Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/X8vVkxJdPa8daoli7T8aIF4BKM8.roa
File:                     X8vVkxJdPa8daoli7T8aIF4BKM8.roa (raw, json)
Hash identifier:          QMB1riFVzpqqGebUqUFLfr1qrb0YLmF4t16TVVGc6b8=
Subject key identifier:   5F:CB:D5:93:12:5D:3D:AF:1D:6A:89:62:ED:3F:1A:20:5E:01:28:CF
Certificate issuer:       /CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
Certificate serial:       018CC2DAB5E0D990F4C9C6BBE3EFCBD4868F
Authority key identifier: 78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/X8vVkxJdPa8daoli7T8aIF4BKM8.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5505
IP address blocks:        185.210.226.0/24 maxlen: 24
                          185.210.225.0/24 maxlen: 24
                          185.210.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b5:e0:d9:90:f4:c9:c6:bb:e3:ef:cb:d4:86:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fcbd593125d3daf1d6a8962ed3f1a205e0128cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:2d:27:32:e2:d5:cb:43:a7:c1:46:15:df:
                    a0:c1:6d:9b:5b:94:e5:5f:ad:47:1b:75:ce:71:e5:
                    07:5b:cd:82:ae:11:ac:da:39:7d:57:60:f4:89:4a:
                    78:92:0d:e8:02:f1:45:06:c0:2f:b6:17:b6:45:0f:
                    b6:5b:67:db:7d:f0:4f:99:d6:81:8f:4f:7c:88:b1:
                    c9:e3:bb:4a:4a:32:ce:5e:da:09:b2:c8:29:9c:a9:
                    bf:8d:67:74:97:b5:57:e1:d3:c6:15:38:11:4a:9e:
                    fb:71:4e:fd:4a:8e:52:e3:aa:40:a1:3c:8e:6a:5f:
                    80:7f:5b:49:46:6b:0a:4a:be:9b:37:76:1b:c7:36:
                    21:dd:92:af:a2:aa:8f:c5:c4:8e:fe:ee:4b:13:cf:
                    c7:7f:5b:3f:71:fe:28:d0:4a:82:af:e8:59:d0:2f:
                    65:15:e1:f3:65:ac:f6:c7:e4:6f:61:ea:9d:6d:5e:
                    7f:83:80:bc:e1:37:09:c9:22:5b:19:af:91:91:42:
                    70:ff:07:fa:c0:24:df:32:fe:9f:3d:67:17:f8:0f:
                    46:34:9c:d3:14:9a:3d:e7:b3:7d:23:e0:f9:06:74:
                    00:29:a0:9a:6d:89:17:73:0d:b6:fe:59:63:b9:a5:
                    f3:8c:68:e2:9b:73:f0:5d:a2:12:2d:21:cc:6f:e9:
                    11:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:CB:D5:93:12:5D:3D:AF:1D:6A:89:62:ED:3F:1A:20:5E:01:28:CF
            X509v3 Authority Key Identifier:
                keyid:78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/X8vVkxJdPa8daoli7T8aIF4BKM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.225.0-185.210.227.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:c9:43:bb:c1:8f:90:0b:b5:ac:71:ff:6e:3e:97:8f:55:66:
         68:cb:18:a7:cc:be:35:71:9b:2b:97:13:25:ed:a0:77:0d:5a:
         69:86:31:c2:5b:9e:0b:c8:f7:21:1d:41:ac:0f:ba:c3:1a:a9:
         e8:12:70:45:8c:c7:fd:94:ca:8b:4d:5b:50:b9:66:ba:bd:af:
         b7:62:e5:b0:09:07:c7:56:10:2e:14:65:38:e6:01:47:4e:ba:
         17:fd:37:10:8d:86:77:b2:c6:ff:ec:7f:05:4a:ac:d1:aa:70:
         e6:6d:02:f1:53:07:17:2b:04:4a:1c:8d:93:7c:cf:32:69:77:
         7e:55:f0:20:7f:4e:69:bd:2c:58:d8:ba:1b:b3:6b:79:77:46:
         9e:a7:f5:43:22:76:c0:b1:73:e3:bc:e3:3a:45:6c:a8:9b:1e:
         62:d8:0c:79:27:ee:ed:43:72:06:ea:98:ac:c7:29:0e:36:94:
         22:da:83:41:84:b5:3a:90:0e:53:e9:d6:0c:e9:1b:d1:95:2e:
         f3:7a:b4:a4:46:b9:88:19:77:cd:d6:bf:db:63:ee:b3:ef:1e:
         08:68:3c:a9:99:3d:97:60:9d:91:b8:0d:7c:2f:f4:94:05:0a:
         27:6b:26:d7:04:c2:3e:29:c4:46:fd:80:5f:fc:62:37:2c:2b:
         3b:42:40:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2rXg2ZD0yca74+/L1IaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZGMzYzZhYjRhZmJhODY0YmEwZDRmZGIwOWU2ZjBlYjA2
ZjQzZmEwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmNiZDU5MzEyNWQzZGFmMWQ2YTg5NjJlZDNmMWEyMDVlMDEyOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWAtJzLi1ctDp8FGFd+gwW2bW5Tl
X61HG3XOceUHW82CrhGs2jl9V2D0iUp4kg3oAvFFBsAvthe2RQ+2W2fbffBPmdaB
j098iLHJ47tKSjLOXtoJssgpnKm/jWd0l7VX4dPGFTgRSp77cU79So5S46pAoTyO
al+Af1tJRmsKSr6bN3YbxzYh3ZKvoqqPxcSO/u5LE8/Hf1s/cf4o0EqCr+hZ0C9l
FeHzZaz2x+RvYeqdbV5/g4C84TcJySJbGa+RkUJw/wf6wCTfMv6fPWcX+A9GNJzT
FJo957N9I+D5BnQAKaCabYkXcw22/lljuaXzjGjim3PwXaISLSHMb+kRRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF/L1ZMSXT2vHWqJYu0/GiBeASjPMB8GA1UdIwQY
MBaAFHjcPGq0r7qGS6DU/bCebw6wb0P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMt
OWVlNzY1ODNjNzFhLzEvWDh2Vmt4SmRQYThkYW9saTdUOGFJRjRCS004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMtOWVlNzY1ODNjNzFh
LzEvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC50uED
BAK50uAwDQYJKoZIhvcNAQELBQADggEBAFvJQ7vBj5ALtaxx/24+l49VZmjLGKfM
vjVxmyuXEyXtoHcNWmmGMcJbngvI9yEdQawPusMaqegScEWMx/2UyotNW1C5Zrq9
r7di5bAJB8dWEC4UZTjmAUdOuhf9NxCNhneyxv/sfwVKrNGqcOZtAvFTBxcrBEoc
jZN8zzJpd35V8CB/Tmm9LFjYuhuza3l3Rp6n9UMidsCxc+O84zpFbKibHmLYDHkn
7u1DcgbqmKzHKQ42lCLag0GEtTqQDlPp1gzpG9GVLvN6tKRGuYgZd83Wv9tj7rPv
HghoPKmZPZdgnZG4DXwv9JQFCidrJtcEwj4pxEb9gF/8YjcsKztCQB0=
-----END CERTIFICATE-----