Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/1-emwUgut-7PQxovaRCbud_T4y2M.roa
File:                     1-emwUgut-7PQxovaRCbud_T4y2M.roa (raw, json)
Hash identifier:          sICXDgGM/U3UcKLcfnI44zZ23Nv4v+yEVe7yBH1HZ3I=
Subject key identifier:   F9:E9:B0:52:0B:AD:FB:B3:D0:C6:8B:DA:44:26:EE:77:F4:F8:CB:63
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C65544A539E94028F7B8DF586F1C
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/1-emwUgut-7PQxovaRCbud_T4y2M.roa
Signing time:             Mon 01 Jan 2024 10:30:02 +0000
ROA not before:           Mon 01 Jan 2024 10:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211456
IP address blocks:        185.7.218.0/24 maxlen: 24
                          95.169.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c6:55:44:a5:39:e9:40:28:f7:b8:df:58:6f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9e9b0520badfbb3d0c68bda4426ee77f4f8cb63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f0:f3:37:9a:47:1d:f0:72:2d:3a:39:ae:a8:
                    48:37:05:1d:6a:b5:9c:b8:ff:88:c3:ab:f7:0e:16:
                    b3:82:34:d6:27:86:fd:ad:68:40:f9:e9:11:7c:9b:
                    68:14:b0:b5:c1:e0:79:7c:39:e5:b2:d3:c3:a4:84:
                    2b:82:d7:95:e0:1c:c3:f1:a8:e8:a6:5b:3e:47:a4:
                    60:8b:d5:d3:42:a9:df:83:d6:d8:8b:63:26:47:f7:
                    cf:83:13:9a:55:dd:d4:76:b0:d4:86:40:57:7d:bc:
                    68:0b:25:c8:b9:c6:8a:4e:33:2c:fd:a6:53:f9:38:
                    26:45:7e:c4:60:cd:e1:c6:0b:a5:21:52:1c:79:fd:
                    dd:18:80:67:cc:75:8e:0f:ba:80:db:1a:1a:18:9f:
                    d1:a8:f8:af:f1:46:3e:ae:da:33:59:13:3d:52:91:
                    9b:02:8d:3f:9b:2d:a7:db:2e:a2:fc:a7:7f:d7:9f:
                    5e:9b:ef:70:10:33:3d:19:47:7b:3e:19:c3:f4:40:
                    cb:ec:99:83:98:73:16:ed:3b:6a:ac:b7:e4:27:3f:
                    50:53:23:27:52:1c:59:a7:39:c5:9a:6e:a6:53:a5:
                    e5:1f:89:e3:13:57:db:6c:a4:60:b9:b0:d9:17:87:
                    66:16:aa:43:f6:d6:0b:37:72:cc:1d:74:ca:cf:d9:
                    cc:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E9:B0:52:0B:AD:FB:B3:D0:C6:8B:DA:44:26:EE:77:F4:F8:CB:63
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/1-emwUgut-7PQxovaRCbud_T4y2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.209.0/24
                  185.7.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2e:5a:f8:2e:56:ac:35:26:6f:7a:f8:a7:b0:d4:28:7a:cc:
         aa:ab:3a:a9:82:ef:8f:c1:5a:dd:9c:48:7b:dc:4e:56:31:69:
         5b:6c:26:e3:07:b8:a4:57:01:57:84:7b:37:81:12:9b:7a:f7:
         2a:73:cb:71:3b:8d:87:88:5e:57:4d:99:c8:1c:88:cd:68:18:
         55:5b:98:9d:c4:5f:a8:45:bd:e9:30:7a:51:27:c7:51:5b:73:
         ea:a9:fc:b6:cc:58:91:ca:a5:cc:d9:ac:f3:d3:20:1a:c3:e7:
         02:30:1d:58:53:cd:b0:19:e2:07:06:bf:6a:ba:34:b8:47:3c:
         9d:3f:22:14:67:b9:8e:ed:03:55:fc:7a:69:f9:48:89:24:48:
         09:11:de:38:22:cd:a3:7f:68:66:86:72:ea:4d:c5:70:e5:1e:
         ff:69:f3:80:33:7f:60:11:55:92:f0:6f:df:f7:01:46:b7:b0:
         37:6e:37:33:b3:3e:ea:61:7b:b3:af:34:08:e8:01:71:e5:5d:
         85:6c:5e:3e:65:38:5b:35:7d:10:a6:85:09:27:5d:d9:42:6d:
         4b:29:ef:31:62:40:98:4d:5f:82:5c:5c:32:b3:db:d2:9f:42:
         25:d2:82:6a:aa:03:5c:b8:d4:b7:99:da:3a:3d:f6:a0:a1:7e:
         be:9b:45:27
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzEksZVRKU56UAo97jfWG8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWU5YjA1MjBiYWRmYmIzZDBjNjhiZGE0NDI2ZWU3N2Y0ZjhjYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfDzN5pHHfByLTo5rqhINwUdarWc
uP+Iw6v3DhazgjTWJ4b9rWhA+ekRfJtoFLC1weB5fDnlstPDpIQrgteV4BzD8ajo
pls+R6Rgi9XTQqnfg9bYi2MmR/fPgxOaVd3UdrDUhkBXfbxoCyXIucaKTjMs/aZT
+TgmRX7EYM3hxgulIVIcef3dGIBnzHWOD7qA2xoaGJ/RqPiv8UY+rtozWRM9UpGb
Ao0/my2n2y6i/Kd/159em+9wEDM9GUd7PhnD9EDL7JmDmHMW7TtqrLfkJz9QUyMn
UhxZpznFmm6mU6XlH4njE1fbbKRgubDZF4dmFqpD9tYLN3LMHXTKz9nMVwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPnpsFILrfuz0MaL2kQm7nf0+MtjMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvMS1lbXdVZ3V0LTdQUXhvdmFSQ2J1ZF9UNHkyTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvNWU1YzMwLThhYTQtNDdlOC1iZDhmLWZiZTFhMGQwYWE5
OC8xL1ZYc0t3UXVHUXFKOTA5ZE8xc3RlNEVYbWU1Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAF+p0QME
ALkH2jANBgkqhkiG9w0BAQsFAAOCAQEAjC5a+C5WrDUmb3r4p7DUKHrMqqs6qYLv
j8Fa3ZxIe9xOVjFpW2wm4we4pFcBV4R7N4ESm3r3KnPLcTuNh4heV02ZyByIzWgY
VVuYncRfqEW96TB6USfHUVtz6qn8tsxYkcqlzNms89MgGsPnAjAdWFPNsBniBwa/
aro0uEc8nT8iFGe5ju0DVfx6aflIiSRICRHeOCLNo39oZoZy6k3FcOUe/2nzgDN/
YBFVkvBv3/cBRrewN243M7M+6mF7s680COgBceVdhWxePmU4WzV9EKaFCSdd2UJt
SynvMWJAmE1fglxcMrPb0p9CJdKCaqoDXLjUt5naOj32oKF+vptFJw==
-----END CERTIFICATE-----