Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lDZ040VaTiLkvAbi_babrVEbVfg.roa
File:                     lDZ040VaTiLkvAbi_babrVEbVfg.roa (raw, json)
Hash identifier:          UxTMNwjoI/CpWfbe8ToIP3v9JUHko3x39yT9qVTEbak=
Subject key identifier:   94:36:74:E3:45:5A:4E:22:E4:BC:06:E2:FD:B6:9B:AD:51:1B:55:F8
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CF99AC3DF5540A4D81000A1E38B60
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lDZ040VaTiLkvAbi_babrVEbVfg.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205223
IP address blocks:        185.223.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f9:9a:c3:df:55:40:a4:d8:10:00:a1:e3:8b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=943674e3455a4e22e4bc06e2fdb69bad511b55f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0e:73:f3:0e:5b:24:56:01:af:fa:78:5b:97:
                    f0:56:20:43:26:30:75:7c:6e:69:71:8f:7e:bc:ed:
                    09:2c:28:84:34:45:d1:2e:5f:53:e8:b6:ea:05:e1:
                    dd:38:45:09:02:1a:c7:04:a7:59:bb:a9:4e:f2:4b:
                    cc:c0:4b:2d:91:17:89:a1:5d:89:9c:d6:76:40:36:
                    14:77:cc:e1:35:f5:37:94:08:23:0b:98:de:b7:6b:
                    f4:9d:0f:76:ec:4f:06:bf:09:34:11:bb:14:f2:ab:
                    92:e7:84:9b:8b:f8:5e:b2:38:f5:33:1b:55:65:2b:
                    1c:de:65:d2:1f:65:e7:81:4f:ba:b3:da:12:9b:a0:
                    7f:24:db:ab:f7:4c:e5:8b:a3:9d:c0:d0:ba:d1:6d:
                    f5:e2:9f:1e:45:86:ed:94:0a:39:30:d9:09:a2:db:
                    a9:f5:b4:e2:2e:4f:2d:f4:22:b7:5e:f3:23:51:92:
                    09:fb:2b:a8:f1:6d:25:33:f2:74:20:90:53:03:f2:
                    e7:7a:27:b1:95:32:25:4d:73:a0:ee:33:10:61:c2:
                    1f:2b:02:81:72:5e:4c:6f:79:15:f5:f8:53:60:db:
                    dc:38:58:e8:e9:38:c1:7e:35:ff:52:c5:6e:23:0b:
                    56:6d:28:e8:a3:63:f1:a0:10:d6:2e:93:a1:c6:22:
                    98:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:36:74:E3:45:5A:4E:22:E4:BC:06:E2:FD:B6:9B:AD:51:1B:55:F8
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lDZ040VaTiLkvAbi_babrVEbVfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:0f:6b:f1:33:6f:9a:59:fd:4b:6f:0c:40:c6:8c:96:1d:6d:
         57:1f:47:1c:35:c1:2a:e8:b7:ae:97:de:17:3f:d1:19:65:5b:
         ec:63:09:ec:00:4a:59:c2:ba:61:9e:72:47:df:9c:43:0d:95:
         8b:75:50:72:cf:fa:c5:09:f2:7a:0f:25:1a:3d:78:af:90:4f:
         a8:1d:c7:f8:6b:f0:8b:47:58:c2:a1:f2:00:bb:75:02:4f:75:
         26:e1:b7:d3:e0:b8:52:31:fd:e0:b0:a8:19:b2:9a:ab:0c:5b:
         c5:70:f0:6a:59:77:f2:25:9c:c5:0f:08:79:cd:44:f3:6b:b0:
         03:d1:fd:17:db:57:d2:79:b4:0d:88:40:97:e4:87:21:28:00:
         5e:3d:a0:6d:91:12:3e:38:b2:ab:1a:19:70:d6:41:d3:f0:bf:
         2b:91:42:a5:5a:b3:37:57:8a:f3:15:b4:69:d2:73:ec:c4:89:
         c7:1e:ba:b6:f3:5f:57:42:9b:9d:3a:d3:1d:49:0e:94:24:b8:
         07:58:0f:76:2c:f3:cf:8e:74:4e:e3:ef:c9:48:a3:80:8f:71:
         99:8a:90:4c:60:63:10:0d:61:45:51:3f:7f:22:c0:b8:8b:db:
         e6:dc:f6:44:33:cb:89:38:ec:f9:a2:33:60:22:40:fd:4e:21:
         e8:6a:fb:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPmaw99VQKTYEACh44tgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDM2NzRlMzQ1NWE0ZTIyZTRiYzA2ZTJmZGI2OWJhZDUxMWI1NWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug5z8w5bJFYBr/p4W5fwViBDJjB1
fG5pcY9+vO0JLCiENEXRLl9T6LbqBeHdOEUJAhrHBKdZu6lO8kvMwEstkReJoV2J
nNZ2QDYUd8zhNfU3lAgjC5jet2v0nQ927E8Gvwk0EbsU8quS54Sbi/hesjj1MxtV
ZSsc3mXSH2XngU+6s9oSm6B/JNur90zli6OdwNC60W314p8eRYbtlAo5MNkJotup
9bTiLk8t9CK3XvMjUZIJ+yuo8W0lM/J0IJBTA/LneiexlTIlTXOg7jMQYcIfKwKB
cl5Mb3kV9fhTYNvcOFjo6TjBfjX/UsVuIwtWbSjoo2PxoBDWLpOhxiKYmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQ2dONFWk4i5LwG4v22m61RG1X4MB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvbERaMDQwVmFUaUxrdkFiaV9iYWJyVkViVmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud/bMA0G
CSqGSIb3DQEBCwUAA4IBAQCVD2vxM2+aWf1LbwxAxoyWHW1XH0ccNcEq6Leul94X
P9EZZVvsYwnsAEpZwrphnnJH35xDDZWLdVByz/rFCfJ6DyUaPXivkE+oHcf4a/CL
R1jCofIAu3UCT3Um4bfT4LhSMf3gsKgZspqrDFvFcPBqWXfyJZzFDwh5zUTza7AD
0f0X21fSebQNiECX5IchKABePaBtkRI+OLKrGhlw1kHT8L8rkUKlWrM3V4rzFbRp
0nPsxInHHrq2819XQpudOtMdSQ6UJLgHWA92LPPPjnRO4+/JSKOAj3GZipBMYGMQ
DWFFUT9/IsC4i9vm3PZEM8uJOOz5ojNgIkD9TiHoavv5
-----END CERTIFICATE-----