Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/aIogUBz9MzFIGpwJXkh8AJu-44w.roa
File:                     aIogUBz9MzFIGpwJXkh8AJu-44w.roa (raw, json)
Hash identifier:          bGO+PtD07AcP5sLsq0sts46/74k65zmUlVwuJJpCXUM=
Subject key identifier:   68:8A:20:50:1C:FD:33:31:48:1A:9C:09:5E:48:7C:00:9B:BE:E3:8C
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018ED367013B453F3EA0F74E19895A70D18F
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/aIogUBz9MzFIGpwJXkh8AJu-44w.roa
Signing time:             Fri 12 Apr 2024 17:42:06 +0000
ROA not before:           Fri 12 Apr 2024 17:42:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.227.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d3:67:01:3b:45:3f:3e:a0:f7:4e:19:89:5a:70:d1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Apr 12 17:42:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=688a20501cfd3331481a9c095e487c009bbee38c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:41:27:db:bf:04:04:23:58:e5:7c:a5:1c:a7:
                    98:ae:81:dc:b8:40:f8:ff:36:fc:1c:b9:bd:22:7a:
                    2a:36:74:74:4a:86:a6:62:9e:eb:52:81:6b:37:b1:
                    4c:98:2d:dd:dc:e6:fd:1d:df:d8:79:36:02:94:ae:
                    48:ab:7c:51:17:88:22:ea:24:8e:41:24:e9:69:21:
                    05:63:0e:f9:05:74:d4:2c:b9:00:79:77:a6:64:a4:
                    18:ce:f8:a1:62:a8:21:91:6b:d9:f2:ad:ea:16:1e:
                    bc:4d:e1:06:31:f2:93:8f:de:c4:5a:84:95:8c:d5:
                    8d:a0:c4:ce:0b:96:35:c3:af:99:0b:d7:62:a9:8c:
                    d3:d0:65:28:45:ff:b1:ef:34:ee:aa:10:db:ed:c4:
                    76:2d:9f:7f:89:a1:fa:d6:a1:12:50:59:f7:fa:2f:
                    b9:51:bf:75:1d:2e:8f:5c:f1:e1:70:82:9e:1d:14:
                    a2:7b:27:cd:c8:d9:e1:75:8e:c3:eb:39:01:d0:93:
                    a5:19:5f:2c:28:21:18:ba:ed:9e:4d:bf:46:c2:49:
                    aa:39:e8:40:99:08:f8:ce:c9:24:d3:eb:1c:5a:8c:
                    c4:7b:61:e7:e8:28:47:3f:2e:5c:1a:7f:46:2f:16:
                    3a:39:0d:11:06:23:0d:dc:ba:a1:37:0b:42:be:14:
                    7c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8A:20:50:1C:FD:33:31:48:1A:9C:09:5E:48:7C:00:9B:BE:E3:8C
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/aIogUBz9MzFIGpwJXkh8AJu-44w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2d:0a:aa:09:bf:55:ed:81:04:2d:ac:a1:79:28:be:b8:23:
         f6:d0:58:8a:10:54:fd:b4:60:d3:95:d2:fc:9f:38:8b:cb:5a:
         47:ac:9c:bf:39:f5:b5:a2:03:af:92:17:3e:cc:a5:9a:94:3e:
         63:97:b5:25:ab:be:e2:5c:ad:70:db:ea:fc:2e:78:d4:c9:37:
         82:ea:7c:88:f2:8c:f8:4f:b2:33:04:33:56:9a:5a:47:67:cf:
         66:6d:b4:9b:7a:64:79:2c:27:41:18:32:39:3a:2e:e3:0f:5a:
         59:20:71:0b:fa:9c:88:4f:ce:20:89:ef:fc:35:6e:14:c1:ac:
         1a:e5:ab:3f:62:d5:5a:d9:6e:76:c5:55:fe:60:bd:d8:70:f7:
         29:1b:e5:75:ee:11:9d:5e:18:9a:21:54:e1:69:02:62:7e:0b:
         ca:68:1c:07:4c:c8:02:8c:e0:ad:99:34:e7:98:30:c9:ae:b8:
         63:88:e4:26:4c:f3:3e:da:d5:86:a2:60:43:06:66:73:79:93:
         1d:64:76:a7:9c:25:88:21:77:6d:7c:51:3a:d4:8d:2a:63:99:
         35:9f:dd:fb:58:7b:1c:03:ed:43:54:6b:03:5f:51:9d:bc:f8:
         c0:36:97:df:86:4c:5b:7a:f3:ff:a2:c8:49:89:4a:2a:33:fc:
         8f:8d:5b:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7TZwE7RT8+oPdOGYlacNGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwNDEyMTc0MjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhhMjA1MDFjZmQzMzMxNDgxYTljMDk1ZTQ4N2MwMDliYmVlMzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukEn278EBCNY5XylHKeYroHcuED4
/zb8HLm9InoqNnR0SoamYp7rUoFrN7FMmC3d3Ob9Hd/YeTYClK5Iq3xRF4gi6iSO
QSTpaSEFYw75BXTULLkAeXemZKQYzvihYqghkWvZ8q3qFh68TeEGMfKTj97EWoSV
jNWNoMTOC5Y1w6+ZC9diqYzT0GUoRf+x7zTuqhDb7cR2LZ9/iaH61qESUFn3+i+5
Ub91HS6PXPHhcIKeHRSieyfNyNnhdY7D6zkB0JOlGV8sKCEYuu2eTb9GwkmqOehA
mQj4zskk0+scWozEe2Hn6ChHPy5cGn9GLxY6OQ0RBiMN3LqhNwtCvhR8BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiKIFAc/TMxSBqcCV5IfACbvuOMMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvYUlvZ1VCejlNekZJR3B3SlhraDhBSnUtNDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueMHMA0G
CSqGSIb3DQEBCwUAA4IBAQA8LQqqCb9V7YEELayheSi+uCP20FiKEFT9tGDTldL8
nziLy1pHrJy/OfW1ogOvkhc+zKWalD5jl7Ulq77iXK1w2+r8LnjUyTeC6nyI8oz4
T7IzBDNWmlpHZ89mbbSbemR5LCdBGDI5Oi7jD1pZIHEL+pyIT84gie/8NW4Uwawa
5as/YtVa2W52xVX+YL3YcPcpG+V17hGdXhiaIVThaQJifgvKaBwHTMgCjOCtmTTn
mDDJrrhjiOQmTPM+2tWGomBDBmZzeZMdZHannCWIIXdtfFE61I0qY5k1n937WHsc
A+1DVGsDX1GdvPjANpffhkxbevP/oshJiUoqM/yPjVvb
-----END CERTIFICATE-----