Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/0lAkUHWZ6ou0VC9FN00aa-vgLZU.roa
File:                     0lAkUHWZ6ou0VC9FN00aa-vgLZU.roa (raw, json)
Hash identifier:          tdQ1tLaGTQ7CmfvsiqATF+mMwmkyQIWihDl8I+lOTak=
Subject key identifier:   D2:50:24:50:75:99:EA:8B:B4:54:2F:45:37:4D:1A:6B:EB:E0:2D:95
Certificate issuer:       /CN=258f5a8e295ad1d7b48a1e11958790052b57a253
Certificate serial:       018CC26D639D263EE094332B3E69D47968C3
Authority key identifier: 25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/0lAkUHWZ6ou0VC9FN00aa-vgLZU.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25117
IP address blocks:        185.228.228.0/22 maxlen: 24
                          2a03:7787:fffc::/47 maxlen: 47
                          2a03:7787:fffe::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:9d:26:3e:e0:94:33:2b:3e:69:d4:79:68:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258f5a8e295ad1d7b48a1e11958790052b57a253
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d25024507599ea8bb4542f45374d1a6bebe02d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:71:c1:6d:12:ef:8a:b7:34:ac:b1:ff:50:96:
                    ab:38:db:85:dd:b1:9e:eb:e5:c9:3f:76:18:6a:4c:
                    5c:3d:f5:fa:2f:05:32:c8:1f:31:58:bd:72:47:3d:
                    38:7c:6f:55:b3:df:c1:e7:91:cf:ed:5b:42:75:2e:
                    75:45:93:c1:92:0e:b2:b2:f5:c2:3d:37:ed:bf:76:
                    9d:22:58:73:d0:e7:5e:9a:93:02:a8:a1:f0:7d:87:
                    40:ef:a9:9d:15:7f:22:d7:ba:cd:01:7e:bc:59:11:
                    4f:30:59:82:71:33:2f:e1:b0:f3:09:54:d3:90:0c:
                    be:9d:49:2f:89:b6:7e:8c:5f:42:79:27:13:97:1c:
                    d3:68:2e:88:ba:ee:86:08:3a:31:a2:6e:b5:6e:a9:
                    12:3a:71:89:c4:b8:77:a8:ac:75:0d:e0:a2:2c:7d:
                    ee:22:2e:56:f6:c2:30:db:88:5e:e5:16:fd:25:ad:
                    28:01:53:2e:e1:5b:60:e3:56:29:66:14:56:d1:98:
                    27:21:6a:90:26:95:69:b7:a2:c1:b8:b0:53:ab:9a:
                    0c:8c:a4:a5:a3:c9:69:24:36:ab:32:f5:31:aa:0b:
                    03:32:43:d1:9f:11:ce:74:4a:78:84:c8:1e:5c:1e:
                    d1:da:56:14:01:18:ee:7b:e9:35:8e:fe:fe:c5:3c:
                    02:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:50:24:50:75:99:EA:8B:B4:54:2F:45:37:4D:1A:6B:EB:E0:2D:95
            X509v3 Authority Key Identifier:
                keyid:25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/0lAkUHWZ6ou0VC9FN00aa-vgLZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.228.0/22
                IPv6:
                  2a03:7787:fffc::/46

    Signature Algorithm: sha256WithRSAEncryption
         2a:a4:92:4a:4c:d8:cd:e6:75:16:f9:7c:38:b3:dc:17:70:3b:
         b7:b2:f2:7b:59:ef:fd:45:d9:0c:f2:96:71:7f:bc:1f:ed:2b:
         19:e7:63:26:f7:f8:ba:52:92:0e:4a:7b:70:08:0d:d0:09:ff:
         6d:9b:5d:5f:9f:6c:af:10:bc:56:1b:8d:32:8e:bf:46:78:d3:
         3e:8d:6d:41:a7:92:fd:ee:b1:74:39:dd:43:09:a5:b9:44:b4:
         b8:56:62:ba:90:1a:6e:81:fb:a7:39:2c:b1:d1:a6:89:13:b9:
         89:73:83:78:88:ec:f4:03:92:a5:d6:b1:10:bd:cd:97:62:85:
         40:3b:45:2a:b9:00:15:d2:79:75:e9:1d:ba:91:9d:67:e2:54:
         f1:60:2d:92:d7:67:a4:35:53:6c:f4:8b:89:c7:29:71:71:cf:
         c6:16:ab:9b:66:ab:97:32:c1:14:02:ba:d9:d7:a2:13:ec:f5:
         8f:0f:4b:e1:06:af:fe:98:41:8f:12:fc:db:8e:ed:c8:46:fa:
         55:dd:c1:c6:48:2f:c3:d9:a5:55:79:6c:cb:f2:e3:ff:7d:52:
         ef:a6:d4:19:42:c7:55:4a:4d:94:ea:30:86:d6:ee:a6:ec:a5:
         ca:0f:16:b6:73:fb:93:21:51:00:cb:ee:e5:79:dc:6e:71:48:
         b0:5a:03:dc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbWOdJj7glDMrPmnUeWjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OGY1YThlMjk1YWQxZDdiNDhhMWUxMTk1ODc5MDA1MmI1
N2EyNTMwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUwMjQ1MDc1OTllYThiYjQ1NDJmNDUzNzRkMWE2YmViZTAyZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXHBbRLvirc0rLH/UJarONuF3bGe
6+XJP3YYakxcPfX6LwUyyB8xWL1yRz04fG9Vs9/B55HP7VtCdS51RZPBkg6ysvXC
PTftv3adIlhz0OdempMCqKHwfYdA76mdFX8i17rNAX68WRFPMFmCcTMv4bDzCVTT
kAy+nUkvibZ+jF9CeScTlxzTaC6Iuu6GCDoxom61bqkSOnGJxLh3qKx1DeCiLH3u
Ii5W9sIw24he5Rb9Ja0oAVMu4Vtg41YpZhRW0ZgnIWqQJpVpt6LBuLBTq5oMjKSl
o8lpJDarMvUxqgsDMkPRnxHOdEp4hMgeXB7R2lYUARjue+k1jv7+xTwCoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNJQJFB1meqLtFQvRTdNGmvr4C2VMB8GA1UdIwQY
MBaAFCWPWo4pWtHXtIoeEZWHkAUrV6JTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzkt
NDU4YTI3MzYxNTdhLzEvMGxBa1VIV1o2b3UwVkM5Rk4wMGFhLXZnTFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzktNDU4YTI3MzYxNTdh
LzEvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCueTkMA8E
AgACMAkDBwIqA3eH//wwDQYJKoZIhvcNAQELBQADggEBACqkkkpM2M3mdRb5fDiz
3BdwO7ey8ntZ7/1F2QzylnF/vB/tKxnnYyb3+LpSkg5Ke3AIDdAJ/22bXV+fbK8Q
vFYbjTKOv0Z40z6NbUGnkv3usXQ53UMJpblEtLhWYrqQGm6B+6c5LLHRpokTuYlz
g3iI7PQDkqXWsRC9zZdihUA7RSq5ABXSeXXpHbqRnWfiVPFgLZLXZ6Q1U2z0i4nH
KXFxz8YWq5tmq5cywRQCutnXohPs9Y8PS+EGr/6YQY8S/NuO7chG+lXdwcZIL8PZ
pVV5bMvy4/99Uu+m1BlCx1VKTZTqMIbW7qbspcoPFrZz+5MhUQDL7uV53G5xSLBa
A9w=
-----END CERTIFICATE-----