Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/cv5QsCgAg8wRk7x9ZvO5tx-Vt7U.roa
File:                     cv5QsCgAg8wRk7x9ZvO5tx-Vt7U.roa (raw, json)
Hash identifier:          GQLFLaufmoXEcgOMwCMq7qgmmmzC3q73v2wAfgusvpA=
Subject key identifier:   72:FE:50:B0:28:00:83:CC:11:93:BC:7D:66:F3:B9:B7:1F:95:B7:B5
Certificate issuer:       /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial:       018CC5DC87F0BE75BD4BFCADB4132468D8F1
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/cv5QsCgAg8wRk7x9ZvO5tx-Vt7U.roa
Signing time:             Mon 01 Jan 2024 16:30:13 +0000
ROA not before:           Mon 01 Jan 2024 16:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203905
IP address blocks:        185.33.169.0/24 maxlen: 24
                          185.33.170.0/24 maxlen: 24
                          2a00:6ba0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:87:f0:be:75:bd:4b:fc:ad:b4:13:24:68:d8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
        Validity
            Not Before: Jan  1 16:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72fe50b0280083cc1193bc7d66f3b9b71f95b7b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:92:7c:0a:52:26:4a:18:3a:d0:82:1d:3d:1d:
                    88:66:36:77:0e:f3:90:1d:f2:84:ad:14:4d:18:9f:
                    74:1f:1c:be:54:6e:65:03:13:45:63:6e:79:19:60:
                    2e:bf:21:7d:38:70:86:29:65:f3:a5:2b:bb:cc:5f:
                    5a:5d:eb:9e:de:08:b7:4b:b5:6a:40:c3:c6:fa:af:
                    8e:25:66:72:09:42:9b:8b:02:68:32:89:05:96:8b:
                    01:2e:23:10:d3:94:65:69:ce:ce:f2:a7:37:5d:cd:
                    3d:06:dc:1f:84:cd:07:59:97:6c:1b:e0:18:15:ad:
                    89:bb:02:2d:7c:ed:e8:0e:94:2e:04:e8:d0:6d:f4:
                    3c:2f:05:a4:10:87:0a:09:f9:f9:ca:00:79:c9:fc:
                    c7:d5:4a:17:24:3f:8f:f9:05:0f:d5:8c:0f:4d:39:
                    e8:9b:81:b2:71:6a:1d:b3:71:cf:02:77:00:93:a9:
                    53:2b:c4:3c:74:cb:69:3f:d1:8c:f2:62:7c:58:ca:
                    c8:1b:03:4a:d9:d3:5f:a1:b7:94:7e:f1:5a:7a:c4:
                    ab:ac:cb:eb:9d:d2:2f:43:ad:16:68:1c:09:84:32:
                    8b:4e:f4:56:60:7c:71:52:d2:6f:8d:c7:0c:1f:f9:
                    eb:79:5c:09:38:af:0b:d8:58:5d:93:96:a8:93:06:
                    21:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FE:50:B0:28:00:83:CC:11:93:BC:7D:66:F3:B9:B7:1F:95:B7:B5
            X509v3 Authority Key Identifier:
                keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/cv5QsCgAg8wRk7x9ZvO5tx-Vt7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.169.0-185.33.170.255
                IPv6:
                  2a00:6ba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:39:0f:b1:68:e9:38:2a:e6:cf:df:c6:f8:4d:3e:12:b2:fc:
         72:33:81:cb:23:46:50:f4:09:d2:8e:0a:3b:ef:3f:4a:16:7e:
         e1:66:a3:5a:e3:78:47:1e:2f:c0:3d:55:5c:90:a5:d9:f7:89:
         0b:21:a8:84:2a:28:8d:e0:1c:cf:58:1b:dc:12:8c:18:88:d6:
         de:ad:8d:b4:bc:f7:38:08:5c:4b:a6:4b:44:82:f6:63:35:d6:
         02:5e:33:de:92:14:a2:a4:11:7f:c9:d2:39:9a:d7:2e:98:e0:
         a7:f9:25:60:a3:29:6e:52:1f:88:16:ff:df:80:29:01:1d:54:
         0c:7d:b8:3e:36:ea:40:1e:99:21:80:bc:f7:84:3e:9f:5b:bc:
         71:4e:dd:0d:14:38:a8:9c:c9:8f:1b:d7:b9:d9:80:e6:3e:35:
         0d:66:8f:11:6a:77:21:ee:08:d9:7b:86:16:31:fc:5e:40:7c:
         7a:e3:4d:c9:ae:df:f0:29:8b:b8:b0:d3:d9:07:c1:4c:40:69:
         2e:bd:3b:88:5c:51:ef:c1:e8:ba:a0:cc:be:dd:7c:29:ed:97:
         97:4f:2f:57:f3:87:4e:10:3a:44:44:1d:f4:24:a8:e9:6b:94:
         ca:83:d2:f4:00:3e:d8:19:b2:35:52:62:40:76:e6:78:09:b4:
         6b:55:a0:e7
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3IfwvnW9S/yttBMkaNjxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4Y2EzZjM4ZDhlNWEzMDFlYWY2OTI0YjkyNGZlOGY1N2Fh
YzY5MGQwHhcNMjQwMTAxMTYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmZlNTBiMDI4MDA4M2NjMTE5M2JjN2Q2NmYzYjliNzFmOTViN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZJ8ClImShg60IIdPR2IZjZ3DvOQ
HfKErRRNGJ90Hxy+VG5lAxNFY255GWAuvyF9OHCGKWXzpSu7zF9aXeue3gi3S7Vq
QMPG+q+OJWZyCUKbiwJoMokFlosBLiMQ05Rlac7O8qc3Xc09BtwfhM0HWZdsG+AY
Fa2JuwItfO3oDpQuBOjQbfQ8LwWkEIcKCfn5ygB5yfzH1UoXJD+P+QUP1YwPTTno
m4GycWods3HPAncAk6lTK8Q8dMtpP9GM8mJ8WMrIGwNK2dNfobeUfvFaesSrrMvr
ndIvQ60WaBwJhDKLTvRWYHxxUtJvjccMH/nreVwJOK8L2Fhdk5aokwYhrwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHL+ULAoAIPMEZO8fWbzubcflbe1MB8GA1UdIwQY
MBaAFDjKPzjY5aMB6vaSS5JP6PV6rGkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODIt
NzEyZmE2NWEyNWJhLzEvY3Y1UXNDZ0FnOHdSazd4OVp2TzV0eC1WdDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODItNzEyZmE2NWEyNWJh
LzEvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAC5IakD
BAC5IaowDQQCAAIwBwMFACoAa6AwDQYJKoZIhvcNAQELBQADggEBAEE5D7Fo6Tgq
5s/fxvhNPhKy/HIzgcsjRlD0CdKOCjvvP0oWfuFmo1rjeEceL8A9VVyQpdn3iQsh
qIQqKI3gHM9YG9wSjBiI1t6tjbS89zgIXEumS0SC9mM11gJeM96SFKKkEX/J0jma
1y6Y4Kf5JWCjKW5SH4gW/9+AKQEdVAx9uD426kAemSGAvPeEPp9bvHFO3Q0UOKic
yY8b17nZgOY+NQ1mjxFqdyHuCNl7hhYx/F5AfHrjTcmu3/Api7iw09kHwUxAaS69
O4hcUe/B6LqgzL7dfCntl5dPL1fzh04QOkREHfQkqOlrlMqD0vQAPtgZsjVSYkB2
5ngJtGtVoOc=
-----END CERTIFICATE-----