Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/ChBXmwkacze-4K7AnR3ogBIxSoM.roa
File:                     ChBXmwkacze-4K7AnR3ogBIxSoM.roa (raw, json)
Hash identifier:          tTvOa0DczsI2UICDCuF9V3mZtQ2S6LxBk9a8l28X7Ws=
Subject key identifier:   0A:10:57:9B:09:1A:73:37:BE:E0:AE:C0:9D:1D:E8:80:12:31:4A:83
Certificate issuer:       /CN=1dde7463ed8498020dd392322459d2cf40f226b2
Certificate serial:       018CC72723A4F40AF17ABA90A0F724AEC703
Authority key identifier: 1D:DE:74:63:ED:84:98:02:0D:D3:92:32:24:59:D2:CF:40:F2:26:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hd50Y-2EmAIN05IyJFnSz0DyJrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/ChBXmwkacze-4K7AnR3ogBIxSoM.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39364
IP address blocks:        185.225.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/Hd50Y-2EmAIN05IyJFnSz0DyJrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/Hd50Y-2EmAIN05IyJFnSz0DyJrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hd50Y-2EmAIN05IyJFnSz0DyJrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:23:a4:f4:0a:f1:7a:ba:90:a0:f7:24:ae:c7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dde7463ed8498020dd392322459d2cf40f226b2
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a10579b091a7337bee0aec09d1de88012314a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:18:6c:de:61:1f:47:3a:e8:8c:32:be:c7:a7:
                    92:5b:e8:ee:8d:87:6f:25:95:df:b5:4b:1c:aa:66:
                    b1:31:22:da:6f:01:2e:fb:95:ef:ff:44:87:36:64:
                    fe:76:3c:90:ec:1d:1f:7b:e6:4c:75:97:49:3c:50:
                    bb:83:53:48:de:c4:f7:8a:fa:91:f9:1f:31:74:79:
                    3e:64:98:12:d4:5a:ae:b4:b2:55:14:d0:2e:4f:c7:
                    20:51:6e:8d:4e:8f:02:4a:99:6e:1a:36:fa:47:e7:
                    57:2e:e4:85:f3:7e:e1:f8:dd:0b:0d:f2:07:76:a2:
                    32:05:72:5f:44:b7:d4:d9:92:0f:02:8e:02:4f:4c:
                    1a:87:e4:b2:64:99:e5:93:ab:46:0b:6c:e4:f1:1f:
                    68:1a:ee:70:0d:5c:3b:0b:50:0f:3e:2f:27:67:cf:
                    c2:6e:5f:11:8a:69:20:b3:1d:c7:3e:2d:1f:b3:f3:
                    f5:ec:df:06:4f:81:f2:b9:79:af:7c:3d:75:f7:23:
                    f5:20:6a:69:8b:3d:d8:df:94:04:93:59:aa:c1:21:
                    67:0b:b8:52:35:18:f9:06:3e:00:af:e7:67:cf:47:
                    57:21:50:9b:61:ce:38:af:92:1e:15:68:f5:89:56:
                    59:07:23:55:ef:4b:bf:c6:02:14:5a:bc:19:d4:7b:
                    77:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:10:57:9B:09:1A:73:37:BE:E0:AE:C0:9D:1D:E8:80:12:31:4A:83
            X509v3 Authority Key Identifier:
                keyid:1D:DE:74:63:ED:84:98:02:0D:D3:92:32:24:59:D2:CF:40:F2:26:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hd50Y-2EmAIN05IyJFnSz0DyJrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/ChBXmwkacze-4K7AnR3ogBIxSoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/55283a-09a0-4da8-a968-43c7f027c6e4/1/Hd50Y-2EmAIN05IyJFnSz0DyJrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:73:b0:6b:81:c3:89:d6:0d:1d:40:fd:73:58:dd:5b:4d:34:
         66:d2:2f:c9:89:f5:ae:f7:53:5a:8b:87:dc:42:04:7d:5e:bb:
         85:3e:0b:6b:20:a0:15:48:0c:1c:9e:c9:b8:1f:9b:01:28:34:
         23:fd:16:07:91:56:37:43:bd:b1:59:27:c9:f3:72:ff:df:06:
         97:2a:fc:f4:af:fc:e7:a7:18:e0:91:58:97:2d:4b:b2:f1:e6:
         20:b7:a0:4a:06:1e:d0:29:01:24:bc:35:94:b0:72:a9:5a:fe:
         c9:98:07:4d:cf:1c:f6:ec:c5:ab:d6:c9:1a:21:82:5b:3a:75:
         75:de:20:50:cc:6c:a4:82:a1:a2:84:d1:2e:c3:51:58:ae:c0:
         05:c4:ef:65:5f:aa:20:8e:c8:45:d3:61:b1:02:39:77:42:82:
         2e:2e:aa:34:e9:c4:c0:c6:a4:ff:f1:07:a1:4e:03:94:ba:a2:
         67:49:e7:05:19:d8:d0:e0:30:79:69:2b:8b:76:7f:73:f8:ce:
         59:7c:21:6c:6b:1f:f5:af:89:90:d4:63:fa:d0:25:45:62:e9:
         bb:0b:b4:20:8a:74:6c:8d:e5:04:3a:7c:6d:79:69:34:7f:7d:
         1e:ff:cb:69:d9:75:8e:71:75:35:99:de:1b:d3:ae:58:4e:2d:
         24:04:0b:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyOk9ArxerqQoPckrscDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGU3NDYzZWQ4NDk4MDIwZGQzOTIzMjI0NTlkMmNmNDBm
MjI2YjIwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTEwNTc5YjA5MWE3MzM3YmVlMGFlYzA5ZDFkZTg4MDEyMzE0YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRhs3mEfRzrojDK+x6eSW+jujYdv
JZXftUscqmaxMSLabwEu+5Xv/0SHNmT+djyQ7B0fe+ZMdZdJPFC7g1NI3sT3ivqR
+R8xdHk+ZJgS1FqutLJVFNAuT8cgUW6NTo8CSpluGjb6R+dXLuSF837h+N0LDfIH
dqIyBXJfRLfU2ZIPAo4CT0wah+SyZJnlk6tGC2zk8R9oGu5wDVw7C1APPi8nZ8/C
bl8Rimkgsx3HPi0fs/P17N8GT4HyuXmvfD119yP1IGppiz3Y35QEk1mqwSFnC7hS
NRj5Bj4Ar+dnz0dXIVCbYc44r5IeFWj1iVZZByNV70u/xgIUWrwZ1Ht38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoQV5sJGnM3vuCuwJ0d6IASMUqDMB8GA1UdIwQY
MBaAFB3edGPthJgCDdOSMiRZ0s9A8iayMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGQ1MFktMkVtQUlOMDVJeUpGblN6MER5SnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81NTI4M2EtMDlhMC00ZGE4LWE5Njgt
NDNjN2YwMjdjNmU0LzEvQ2hCWG13a2FjemUtNEs3QW5SM29nQkl4U29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81NTI4M2EtMDlhMC00ZGE4LWE5NjgtNDNjN2YwMjdjNmU0
LzEvSGQ1MFktMkVtQUlOMDVJeUpGblN6MER5SnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueFQMA0G
CSqGSIb3DQEBCwUAA4IBAQBVc7BrgcOJ1g0dQP1zWN1bTTRm0i/JifWu91Nai4fc
QgR9XruFPgtrIKAVSAwcnsm4H5sBKDQj/RYHkVY3Q72xWSfJ83L/3waXKvz0r/zn
pxjgkViXLUuy8eYgt6BKBh7QKQEkvDWUsHKpWv7JmAdNzxz27MWr1skaIYJbOnV1
3iBQzGykgqGihNEuw1FYrsAFxO9lX6ogjshF02GxAjl3QoIuLqo06cTAxqT/8Qeh
TgOUuqJnSecFGdjQ4DB5aSuLdn9z+M5ZfCFsax/1r4mQ1GP60CVFYum7C7QginRs
jeUEOnxteWk0f30e/8tp2XWOcXU1md4b065YTi0kBAuh
-----END CERTIFICATE-----