Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/HX1o5krBPLa__nmjwMlwC2ys8vo.roa
File:                     HX1o5krBPLa__nmjwMlwC2ys8vo.roa (raw, json)
Hash identifier:          1qKhVKxtFa56q8e6Wm7QT/hdTQGHeOkBodB5fCYerUE=
Subject key identifier:   1D:7D:68:E6:4A:C1:3C:B6:BF:FE:79:A3:C0:C9:70:0B:6C:AC:F2:FA
Certificate issuer:       /CN=cd7ee4b0327996304cf18a128e2655780c9d6b9b
Certificate serial:       018CC26D2FA76B6D7CA8878BF364A62A5D5B
Authority key identifier: CD:7E:E4:B0:32:79:96:30:4C:F1:8A:12:8E:26:55:78:0C:9D:6B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zX7ksDJ5ljBM8YoSjiZVeAyda5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/HX1o5krBPLa__nmjwMlwC2ys8vo.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48727
IP address blocks:        185.124.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/zX7ksDJ5ljBM8YoSjiZVeAyda5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/zX7ksDJ5ljBM8YoSjiZVeAyda5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zX7ksDJ5ljBM8YoSjiZVeAyda5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:a7:6b:6d:7c:a8:87:8b:f3:64:a6:2a:5d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd7ee4b0327996304cf18a128e2655780c9d6b9b
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d7d68e64ac13cb6bffe79a3c0c9700b6cacf2fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:89:16:6e:52:45:04:14:ab:ac:70:d7:28:6e:
                    39:6a:dd:d0:5d:3e:f1:06:df:b8:da:b3:1d:e4:eb:
                    0e:52:7e:b6:62:5c:5b:ee:5d:42:91:6a:e6:07:6c:
                    17:14:36:bf:1c:9d:36:dd:28:23:ee:44:8e:dc:3d:
                    25:b7:48:be:45:f3:c9:ad:34:71:0e:24:97:3b:8c:
                    db:34:c0:12:1c:85:c3:a3:f9:49:76:d7:8b:b1:01:
                    ff:c3:3b:1d:18:b2:31:dd:78:62:ab:58:93:f7:0d:
                    9b:46:fe:dc:56:f4:85:71:51:68:1e:30:e6:1e:16:
                    6e:4e:bd:cb:ec:1d:98:fc:bf:1d:53:70:d7:14:18:
                    52:cb:65:3e:ff:cf:cb:41:0c:3a:b3:3d:ce:c7:fd:
                    2a:30:ea:ba:9b:8a:06:cd:09:1e:79:ad:bf:7a:7a:
                    20:20:c3:6f:7b:67:fe:fb:91:95:06:60:18:60:92:
                    f4:1e:e9:29:e6:a3:a8:22:fc:0b:dc:42:1c:20:71:
                    31:23:4a:39:ed:7c:22:99:b5:44:e3:4d:0d:2d:b3:
                    d8:46:5d:ac:16:55:a1:dc:f5:a3:fd:81:0f:ce:1d:
                    f2:44:a7:cd:c5:30:ed:92:8d:34:fa:47:7d:01:bf:
                    8f:99:75:ec:01:42:6c:a8:a6:77:f6:14:54:8d:ce:
                    2c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7D:68:E6:4A:C1:3C:B6:BF:FE:79:A3:C0:C9:70:0B:6C:AC:F2:FA
            X509v3 Authority Key Identifier:
                keyid:CD:7E:E4:B0:32:79:96:30:4C:F1:8A:12:8E:26:55:78:0C:9D:6B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zX7ksDJ5ljBM8YoSjiZVeAyda5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/HX1o5krBPLa__nmjwMlwC2ys8vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/ecaeb3-f42f-4bac-a49e-242ffdaa2670/1/zX7ksDJ5ljBM8YoSjiZVeAyda5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:1e:26:88:e9:78:c2:15:26:73:08:e7:c2:13:24:49:91:96:
         b4:03:b6:1a:7e:db:84:1d:8f:b9:75:06:f9:4b:30:6f:b4:fa:
         cf:b8:9b:b9:c9:be:30:f2:f3:da:a1:c4:b1:98:0d:70:ad:52:
         a9:41:84:6c:a5:ed:a4:1a:b4:bc:11:9a:8e:2c:f3:9d:07:f6:
         82:63:a6:59:55:2a:0e:5b:0d:9b:a5:38:f1:60:43:15:11:0c:
         00:a3:21:ca:ab:f6:12:fc:82:d8:29:fb:1f:89:06:e6:6d:5f:
         bc:58:ad:39:e3:9c:86:67:74:a3:00:24:83:4c:18:af:0c:b5:
         c2:57:4f:47:92:37:c3:66:4c:95:f2:d4:89:70:57:79:33:64:
         a3:8c:ef:11:e9:ba:85:cc:46:62:10:15:87:18:1d:67:91:46:
         bd:6f:b8:20:11:f9:18:7f:47:3d:4b:1a:bb:c7:a3:65:cb:41:
         23:a5:f6:7f:64:9a:c6:f8:b1:e3:44:2e:a4:32:f3:6c:d0:f7:
         8c:14:73:38:e8:e5:a9:19:01:01:37:c2:7b:9b:f7:6b:2b:81:
         5c:48:3e:8d:45:d7:59:60:0c:e6:34:3a:40:e2:0a:d8:d3:c0:
         10:1a:79:0b:e2:24:af:c4:fd:5c:b2:67:5f:8d:19:85:20:f7:
         46:0b:99:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS+na218qIeL82SmKl1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkN2VlNGIwMzI3OTk2MzA0Y2YxOGExMjhlMjY1NTc4MGM5
ZDZiOWIwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdkNjhlNjRhYzEzY2I2YmZmZTc5YTNjMGM5NzAwYjZjYWNmMmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4kWblJFBBSrrHDXKG45at3QXT7x
Bt+42rMd5OsOUn62Ylxb7l1CkWrmB2wXFDa/HJ023Sgj7kSO3D0lt0i+RfPJrTRx
DiSXO4zbNMASHIXDo/lJdteLsQH/wzsdGLIx3Xhiq1iT9w2bRv7cVvSFcVFoHjDm
HhZuTr3L7B2Y/L8dU3DXFBhSy2U+/8/LQQw6sz3Ox/0qMOq6m4oGzQkeea2/enog
IMNve2f++5GVBmAYYJL0Hukp5qOoIvwL3EIcIHExI0o57XwimbVE400NLbPYRl2s
FlWh3PWj/YEPzh3yRKfNxTDtko00+kd9Ab+PmXXsAUJsqKZ39hRUjc4sSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB19aOZKwTy2v/55o8DJcAtsrPL6MB8GA1UdIwQY
MBaAFM1+5LAyeZYwTPGKEo4mVXgMnWubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelg3a3NESjVsakJNOFlvU2ppWlZlQXlkYTVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lY2FlYjMtZjQyZi00YmFjLWE0OWUt
MjQyZmZkYWEyNjcwLzEvSFgxbzVrckJQTGFfX25tandNbHdDMnlzOHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lY2FlYjMtZjQyZi00YmFjLWE0OWUtMjQyZmZkYWEyNjcw
LzEvelg3a3NESjVsakJNOFlvU2ppWlZlQXlkYTVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXyAMA0G
CSqGSIb3DQEBCwUAA4IBAQB3HiaI6XjCFSZzCOfCEyRJkZa0A7YaftuEHY+5dQb5
SzBvtPrPuJu5yb4w8vPaocSxmA1wrVKpQYRspe2kGrS8EZqOLPOdB/aCY6ZZVSoO
Ww2bpTjxYEMVEQwAoyHKq/YS/ILYKfsfiQbmbV+8WK0545yGZ3SjACSDTBivDLXC
V09HkjfDZkyV8tSJcFd5M2SjjO8R6bqFzEZiEBWHGB1nkUa9b7ggEfkYf0c9Sxq7
x6Nly0EjpfZ/ZJrG+LHjRC6kMvNs0PeMFHM46OWpGQEBN8J7m/drK4FcSD6NRddZ
YAzmNDpA4grY08AQGnkL4iSvxP1csmdfjRmFIPdGC5ki
-----END CERTIFICATE-----