Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/f-aK3lfa-UR4nytxi7y8u4V1Oh4.roa
File:                     f-aK3lfa-UR4nytxi7y8u4V1Oh4.roa (raw, json)
Hash identifier:          Uo01SR0rkQjHhmn1cbPkD2ri+4fn/LW6PhKJ7bRZtEY=
Subject key identifier:   7F:E6:8A:DE:57:DA:F9:44:78:9F:2B:71:8B:BC:BC:BB:85:75:3A:1E
Certificate issuer:       /CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
Certificate serial:       018F1074EA5C07115D623068AA26F8790537
Authority key identifier: 0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/f-aK3lfa-UR4nytxi7y8u4V1Oh4.roa
Signing time:             Wed 24 Apr 2024 14:14:08 +0000
ROA not before:           Wed 24 Apr 2024 14:14:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.97.224.0/24 maxlen: 24
                          185.97.225.0/24 maxlen: 24
                          185.97.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:74:ea:5c:07:11:5d:62:30:68:aa:26:f8:79:05:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d9302d546e068c2fd7677d9d5200add36c8bcd5
        Validity
            Not Before: Apr 24 14:14:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fe68ade57daf944789f2b718bbcbcbb85753a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bc:5e:e6:60:18:15:d8:b0:37:26:d8:24:67:
                    61:8f:09:3b:19:2f:b2:29:e4:5b:a8:45:54:1f:6f:
                    13:c1:7b:8f:3b:92:e7:40:e4:f7:cf:d1:18:e7:cf:
                    88:2f:18:03:09:24:e7:b2:42:66:37:b2:6c:29:65:
                    d5:c0:33:d0:13:29:d5:db:aa:5a:de:3d:55:70:3d:
                    88:84:1f:4a:80:65:53:6d:64:19:32:95:17:bc:c2:
                    1e:6f:30:4e:3c:24:8c:06:9c:13:42:dd:e7:c3:25:
                    5d:d7:84:5d:90:d2:88:b4:59:9d:33:0e:d1:98:29:
                    83:23:8c:e4:aa:af:57:d5:5d:ad:f5:27:53:be:fa:
                    0d:83:6c:85:37:a8:d0:8d:ed:96:6f:e8:6a:a8:93:
                    1b:0d:f0:26:7f:b5:56:1b:42:06:ea:08:78:40:79:
                    e3:fe:1c:91:32:9f:71:2a:69:c4:68:59:31:92:75:
                    6e:e8:de:37:ea:ce:8f:72:45:a7:5e:d9:cc:21:a0:
                    0a:17:a0:ac:5f:fc:ff:35:9f:f8:7b:3f:d6:49:d8:
                    f8:5d:e4:76:1a:e5:e2:75:ca:91:6c:6b:25:30:52:
                    33:3a:68:03:ca:64:12:f1:b6:53:e0:23:49:db:cf:
                    a0:ca:76:1f:11:9f:b4:b1:6b:60:ae:10:60:0c:cb:
                    f0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:E6:8A:DE:57:DA:F9:44:78:9F:2B:71:8B:BC:BC:BB:85:75:3A:1E
            X509v3 Authority Key Identifier:
                keyid:0D:93:02:D5:46:E0:68:C2:FD:76:77:D9:D5:20:0A:DD:36:C8:BC:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DZMC1UbgaML9dnfZ1SAK3TbIvNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/f-aK3lfa-UR4nytxi7y8u4V1Oh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/010161-b840-4497-afbe-4bef43d3fb17/1/DZMC1UbgaML9dnfZ1SAK3TbIvNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.224.0-185.97.226.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:bc:f5:ec:32:83:d3:c5:7a:77:e8:2a:09:10:dd:88:9a:07:
         55:fb:11:e9:e2:4f:23:32:80:82:89:fa:c1:ca:a6:e0:fa:22:
         04:84:ff:0a:6c:e0:3d:b7:9c:f9:52:33:dd:02:2f:d7:d6:a3:
         6c:bf:82:bc:d1:cd:dd:d2:90:bf:55:77:a7:86:48:16:d8:b5:
         c1:4c:16:32:ea:b6:d5:bb:94:3f:76:8b:17:e2:e5:c9:c6:5c:
         48:0f:0e:90:33:8a:9f:ff:2e:fb:f3:2f:17:c5:b1:0e:b2:21:
         a4:05:4d:88:28:7f:ce:ae:f7:02:ee:70:99:fb:0c:ab:0e:b1:
         7e:d9:ea:8c:9c:a6:cf:f4:91:b6:87:e8:9d:9d:ba:00:14:a0:
         3b:f4:8c:93:06:e0:9b:12:21:20:32:d8:89:6a:ab:97:43:f4:
         36:83:b0:c8:ee:63:d8:2f:2a:90:cf:75:fb:5b:26:32:80:17:
         1c:74:b4:76:92:7c:5a:84:9e:92:bc:b6:1d:3e:26:af:4d:e0:
         70:20:53:39:4b:91:c6:f5:23:2c:c9:c6:55:c5:78:9f:96:bb:
         51:dd:f5:17:65:53:66:eb:b1:3c:52:b8:5e:3b:38:db:bd:6e:
         74:6f:68:40:21:db:b0:3b:02:05:e8:32:1e:51:d4:fd:30:0a:
         9f:6d:f2:a7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8QdOpcBxFdYjBoqib4eQU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOTMwMmQ1NDZlMDY4YzJmZDc2NzdkOWQ1MjAwYWRkMzZj
OGJjZDUwHhcNMjQwNDI0MTQxNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmU2OGFkZTU3ZGFmOTQ0Nzg5ZjJiNzE4YmJjYmNiYjg1NzUzYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrxe5mAYFdiwNybYJGdhjwk7GS+y
KeRbqEVUH28TwXuPO5LnQOT3z9EY58+ILxgDCSTnskJmN7JsKWXVwDPQEynV26pa
3j1VcD2IhB9KgGVTbWQZMpUXvMIebzBOPCSMBpwTQt3nwyVd14RdkNKItFmdMw7R
mCmDI4zkqq9X1V2t9SdTvvoNg2yFN6jQje2Wb+hqqJMbDfAmf7VWG0IG6gh4QHnj
/hyRMp9xKmnEaFkxknVu6N436s6PckWnXtnMIaAKF6CsX/z/NZ/4ez/WSdj4XeR2
GuXidcqRbGslMFIzOmgDymQS8bZT4CNJ28+gynYfEZ+0sWtgrhBgDMvwPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH/mit5X2vlEeJ8rcYu8vLuFdToeMB8GA1UdIwQY
MBaAFA2TAtVG4GjC/XZ32dUgCt02yLzVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUt
NGJlZjQzZDNmYjE3LzEvZi1hSzNsZmEtVVI0bnl0eGk3eTh1NFYxT2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wMTAxNjEtYjg0MC00NDk3LWFmYmUtNGJlZjQzZDNmYjE3
LzEvRFpNQzFVYmdhTUw5ZG5mWjFTQUszVGJJdk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5YeAD
BAC5YeIwDQYJKoZIhvcNAQELBQADggEBADy89ewyg9PFenfoKgkQ3YiaB1X7Eeni
TyMygIKJ+sHKpuD6IgSE/wps4D23nPlSM90CL9fWo2y/grzRzd3SkL9Vd6eGSBbY
tcFMFjLqttW7lD92ixfi5cnGXEgPDpAzip//LvvzLxfFsQ6yIaQFTYgof86u9wLu
cJn7DKsOsX7Z6oycps/0kbaH6J2dugAUoDv0jJMG4JsSISAy2Ilqq5dD9DaDsMju
Y9gvKpDPdftbJjKAFxx0tHaSfFqEnpK8th0+Jq9N4HAgUzlLkcb1IyzJxlXFeJ+W
u1Hd9RdlU2brsTxSuF47ONu9bnRvaEAh27A7AgXoMh5R1P0wCp9t8qc=
-----END CERTIFICATE-----