Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/pEOYUjsz4e_6AQFXdj59o4J_vM8.roa
File:                     pEOYUjsz4e_6AQFXdj59o4J_vM8.roa (raw, json)
Hash identifier:          o+zbjDvEOmHt480XFykOhhXbxeRPa6N83xxh0Fe4GTc=
Subject key identifier:   A4:43:98:52:3B:33:E1:EF:FA:01:01:57:76:3E:7D:A3:82:7F:BC:CF
Certificate issuer:       /CN=69ca7c17232db063491cfa585203369ffbeb76ed
Certificate serial:       0190A7CBDEDB58634AE968A386916876435C
Authority key identifier: 69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/pEOYUjsz4e_6AQFXdj59o4J_vM8.roa
Signing time:             Fri 12 Jul 2024 16:34:34 +0000
ROA not before:           Fri 12 Jul 2024 16:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203217
IP address blocks:        185.65.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a7:cb:de:db:58:63:4a:e9:68:a3:86:91:68:76:43:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69ca7c17232db063491cfa585203369ffbeb76ed
        Validity
            Not Before: Jul 12 16:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a44398523b33e1effa010157763e7da3827fbccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ac:dc:c3:72:bb:b9:ed:43:d9:66:c6:0b:2b:
                    dc:31:02:b6:6a:df:6d:e8:c5:92:68:21:f2:ba:98:
                    b2:6c:4c:52:67:8e:5b:b4:47:b0:e6:71:05:5f:1d:
                    7e:fb:d5:85:03:57:ba:cb:a0:6a:77:bc:a6:b6:b5:
                    12:c4:cf:2d:3d:86:bd:3c:ab:b0:4d:b4:e1:a4:c7:
                    e3:99:f2:d9:e6:58:be:36:3f:c3:7d:44:e5:c4:07:
                    4d:d8:32:b6:53:2a:54:29:48:02:6d:2f:43:3d:7a:
                    19:01:7b:02:cb:a8:3b:96:89:dd:5d:ad:42:da:9c:
                    d2:d4:b0:f9:53:79:77:b0:ae:c1:fc:18:f2:5b:c5:
                    ed:82:f3:42:79:f6:ba:58:c9:8b:6a:76:eb:57:d6:
                    87:da:0a:fa:d5:4c:cc:fe:23:e6:39:d5:83:48:3e:
                    9a:90:66:d8:f4:ce:1d:19:4a:39:84:a3:8a:a3:30:
                    64:1a:64:05:0c:9e:dc:aa:43:76:ab:ed:a1:dd:fd:
                    b2:aa:fa:cd:55:8c:f3:33:59:ed:1b:fd:d4:cc:b2:
                    3b:ea:50:30:a8:de:a8:c6:bb:01:97:85:55:ef:5e:
                    27:d1:94:2c:9c:88:37:d5:8f:fc:44:d5:e9:b0:be:
                    93:b4:e0:91:65:7a:10:98:5a:b4:13:c6:28:95:5c:
                    cc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:43:98:52:3B:33:E1:EF:FA:01:01:57:76:3E:7D:A3:82:7F:BC:CF
            X509v3 Authority Key Identifier:
                keyid:69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/pEOYUjsz4e_6AQFXdj59o4J_vM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:2f:a9:92:17:1e:7c:d9:6a:23:f3:72:36:fb:d1:69:17:5b:
         9f:af:09:2f:cc:ed:e8:1c:64:5c:07:a2:83:e0:a6:3b:5d:e5:
         e4:53:04:9b:53:cf:a9:04:cb:67:c3:c3:f4:cc:21:d8:3b:9b:
         ed:a8:f8:b3:03:c7:0d:41:bf:68:ad:b4:98:90:6e:8b:77:40:
         b6:00:d7:b9:a8:98:21:57:b2:db:a3:83:c4:1a:75:95:b0:82:
         d9:c1:11:4c:9b:2e:8f:34:c6:6b:01:dd:98:a9:89:d6:89:a1:
         da:d3:8f:7c:66:0b:5c:76:51:0a:2b:d9:08:eb:39:6c:b3:5f:
         98:8a:b3:3d:e3:88:ea:ce:fa:2c:61:06:a0:a9:b2:49:36:a9:
         e8:0b:f0:e6:8b:95:db:d8:ec:39:40:69:63:63:41:c6:d5:1d:
         e3:1a:3b:33:1b:c6:d7:89:fc:95:b7:44:6d:45:46:cc:a3:ea:
         0c:dc:5c:ca:7f:a0:ec:9e:fd:c3:97:df:13:60:4a:16:e5:d5:
         de:6f:d9:2b:13:60:9a:39:20:1c:1e:9d:60:0f:f0:77:a5:14:
         07:47:dd:4e:3b:46:9a:b3:54:9d:69:68:90:42:ee:e5:80:9b:
         b0:6e:b8:3a:f4:a8:af:e4:60:21:fb:d9:c5:85:4c:35:80:76:
         d5:2d:f0:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCny97bWGNK6WijhpFodkNcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Y2E3YzE3MjMyZGIwNjM0OTFjZmE1ODUyMDMzNjlmZmJl
Yjc2ZWQwHhcNMjQwNzEyMTYzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDQzOTg1MjNiMzNlMWVmZmEwMTAxNTc3NjNlN2RhMzgyN2ZiY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqzcw3K7ue1D2WbGCyvcMQK2at9t
6MWSaCHyupiybExSZ45btEew5nEFXx1++9WFA1e6y6Bqd7ymtrUSxM8tPYa9PKuw
TbThpMfjmfLZ5li+Nj/DfUTlxAdN2DK2UypUKUgCbS9DPXoZAXsCy6g7londXa1C
2pzS1LD5U3l3sK7B/BjyW8XtgvNCefa6WMmLanbrV9aH2gr61UzM/iPmOdWDSD6a
kGbY9M4dGUo5hKOKozBkGmQFDJ7cqkN2q+2h3f2yqvrNVYzzM1ntG/3UzLI76lAw
qN6oxrsBl4VV714n0ZQsnIg31Y/8RNXpsL6TtOCRZXoQmFq0E8YolVzMiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRDmFI7M+Hv+gEBV3Y+faOCf7zPMB8GA1UdIwQY
MBaAFGnKfBcjLbBjSRz6WFIDNp/763btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUt
ZjQ3YWU3ZGRhZWMwLzEvcEVPWVVqc3o0ZV82QVFGWGRqNTlvNEpfdk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUtZjQ3YWU3ZGRhZWMw
LzEvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUH8MA0G
CSqGSIb3DQEBCwUAA4IBAQBOL6mSFx582Woj83I2+9FpF1ufrwkvzO3oHGRcB6KD
4KY7XeXkUwSbU8+pBMtnw8P0zCHYO5vtqPizA8cNQb9orbSYkG6Ld0C2ANe5qJgh
V7Lbo4PEGnWVsILZwRFMmy6PNMZrAd2YqYnWiaHa0498ZgtcdlEKK9kI6zlss1+Y
irM944jqzvosYQagqbJJNqnoC/Dmi5Xb2Ow5QGljY0HG1R3jGjszG8bXifyVt0Rt
RUbMo+oM3FzKf6Dsnv3Dl98TYEoW5dXeb9krE2CaOSAcHp1gD/B3pRQHR91OO0aa
s1SdaWiQQu7lgJuwbrg69Kiv5GAh+9nFhUw1gHbVLfBY
-----END CERTIFICATE-----