Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/xEB9tvgxiGaELBv_1SV4WntHMqc.roa
File:                     xEB9tvgxiGaELBv_1SV4WntHMqc.roa (raw, json)
Hash identifier:          voPIYUdcAHNXJTbGvktTyHHfFk8QvULAMfqsasGnC+k=
Subject key identifier:   C4:40:7D:B6:F8:31:88:66:84:2C:1B:FF:D5:25:78:5A:7B:47:32:A7
Certificate issuer:       /CN=258f5a8e295ad1d7b48a1e11958790052b57a253
Certificate serial:       018CC26D635B8842B7B4D19680C7E8B4DD69
Authority key identifier: 25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/xEB9tvgxiGaELBv_1SV4WntHMqc.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        145.226.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:5b:88:42:b7:b4:d1:96:80:c7:e8:b4:dd:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258f5a8e295ad1d7b48a1e11958790052b57a253
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4407db6f8318866842c1bffd525785a7b4732a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:1a:8d:84:e0:84:80:10:53:1e:bd:5d:82:
                    f2:94:a9:ae:d8:92:f0:48:9e:21:62:38:3d:6b:71:
                    23:5e:fe:86:47:43:02:18:72:b7:a6:e8:d9:42:94:
                    fb:b9:cb:d9:06:f9:23:b2:54:8f:85:0c:51:83:d6:
                    ea:5e:f1:7e:c2:7a:90:4d:a8:51:6e:33:eb:3b:77:
                    38:c4:9d:28:0c:78:62:74:d0:75:fc:27:b2:7b:59:
                    1e:f4:ca:c6:e9:a7:a0:12:51:d3:77:66:31:87:af:
                    00:29:5f:7e:61:17:a8:64:eb:7f:16:0a:9e:e4:e2:
                    f4:68:d1:9f:a9:50:c7:ec:d5:e8:df:e6:ef:92:f3:
                    2f:ca:9b:4f:18:4d:3b:3d:47:b8:8f:4e:f3:fd:55:
                    ea:15:b3:6c:25:99:a4:94:50:66:d7:51:0f:a8:3f:
                    a8:b7:31:87:4f:25:5e:ba:a1:31:85:3c:2c:84:35:
                    92:21:77:51:27:7f:7e:1c:69:e0:2d:30:74:38:02:
                    1f:69:13:c5:4c:16:ee:9e:fc:98:6a:b3:5b:62:f1:
                    cd:0e:94:94:b5:52:98:0f:31:69:47:5d:c2:bb:42:
                    b1:57:fc:b0:ac:1a:98:d2:6a:ff:8a:a5:aa:89:67:
                    54:6d:66:b9:d0:26:45:5c:4b:b9:4d:1c:24:b1:83:
                    da:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:40:7D:B6:F8:31:88:66:84:2C:1B:FF:D5:25:78:5A:7B:47:32:A7
            X509v3 Authority Key Identifier:
                keyid:25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/xEB9tvgxiGaELBv_1SV4WntHMqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         29:b7:b3:f6:8f:b4:e2:9f:fd:27:60:8e:eb:8b:d0:ba:10:d5:
         3e:a1:53:82:0f:05:f8:71:07:fe:f8:45:7e:da:04:88:ab:82:
         ca:f5:3c:da:77:4b:05:54:47:4c:42:b8:58:f8:e5:08:d5:73:
         94:10:6e:4a:1e:fd:ee:28:6d:c5:da:3b:a3:de:24:e7:af:75:
         6d:ec:cc:13:55:d2:19:c3:88:51:34:e5:df:a0:11:36:42:95:
         be:d3:a9:36:e2:ef:1c:a2:b8:82:b2:49:e4:c7:65:a9:5d:42:
         0c:69:a2:d4:7d:42:05:15:41:a7:b6:6f:56:f2:55:3e:3b:77:
         8a:b9:88:91:ba:c8:34:00:37:bc:e7:7d:f3:53:f9:1b:94:ee:
         5b:2f:70:6b:99:6b:ef:de:95:e7:b9:e6:c6:df:81:5e:2d:c1:
         3c:ad:16:0c:70:03:6b:59:ad:2f:5b:33:2e:e2:3e:6e:ef:30:
         1e:8a:80:9c:99:6d:54:6d:a5:00:00:07:87:c9:ee:ef:a0:a8:
         16:07:98:48:4f:13:b0:8a:e6:8d:73:e3:f8:eb:5d:03:09:3e:
         a4:37:2c:67:a9:6b:f1:2a:a8:f5:6c:4a:83:4d:e6:6e:97:08:
         f0:66:a4:48:3f:0c:6b:66:e1:a6:12:d8:b1:98:fa:92:be:66:
         f7:68:ca:51
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbWNbiEK3tNGWgMfotN1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OGY1YThlMjk1YWQxZDdiNDhhMWUxMTk1ODc5MDA1MmI1
N2EyNTMwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQwN2RiNmY4MzE4ODY2ODQyYzFiZmZkNTI1Nzg1YTdiNDczMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk60ajYTghIAQUx69XYLylKmu2JLw
SJ4hYjg9a3EjXv6GR0MCGHK3pujZQpT7ucvZBvkjslSPhQxRg9bqXvF+wnqQTahR
bjPrO3c4xJ0oDHhidNB1/Ceye1ke9MrG6aegElHTd2Yxh68AKV9+YReoZOt/Fgqe
5OL0aNGfqVDH7NXo3+bvkvMvyptPGE07PUe4j07z/VXqFbNsJZmklFBm11EPqD+o
tzGHTyVeuqExhTwshDWSIXdRJ39+HGngLTB0OAIfaRPFTBbunvyYarNbYvHNDpSU
tVKYDzFpR13Cu0KxV/ywrBqY0mr/iqWqiWdUbWa50CZFXEu5TRwksYPauwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMRAfbb4MYhmhCwb/9UleFp7RzKnMB8GA1UdIwQY
MBaAFCWPWo4pWtHXtIoeEZWHkAUrV6JTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzkt
NDU4YTI3MzYxNTdhLzEveEVCOXR2Z3hpR2FFTEJ2XzFTVjRXbnRITXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzktNDU4YTI3MzYxNTdh
LzEvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkeIwDQYJ
KoZIhvcNAQELBQADggEBACm3s/aPtOKf/SdgjuuL0LoQ1T6hU4IPBfhxB/74RX7a
BIirgsr1PNp3SwVUR0xCuFj45QjVc5QQbkoe/e4obcXaO6PeJOevdW3szBNV0hnD
iFE05d+gETZClb7TqTbi7xyiuIKySeTHZaldQgxpotR9QgUVQae2b1byVT47d4q5
iJG6yDQAN7znffNT+RuU7lsvcGuZa+/elee55sbfgV4twTytFgxwA2tZrS9bMy7i
Pm7vMB6KgJyZbVRtpQAAB4fJ7u+gqBYHmEhPE7CK5o1z4/jrXQMJPqQ3LGepa/Eq
qPVsSoNN5m6XCPBmpEg/DGtm4aYS2LGY+pK+ZvdoylE=
-----END CERTIFICATE-----