Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/5IKYG_DG3xL3SfVyFU8vuaVhaTw.roa
File:                     5IKYG_DG3xL3SfVyFU8vuaVhaTw.roa (raw, json)
Hash identifier:          0Cm1F0BseqhVLiFxv+2LBD93fUkuIdMZGKGG9W2ldas=
Subject key identifier:   E4:82:98:1B:F0:C6:DF:12:F7:49:F5:72:15:4F:2F:B9:A5:61:69:3C
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE49D94600B2767921C79B3E48CEC8
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/5IKYG_DG3xL3SfVyFU8vuaVhaTw.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        185.232.18.0/24 maxlen: 24
                          185.232.19.0/24 maxlen: 24
                          185.246.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:49:d9:46:00:b2:76:79:21:c7:9b:3e:48:ce:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e482981bf0c6df12f749f572154f2fb9a561693c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:69:cb:0d:14:22:e1:c1:21:e9:60:c9:e6:
                    76:6a:d5:96:e3:3a:30:9d:52:3a:9b:b2:42:92:5e:
                    57:70:90:02:66:35:b4:72:70:30:d8:c3:ee:3c:ea:
                    a7:02:94:20:06:c5:ec:05:da:92:7c:95:75:6d:2f:
                    5f:98:7c:47:39:27:5e:c4:d2:14:74:bc:39:24:74:
                    b7:0f:45:0f:b4:6f:59:f0:7a:43:8a:39:0e:25:6b:
                    94:79:e1:ca:4c:d2:0b:0f:14:8e:a7:7f:24:a8:b0:
                    d4:ab:f1:61:d4:7f:aa:f5:4c:b8:2e:cf:a7:3c:1a:
                    a7:23:d0:44:14:2f:2d:cd:c8:f8:4b:19:2a:5d:ae:
                    ef:26:44:f6:3d:dd:d2:73:23:b1:82:e6:d6:ce:a6:
                    3f:62:85:78:de:db:a2:08:a1:76:1c:46:08:87:93:
                    24:80:fc:5c:b2:8a:e5:f1:11:b7:48:51:56:6f:df:
                    d0:e2:2a:8e:71:b6:c7:2c:fd:e5:a3:d6:47:a7:bd:
                    44:c2:1f:37:2c:5f:0d:14:ad:ad:b3:f3:7d:fe:01:
                    b3:3a:25:97:95:f5:68:4b:ec:82:16:c3:b7:b2:24:
                    1b:f5:78:13:c5:0b:57:52:02:5a:f1:8c:1e:44:54:
                    9e:b9:b8:9f:e8:d6:05:5c:31:a3:1f:57:09:82:18:
                    f6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:82:98:1B:F0:C6:DF:12:F7:49:F5:72:15:4F:2F:B9:A5:61:69:3C
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/5IKYG_DG3xL3SfVyFU8vuaVhaTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.18.0/23
                  185.246.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:06:42:b3:55:8e:7f:d5:e9:2c:9b:c4:0b:75:5c:d1:31:40:
         b2:73:14:b3:cd:4f:b3:92:89:4a:c1:f1:6a:33:88:48:37:7c:
         bb:02:c1:75:f6:12:c3:6a:aa:ae:af:72:4b:4f:f5:6c:bd:d9:
         94:b9:d2:a6:b3:f1:03:f5:09:fc:7b:ea:94:fb:6d:bf:5f:7f:
         c4:cc:ba:0a:95:b9:c4:7b:19:77:90:93:53:02:82:ab:e0:dc:
         08:21:32:cd:ab:d4:7b:e3:10:5d:04:dc:51:42:9b:d3:13:8a:
         b2:de:5f:b5:f3:24:74:46:59:f5:9d:b8:de:e2:7d:d1:a2:1b:
         0c:90:46:ea:ab:bf:60:84:8e:26:b8:79:ec:4a:68:41:81:21:
         cd:24:4c:6f:7c:0b:ae:84:6e:ba:bb:1b:c7:ab:54:c7:2d:6f:
         61:6a:30:97:3d:d9:ac:86:90:97:10:e4:b2:98:7c:92:f1:35:
         19:3a:c0:0f:de:08:83:49:7e:94:eb:bf:a9:65:30:be:38:58:
         d5:96:df:4c:dc:bf:44:a2:bb:b1:ee:2e:ba:73:f8:c6:9b:a7:
         c6:c3:a0:b6:f5:3b:a1:e2:b7:5c:2c:6e:c5:51:7b:88:3a:b6:
         5d:c8:ad:2b:cb:1d:ec:0b:c1:56:25:6c:7e:74:a2:ab:aa:a4:
         84:0d:07:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3knZRgCydnkhx5s+SM7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDgyOTgxYmYwYzZkZjEyZjc0OWY1NzIxNTRmMmZiOWE1NjE2OTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuFpyw0UIuHBIelgyeZ2atWW4zow
nVI6m7JCkl5XcJACZjW0cnAw2MPuPOqnApQgBsXsBdqSfJV1bS9fmHxHOSdexNIU
dLw5JHS3D0UPtG9Z8HpDijkOJWuUeeHKTNILDxSOp38kqLDUq/Fh1H+q9Uy4Ls+n
PBqnI9BEFC8tzcj4SxkqXa7vJkT2Pd3ScyOxgubWzqY/YoV43tuiCKF2HEYIh5Mk
gPxcsorl8RG3SFFWb9/Q4iqOcbbHLP3lo9ZHp71Ewh83LF8NFK2ts/N9/gGzOiWX
lfVoS+yCFsO3siQb9XgTxQtXUgJa8YweRFSeubif6NYFXDGjH1cJghj2pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOSCmBvwxt8S90n1chVPL7mlYWk8MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvNUlLWUdfREczeEwzU2ZWeUZVOHZ1YVZoYVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuegSAwQA
ufbYMA0GCSqGSIb3DQEBCwUAA4IBAQC7BkKzVY5/1eksm8QLdVzRMUCycxSzzU+z
kolKwfFqM4hIN3y7AsF19hLDaqqur3JLT/VsvdmUudKms/ED9Qn8e+qU+22/X3/E
zLoKlbnEexl3kJNTAoKr4NwIITLNq9R74xBdBNxRQpvTE4qy3l+18yR0Rln1nbje
4n3RohsMkEbqq79ghI4muHnsSmhBgSHNJExvfAuuhG66uxvHq1THLW9hajCXPdms
hpCXEOSymHyS8TUZOsAP3giDSX6U67+pZTC+OFjVlt9M3L9Eorux7i66c/jGm6fG
w6C29Tuh4rdcLG7FUXuIOrZdyK0ryx3sC8FWJWx+dKKrqqSEDQdx
-----END CERTIFICATE-----