Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/e5lkd7PpO3gMNP2TJe7iHJVGKi0.roa
File:                     e5lkd7PpO3gMNP2TJe7iHJVGKi0.roa (raw, json)
Hash identifier:          PrBSBUXBi3HY2R4ZEU+x6igxEcqNecYv+sAh1QQ0k18=
Subject key identifier:   7B:99:64:77:B3:E9:3B:78:0C:34:FD:93:25:EE:E2:1C:95:46:2A:2D
Certificate issuer:       /CN=cd57ec4c4025adab88b92074ad46056e9f93099f
Certificate serial:       018CC726E13355028FA6E6A7EFB455488C7C
Authority key identifier: CD:57:EC:4C:40:25:AD:AB:88:B9:20:74:AD:46:05:6E:9F:93:09:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVfsTEAlrauIuSB0rUYFbp-TCZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/e5lkd7PpO3gMNP2TJe7iHJVGKi0.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199391
IP address blocks:        185.38.200.0/24 maxlen: 24
                          185.38.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/zVfsTEAlrauIuSB0rUYFbp-TCZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/zVfsTEAlrauIuSB0rUYFbp-TCZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVfsTEAlrauIuSB0rUYFbp-TCZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e1:33:55:02:8f:a6:e6:a7:ef:b4:55:48:8c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd57ec4c4025adab88b92074ad46056e9f93099f
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b996477b3e93b780c34fd9325eee21c95462a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c4:dd:90:09:d1:e8:0b:33:44:6f:2f:6c:c9:
                    90:33:52:bd:b1:eb:b2:e4:db:ca:c7:f9:d1:7e:42:
                    ae:4b:f6:0d:e6:36:7c:b6:e3:52:3d:51:49:4d:88:
                    27:fc:bc:d7:5d:da:2d:50:bb:a7:52:47:04:2b:12:
                    9c:a4:b2:43:c7:ac:75:08:b4:c6:7c:f7:a3:2f:b7:
                    bb:35:70:08:a0:47:f1:40:90:e5:73:71:ec:c6:a3:
                    e2:90:6c:84:16:48:8c:e9:26:18:f3:b3:d5:8e:a2:
                    db:fa:e8:20:4f:44:0d:e1:62:25:28:08:1f:b8:10:
                    61:fd:6f:eb:f2:68:b3:0a:14:be:e4:92:2b:58:0d:
                    0e:9d:ba:bb:2e:90:77:b7:fb:59:13:c0:4e:47:72:
                    2f:2a:63:b3:42:bf:54:d4:64:4a:c4:d6:86:93:38:
                    fb:3e:af:dd:0f:74:3b:79:e7:1c:36:65:b8:fe:36:
                    37:a6:05:fc:11:38:97:e8:d7:06:37:41:7d:e3:2e:
                    fa:71:d5:96:67:ec:c3:94:80:30:f6:7e:30:19:a4:
                    6d:bb:b9:7d:be:c2:8d:73:f8:48:b4:36:86:6f:28:
                    8d:25:e1:6a:56:91:0e:f7:9d:2e:36:26:47:99:b8:
                    79:e0:b8:c5:a2:ba:08:cf:46:a1:ba:97:65:f0:62:
                    05:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:99:64:77:B3:E9:3B:78:0C:34:FD:93:25:EE:E2:1C:95:46:2A:2D
            X509v3 Authority Key Identifier:
                keyid:CD:57:EC:4C:40:25:AD:AB:88:B9:20:74:AD:46:05:6E:9F:93:09:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVfsTEAlrauIuSB0rUYFbp-TCZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/e5lkd7PpO3gMNP2TJe7iHJVGKi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/02f354-98cd-4325-9fbe-762432fdd4dd/1/zVfsTEAlrauIuSB0rUYFbp-TCZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cf:16:ac:dc:40:0c:6f:62:3a:a0:50:96:13:b1:cf:79:c2:de:
         ae:84:e3:b3:d9:80:56:ce:0f:76:cb:f4:39:92:b7:99:94:d8:
         91:86:0a:03:d0:b1:e5:1d:43:22:f5:93:01:bd:f1:d9:7b:90:
         a7:94:d0:63:58:d1:38:bf:17:e9:39:2e:f7:10:40:3e:e2:44:
         dc:12:ce:d4:29:c0:95:d2:e7:91:5d:6b:aa:ba:fa:b1:08:8f:
         8d:5b:c0:91:39:fd:eb:30:87:1e:4f:be:64:7f:dd:2f:b1:90:
         23:0c:4d:bc:07:98:df:de:b3:c3:c4:23:90:d4:86:6f:18:88:
         6a:7c:3b:d6:3e:13:56:f3:c1:f5:82:8f:02:32:d0:61:8b:21:
         f9:31:8b:77:9a:70:f4:82:61:f1:fd:fc:db:94:80:bd:1d:6a:
         e4:6e:af:9e:02:15:7a:e7:a0:56:36:80:8f:bf:0d:15:61:25:
         8f:b7:46:b5:c6:23:3f:38:e0:17:20:d2:a7:8e:11:cd:3d:06:
         23:25:e8:dc:5f:08:f6:61:94:46:b7:95:4d:1e:26:47:f0:a0:
         db:8e:07:37:2b:35:2c:ac:69:ba:76:97:39:5a:f1:6c:0d:e3:
         b8:62:bb:a1:f6:a8:5e:b7:ee:2f:d0:13:d4:f3:cc:49:37:65:
         b6:92:d4:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuEzVQKPpuan77RVSIx8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTdlYzRjNDAyNWFkYWI4OGI5MjA3NGFkNDYwNTZlOWY5
MzA5OWYwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk5NjQ3N2IzZTkzYjc4MGMzNGZkOTMyNWVlZTIxYzk1NDYyYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMTdkAnR6AszRG8vbMmQM1K9seuy
5NvKx/nRfkKuS/YN5jZ8tuNSPVFJTYgn/LzXXdotULunUkcEKxKcpLJDx6x1CLTG
fPejL7e7NXAIoEfxQJDlc3HsxqPikGyEFkiM6SYY87PVjqLb+uggT0QN4WIlKAgf
uBBh/W/r8mizChS+5JIrWA0Onbq7LpB3t/tZE8BOR3IvKmOzQr9U1GRKxNaGkzj7
Pq/dD3Q7eeccNmW4/jY3pgX8ETiX6NcGN0F94y76cdWWZ+zDlIAw9n4wGaRtu7l9
vsKNc/hItDaGbyiNJeFqVpEO950uNiZHmbh54LjForoIz0ahupdl8GIFgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuZZHez6Tt4DDT9kyXu4hyVRiotMB8GA1UdIwQY
MBaAFM1X7ExAJa2riLkgdK1GBW6fkwmfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZmc1RFQWxyYXVJdVNCMHJVWUZicC1UQ1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wMmYzNTQtOThjZC00MzI1LTlmYmUt
NzYyNDMyZmRkNGRkLzEvZTVsa2Q3UHBPM2dNTlAyVEplN2lISlZHS2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wMmYzNTQtOThjZC00MzI1LTlmYmUtNzYyNDMyZmRkNGRk
LzEvelZmc1RFQWxyYXVJdVNCMHJVWUZicC1UQ1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSbIMA0G
CSqGSIb3DQEBCwUAA4IBAQDPFqzcQAxvYjqgUJYTsc95wt6uhOOz2YBWzg92y/Q5
kreZlNiRhgoD0LHlHUMi9ZMBvfHZe5CnlNBjWNE4vxfpOS73EEA+4kTcEs7UKcCV
0ueRXWuquvqxCI+NW8CROf3rMIceT75kf90vsZAjDE28B5jf3rPDxCOQ1IZvGIhq
fDvWPhNW88H1go8CMtBhiyH5MYt3mnD0gmHx/fzblIC9HWrkbq+eAhV656BWNoCP
vw0VYSWPt0a1xiM/OOAXINKnjhHNPQYjJejcXwj2YZRGt5VNHiZH8KDbjgc3KzUs
rGm6dpc5WvFsDeO4Yruh9qhet+4v0BPU88xJN2W2ktSf
-----END CERTIFICATE-----