Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/0xHjVSZdRfrStkMzArdqdZbKInA.roa
File:                     0xHjVSZdRfrStkMzArdqdZbKInA.roa (raw, json)
Hash identifier:          QcW+K87diU5BkEN/PvkZJcP6sfhBwWdtE+/6h6H/nQk=
Subject key identifier:   D3:11:E3:55:26:5D:45:FA:D2:B6:43:33:02:B7:6A:75:96:CA:22:70
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       018CC870B384BE9AAF2D3D9825BD7F7B6C72
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/0xHjVSZdRfrStkMzArdqdZbKInA.roa
Signing time:             Tue 02 Jan 2024 04:31:18 +0000
ROA not before:           Tue 02 Jan 2024 04:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201341
IP address blocks:        185.122.143.0/24 maxlen: 24
                          185.122.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:b3:84:be:9a:af:2d:3d:98:25:bd:7f:7b:6c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Jan  2 04:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d311e355265d45fad2b6433302b76a7596ca2270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:16:01:f1:64:28:13:13:bd:15:e6:67:dd:16:
                    d3:a9:d3:c5:95:8c:9e:3b:c5:f0:3a:8c:55:a4:7d:
                    a9:dd:d7:98:ea:63:2a:07:1a:8b:cb:92:aa:3a:31:
                    81:cf:e2:e3:54:73:9d:e0:18:a6:b9:cf:7e:7f:12:
                    27:40:fc:3a:17:00:ad:49:4d:03:5a:ab:c4:5f:8c:
                    91:1f:2a:5f:8d:e8:b7:b3:11:d6:64:1f:58:fe:52:
                    4a:98:f4:7a:fd:5c:b7:68:0c:15:0d:d4:17:c7:48:
                    a8:01:8f:42:f2:6a:40:52:fa:10:bb:5b:64:08:ef:
                    bc:2e:f9:3b:d1:3d:9d:69:72:28:2e:31:4f:b6:da:
                    47:6f:d7:18:33:79:cb:1a:f5:e3:80:0e:d0:32:8b:
                    ef:f7:40:fd:d4:5e:85:4c:aa:57:76:66:73:f4:9d:
                    30:a1:31:2f:f6:b4:93:bb:06:24:40:9e:9e:f7:d1:
                    53:23:94:dc:9f:88:37:b0:53:35:5e:3e:53:e7:b7:
                    6c:f7:bf:35:d5:58:f4:64:c5:df:1d:1a:d6:e6:52:
                    3b:9e:1c:1d:6d:7d:74:20:dd:0f:a1:c7:1a:71:7b:
                    ab:c4:84:06:04:94:56:e3:7a:40:28:2e:51:ef:5b:
                    43:96:0f:d1:4f:68:af:79:5e:59:56:bf:71:5f:e0:
                    97:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:11:E3:55:26:5D:45:FA:D2:B6:43:33:02:B7:6A:75:96:CA:22:70
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/0xHjVSZdRfrStkMzArdqdZbKInA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.141.0/24
                  185.122.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e7:40:6d:17:ea:92:01:02:f8:38:5c:85:bc:36:fb:9c:9c:
         cc:d3:19:57:00:0c:22:5e:6a:3d:87:ab:bb:0b:11:66:2e:93:
         cc:33:65:de:68:64:af:79:de:ca:df:eb:b6:c3:e6:67:bd:12:
         df:53:ca:39:87:8b:97:e6:73:a5:6f:c9:62:a5:52:96:24:d2:
         3b:e4:4c:6b:aa:85:bd:e8:bc:50:7e:2b:34:f6:ec:09:52:5e:
         bc:b7:3a:fc:21:79:c7:1b:6b:79:93:7f:e4:0b:ce:a5:f6:54:
         c2:be:a1:17:98:ba:23:83:5b:41:7a:dc:7b:c7:a0:05:66:67:
         26:e2:d6:58:3e:0a:8e:87:a0:04:f6:da:1e:fb:6a:1c:1e:5d:
         47:3f:c4:ce:c6:82:af:b5:01:95:96:4b:f1:f3:68:00:0a:76:
         8b:2e:55:5b:8c:fd:c3:99:b1:22:63:57:c5:9f:36:ec:65:55:
         41:a0:6d:fb:8a:f1:64:9c:ca:94:f6:01:a8:42:37:d1:d9:54:
         3a:5a:61:39:f0:e5:68:c2:2c:02:a3:3e:25:c0:74:55:36:ac:
         b2:1d:8f:09:b8:1e:78:48:44:91:e1:89:3c:1b:d5:f4:dd:4b:
         23:2b:22:c9:c6:f3:35:22:4f:80:ca:5b:90:5f:ee:36:a0:df:
         c5:0d:6b:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcLOEvpqvLT2YJb1/e2xyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjQwMTAyMDQzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzExZTM1NTI2NWQ0NWZhZDJiNjQzMzMwMmI3NmE3NTk2Y2EyMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxYB8WQoExO9FeZn3RbTqdPFlYye
O8XwOoxVpH2p3deY6mMqBxqLy5KqOjGBz+LjVHOd4Bimuc9+fxInQPw6FwCtSU0D
WqvEX4yRHypfjei3sxHWZB9Y/lJKmPR6/Vy3aAwVDdQXx0ioAY9C8mpAUvoQu1tk
CO+8Lvk70T2daXIoLjFPttpHb9cYM3nLGvXjgA7QMovv90D91F6FTKpXdmZz9J0w
oTEv9rSTuwYkQJ6e99FTI5Tcn4g3sFM1Xj5T57ds97811Vj0ZMXfHRrW5lI7nhwd
bX10IN0PoccacXurxIQGBJRW43pAKC5R71tDlg/RT2iveV5ZVr9xX+CXcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNMR41UmXUX60rZDMwK3anWWyiJwMB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvMHhIalZTWmRSZnJTdGtNekFyZHFkWmJLSW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXqNAwQA
uXqPMA0GCSqGSIb3DQEBCwUAA4IBAQCW50BtF+qSAQL4OFyFvDb7nJzM0xlXAAwi
Xmo9h6u7CxFmLpPMM2XeaGSved7K3+u2w+ZnvRLfU8o5h4uX5nOlb8lipVKWJNI7
5ExrqoW96LxQfis09uwJUl68tzr8IXnHG2t5k3/kC86l9lTCvqEXmLojg1tBetx7
x6AFZmcm4tZYPgqOh6AE9toe+2ocHl1HP8TOxoKvtQGVlkvx82gACnaLLlVbjP3D
mbEiY1fFnzbsZVVBoG37ivFknMqU9gGoQjfR2VQ6WmE58OVowiwCoz4lwHRVNqyy
HY8JuB54SESR4Yk8G9X03UsjKyLJxvM1Ik+AyluQX+42oN/FDWuQ
-----END CERTIFICATE-----