Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/0XF3tCJVN6oAEomOcqY-2X-HiJE.roa
File:                     0XF3tCJVN6oAEomOcqY-2X-HiJE.roa (raw, json)
Hash identifier:          sj1x3FNTFQ5UoIMTnKC08EFjO7riCTsD1cC1n3PniXs=
Subject key identifier:   D1:71:77:B4:22:55:37:AA:00:12:89:8E:72:A6:3E:D9:7F:87:88:91
Certificate issuer:       /CN=a7c7544e8b482d2311903706eed724049fe385bf
Certificate serial:       018CC802F050D6CBD592E7E87935BCCB8B9F
Authority key identifier: A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/0XF3tCJVN6oAEomOcqY-2X-HiJE.roa
Signing time:             Tue 02 Jan 2024 02:31:24 +0000
ROA not before:           Tue 02 Jan 2024 02:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39020
IP address blocks:        185.120.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f0:50:d6:cb:d5:92:e7:e8:79:35:bc:cb:8b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7c7544e8b482d2311903706eed724049fe385bf
        Validity
            Not Before: Jan  2 02:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d17177b4225537aa0012898e72a63ed97f878891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f9:b9:f3:4e:f9:da:33:9e:7f:a2:02:b1:a6:
                    c1:e0:44:c5:be:64:e4:10:47:93:4e:03:07:f3:fc:
                    07:e4:b5:15:a5:43:46:75:2c:a4:4c:57:12:e4:e0:
                    76:8e:6d:95:d7:f9:92:bb:d5:ee:9d:4f:ff:dd:a5:
                    b8:fb:e6:c7:6d:7f:d7:86:3c:fa:ed:b7:4c:6d:25:
                    36:ae:1f:e9:77:1e:f3:ce:17:e0:fc:79:a3:29:15:
                    ce:58:b8:78:00:76:fd:f3:bf:65:92:c0:c2:9f:24:
                    73:4b:3b:c4:83:02:27:46:ed:0b:a8:7b:0d:14:6c:
                    dd:7c:a7:db:ba:69:23:a4:f0:74:99:a6:6e:21:0d:
                    00:ca:40:98:38:bf:23:1f:ff:f0:d5:b7:e8:44:dc:
                    de:6c:07:18:64:d8:13:54:1f:69:9e:5f:dc:1c:38:
                    ec:f7:5f:31:cc:29:a1:88:a3:c1:81:57:51:c5:9d:
                    03:a2:6f:cc:c0:fa:fa:a6:7d:5e:7c:85:a8:33:38:
                    d1:dc:37:c3:4c:d4:5a:31:12:8a:4d:bf:40:d0:c2:
                    10:aa:78:ac:42:c5:20:64:43:1d:c6:f1:cb:2d:d7:
                    b7:82:ff:38:c2:80:26:da:c7:bd:8b:0f:4a:9a:e2:
                    a0:81:28:9c:21:99:e8:38:0c:68:d3:7b:83:9b:b9:
                    03:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:71:77:B4:22:55:37:AA:00:12:89:8E:72:A6:3E:D9:7F:87:88:91
            X509v3 Authority Key Identifier:
                keyid:A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/0XF3tCJVN6oAEomOcqY-2X-HiJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:bc:4e:34:27:a3:47:aa:00:29:af:20:7e:5d:f1:3d:cb:05:
         9c:8a:d4:d2:0c:37:c6:1a:de:e6:4c:d8:f1:83:bf:8e:4c:c2:
         69:55:40:e5:e3:b0:fb:3e:14:38:c9:b1:70:4a:f2:64:fe:0f:
         3b:b6:b8:69:3d:ac:bd:33:11:af:6f:e8:df:fb:59:87:82:32:
         24:86:fc:cb:40:a9:f1:d8:ad:8d:e2:d3:a0:5c:db:f0:60:9e:
         bc:2e:ee:dd:03:8d:7a:7c:be:9a:c7:e2:ad:73:39:98:28:08:
         76:27:6e:19:04:9e:10:1f:8d:8f:71:68:11:2c:90:05:15:27:
         0a:4f:a3:10:87:bf:f3:b1:51:14:c5:2f:3d:56:40:e1:1c:28:
         d0:bb:3c:16:43:e0:c7:8c:2b:a3:68:d5:0b:56:63:df:d7:e8:
         1f:65:77:3f:27:51:6e:20:9e:19:41:27:7a:69:2e:e1:ca:2c:
         7c:ec:51:18:2e:ff:f9:dc:ac:e0:c7:a6:07:50:99:02:d0:8b:
         b1:80:d3:43:48:17:1b:be:27:c5:41:5d:3e:ad:7a:b1:1b:b0:
         64:84:d8:5f:a7:c5:90:4b:3c:35:a1:e2:a4:ef:45:85:ca:b5:
         00:ee:8d:e7:40:bc:e2:3b:6c:5a:43:08:47:51:d2:e7:2a:3c:
         23:df:67:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvBQ1svVkufoeTW8y4ufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Yzc1NDRlOGI0ODJkMjMxMTkwMzcwNmVlZDcyNDA0OWZl
Mzg1YmYwHhcNMjQwMTAyMDIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTcxNzdiNDIyNTUzN2FhMDAxMjg5OGU3MmE2M2VkOTdmODc4ODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/m580752jOef6ICsabB4ETFvmTk
EEeTTgMH8/wH5LUVpUNGdSykTFcS5OB2jm2V1/mSu9XunU//3aW4++bHbX/Xhjz6
7bdMbSU2rh/pdx7zzhfg/HmjKRXOWLh4AHb9879lksDCnyRzSzvEgwInRu0LqHsN
FGzdfKfbumkjpPB0maZuIQ0AykCYOL8jH//w1bfoRNzebAcYZNgTVB9pnl/cHDjs
918xzCmhiKPBgVdRxZ0Dom/MwPr6pn1efIWoMzjR3DfDTNRaMRKKTb9A0MIQqnis
QsUgZEMdxvHLLde3gv84woAm2se9iw9KmuKggSicIZnoOAxo03uDm7kDowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFxd7QiVTeqABKJjnKmPtl/h4iRMB8GA1UdIwQY
MBaAFKfHVE6LSC0jEZA3Bu7XJASf44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDIt
NDA1MjQ1MGM5MGE5LzEvMFhGM3RDSlZONm9BRW9tT2NxWS0yWC1IaUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDItNDA1MjQ1MGM5MGE5
LzEvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXi2MA0G
CSqGSIb3DQEBCwUAA4IBAQCzvE40J6NHqgApryB+XfE9ywWcitTSDDfGGt7mTNjx
g7+OTMJpVUDl47D7PhQ4ybFwSvJk/g87trhpPay9MxGvb+jf+1mHgjIkhvzLQKnx
2K2N4tOgXNvwYJ68Lu7dA416fL6ax+KtczmYKAh2J24ZBJ4QH42PcWgRLJAFFScK
T6MQh7/zsVEUxS89VkDhHCjQuzwWQ+DHjCujaNULVmPf1+gfZXc/J1FuIJ4ZQSd6
aS7hyix87FEYLv/53Kzgx6YHUJkC0IuxgNNDSBcbvifFQV0+rXqxG7BkhNhfp8WQ
Szw1oeKk70WFyrUA7o3nQLziO2xaQwhHUdLnKjwj32cd
-----END CERTIFICATE-----