Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/vO1SDABKywSMpihkHNx6b3YVHOQ.roa
File:                     vO1SDABKywSMpihkHNx6b3YVHOQ.roa (raw, json)
Hash identifier:          mP3QII/lDB6wNLEyPpMegrE3WbbWlLXQpHzbkr3vZ3o=
Subject key identifier:   BC:ED:52:0C:00:4A:CB:04:8C:A6:28:64:1C:DC:7A:6F:76:15:1C:E4
Certificate issuer:       /CN=a7c7544e8b482d2311903706eed724049fe385bf
Certificate serial:       018CC802F0C26E22413F71F3EDE15EB7C299
Authority key identifier: A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/vO1SDABKywSMpihkHNx6b3YVHOQ.roa
Signing time:             Tue 02 Jan 2024 02:31:25 +0000
ROA not before:           Tue 02 Jan 2024 02:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211141
IP address blocks:        185.120.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f0:c2:6e:22:41:3f:71:f3:ed:e1:5e:b7:c2:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7c7544e8b482d2311903706eed724049fe385bf
        Validity
            Not Before: Jan  2 02:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bced520c004acb048ca628641cdc7a6f76151ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:dc:99:7e:d4:f0:b2:13:35:ca:34:1f:98:5f:
                    9c:e3:85:7d:6b:95:58:62:bc:0a:8c:23:30:58:6d:
                    48:7d:79:9b:37:34:d6:c4:d2:16:92:30:ef:88:57:
                    c7:04:a6:57:6c:42:c1:fe:70:f0:d1:bc:f3:25:ef:
                    80:f4:8a:cf:a1:74:5a:49:e6:46:72:dd:f1:78:8f:
                    f2:17:3a:6a:be:07:6d:d8:0d:d3:79:30:3b:a5:35:
                    d5:72:04:af:50:70:dc:fb:05:cc:9c:69:22:0e:55:
                    a1:c8:c9:48:04:56:a4:c6:5a:4d:2b:98:93:32:17:
                    42:35:71:a9:6c:e6:b4:76:29:23:de:41:1c:93:72:
                    12:64:a7:8f:20:2d:99:1a:fb:10:3d:05:6f:aa:8d:
                    30:27:91:ab:db:49:de:72:a4:30:f3:5e:e8:b7:15:
                    42:d2:5e:6b:26:22:ad:af:71:53:88:be:b1:1f:5c:
                    d9:3f:50:6a:e3:c9:78:9f:16:0a:15:20:36:67:e5:
                    26:28:21:e5:12:a0:59:21:e8:75:21:ee:f1:38:aa:
                    fd:9c:a6:ef:7c:00:a7:f6:48:91:7a:61:08:35:e9:
                    11:1c:2c:8f:15:4e:76:dd:65:3a:74:dd:ab:53:3b:
                    c7:d9:1a:f3:0e:39:f3:c3:6a:51:05:59:15:ca:40:
                    d6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:ED:52:0C:00:4A:CB:04:8C:A6:28:64:1C:DC:7A:6F:76:15:1C:E4
            X509v3 Authority Key Identifier:
                keyid:A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/vO1SDABKywSMpihkHNx6b3YVHOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:dd:70:c5:6a:4f:6f:4a:7a:b5:c3:66:13:d2:d8:cc:90:af:
         e8:7a:82:8c:8a:48:bc:38:b1:9d:4f:ae:15:4f:41:d1:b2:5f:
         2f:8c:71:05:3a:42:a9:6e:f6:45:cb:e7:40:89:df:64:a2:1a:
         ad:47:5a:6f:e7:5c:74:f4:59:2b:46:fc:fd:83:fe:c5:06:c7:
         cc:12:c2:56:4e:48:80:12:4f:d7:ce:eb:7f:6f:19:ff:3c:d9:
         10:b0:d1:89:e6:d2:c4:f8:7f:98:ee:18:62:2c:28:81:ab:59:
         94:d0:e6:c1:a5:05:da:a9:6b:67:c1:10:17:d4:72:c8:ae:4b:
         81:67:51:9b:47:64:73:43:6c:c1:a6:3d:5e:5c:ac:25:47:11:
         fc:55:e3:3f:99:c1:40:98:e4:46:21:63:cd:66:ae:24:fc:b2:
         9a:c0:31:55:76:43:4d:95:7d:e0:2e:1f:57:ab:52:24:f8:d6:
         53:fe:e8:b6:5b:c1:5b:c0:5b:51:e7:41:dc:ec:d4:53:5e:4c:
         34:a8:b2:e3:21:1b:2f:66:ab:7c:27:91:ac:88:09:f0:f9:44:
         ad:be:a9:49:02:7f:bb:66:f3:38:07:89:06:2f:1e:70:19:c5:
         66:04:16:24:0d:77:dd:b0:be:5d:fe:a9:cc:bb:48:d2:26:a6:
         a0:54:aa:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvDCbiJBP3Hz7eFet8KZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Yzc1NDRlOGI0ODJkMjMxMTkwMzcwNmVlZDcyNDA0OWZl
Mzg1YmYwHhcNMjQwMTAyMDIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2VkNTIwYzAwNGFjYjA0OGNhNjI4NjQxY2RjN2E2Zjc2MTUxY2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdyZftTwshM1yjQfmF+c44V9a5VY
YrwKjCMwWG1IfXmbNzTWxNIWkjDviFfHBKZXbELB/nDw0bzzJe+A9IrPoXRaSeZG
ct3xeI/yFzpqvgdt2A3TeTA7pTXVcgSvUHDc+wXMnGkiDlWhyMlIBFakxlpNK5iT
MhdCNXGpbOa0dikj3kEck3ISZKePIC2ZGvsQPQVvqo0wJ5Gr20necqQw817otxVC
0l5rJiKtr3FTiL6xH1zZP1Bq48l4nxYKFSA2Z+UmKCHlEqBZIeh1Ie7xOKr9nKbv
fACn9kiRemEINekRHCyPFU523WU6dN2rUzvH2RrzDjnzw2pRBVkVykDWSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLztUgwASssEjKYoZBzcem92FRzkMB8GA1UdIwQY
MBaAFKfHVE6LSC0jEZA3Bu7XJASf44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDIt
NDA1MjQ1MGM5MGE5LzEvdk8xU0RBQkt5d1NNcGloa0hOeDZiM1lWSE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDItNDA1MjQ1MGM5MGE5
LzEvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXi2MA0G
CSqGSIb3DQEBCwUAA4IBAQAk3XDFak9vSnq1w2YT0tjMkK/oeoKMiki8OLGdT64V
T0HRsl8vjHEFOkKpbvZFy+dAid9kohqtR1pv51x09FkrRvz9g/7FBsfMEsJWTkiA
Ek/Xzut/bxn/PNkQsNGJ5tLE+H+Y7hhiLCiBq1mU0ObBpQXaqWtnwRAX1HLIrkuB
Z1GbR2RzQ2zBpj1eXKwlRxH8VeM/mcFAmORGIWPNZq4k/LKawDFVdkNNlX3gLh9X
q1Ik+NZT/ui2W8FbwFtR50Hc7NRTXkw0qLLjIRsvZqt8J5GsiAnw+UStvqlJAn+7
ZvM4B4kGLx5wGcVmBBYkDXfdsL5d/qnMu0jSJqagVKoT
-----END CERTIFICATE-----