MGV2dDtPv5sI0TPLNPkPQREZJ3B77qT4R963qFvVLEq1s6sQVvQPoZg
ffdbKz9zC95gbaXRc/hhrXokqwLmHUTcnO+SRf3N0oXvcNYqIQ6fvWgvUjNuk5ED
zVrUvO5Sa4rZc0bh6Hv31iDCcy/XQU7w0LO543VDDRy56xm50YjcUhrmrxSMh7se
5DTk6ahonkOVbX8zkTolbkff1VcgbEQgcU9+10DxQqh1tKeSlUmfA+HyQhuf8sAF
1VlREKtYZMlcurHIisBfsbf+CsAc60iG4pQPGW1WkIxN
-----END CERTIFICATE-----