Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/qKYOZOSmnakx9JA_OsLP9t00ABc.roa
File:                     qKYOZOSmnakx9JA_OsLP9t00ABc.roa (raw, json)
Hash identifier:          Fx6isUWS5ALdUE8Vk7NhW4Rrwk9vS1nF+zoSpoSf8ZA=
Subject key identifier:   A8:A6:0E:64:E4:A6:9D:A9:31:F4:90:3F:3A:C2:CF:F6:DD:34:00:17
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018D5F1DC5D897FB96027DAE40E18F
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/qKYOZOSmnakx9JA_OsLP9t00ABc.roa
Signing time:             Tue 02 Jan 2024 02:29:54 +0000
ROA not before:           Tue 02 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        185.173.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8d:5f:1d:c5:d8:97:fb:96:02:7d:ae:40:e1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8a60e64e4a69da931f4903f3ac2cff6dd340017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:a7:47:80:f0:9d:3b:e1:0d:55:cd:fc:b6:
                    3f:8d:82:a9:8f:51:51:88:aa:a0:f8:74:d9:9e:82:
                    79:88:21:b2:34:6a:c0:c2:68:0a:8b:da:c2:ea:97:
                    27:11:99:39:19:48:a8:9c:db:28:ac:60:61:39:d2:
                    43:76:a5:a3:57:1c:ac:fc:79:ff:fe:4d:9c:16:53:
                    cd:73:83:1b:fd:0e:5c:18:1e:13:ab:a6:9b:16:94:
                    16:76:bb:6b:cc:5d:dc:40:fb:4f:6a:c7:6f:55:e3:
                    15:3f:5c:27:4a:ad:38:ee:27:81:65:8e:71:65:19:
                    d8:84:ec:7d:0a:be:d6:81:d5:65:36:bd:c2:e2:73:
                    4d:e0:aa:18:88:89:44:6f:21:18:ee:e5:36:ab:6f:
                    ee:c3:74:ef:92:14:4d:ee:a0:b7:ba:9a:ec:12:ef:
                    25:3d:a1:01:1d:8a:f0:1c:06:1c:6a:7f:c5:de:c7:
                    8d:56:04:d9:0b:f6:f2:cb:7f:72:d5:3a:f7:e0:c7:
                    cc:43:3f:b0:ce:a6:9c:61:84:44:af:5a:d9:ad:0a:
                    16:c7:e4:30:d0:45:00:69:14:cc:e6:d9:c4:25:e8:
                    6c:75:26:8f:4a:17:07:3d:da:9d:48:62:ba:2b:9d:
                    27:c5:ad:ca:bf:ca:e4:0b:3d:e3:bf:f8:ec:e1:08:
                    9a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A6:0E:64:E4:A6:9D:A9:31:F4:90:3F:3A:C2:CF:F6:DD:34:00:17
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/qKYOZOSmnakx9JA_OsLP9t00ABc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:79:53:7f:65:24:b5:77:af:e3:b4:b4:03:42:fc:9b:13:0f:
         7f:31:6f:82:15:9b:4a:61:0e:f5:6b:e9:03:39:d2:9f:9c:66:
         64:95:60:28:b4:6d:74:0a:45:13:09:c7:43:7d:d7:c3:0e:47:
         67:88:30:d2:d1:a6:b9:f4:31:60:36:9f:bc:db:bf:6e:7c:0c:
         40:a6:f1:e3:1b:e2:5c:35:8b:d8:2c:9e:ad:ce:aa:4c:db:c8:
         7f:40:57:5c:b9:f3:d1:92:d9:00:24:f9:1a:0f:f4:d2:08:51:
         a4:95:58:22:39:c7:c1:4c:a1:d8:34:ae:da:00:4d:f3:95:da:
         1a:7a:55:1d:7d:50:37:bd:1a:40:b3:2d:9d:cf:7f:f0:b7:27:
         e9:3c:64:e7:d6:6f:5c:a4:ac:5c:7b:33:7f:b7:c9:c8:4f:05:
         04:c1:e1:68:80:2f:a6:81:86:8c:2d:40:d2:d7:e4:f6:5a:e6:
         8e:0e:2b:3c:f1:53:04:3d:85:34:3a:32:ce:7b:41:8a:fb:20:
         89:ab:61:b1:51:b2:82:32:58:d0:e3:b7:e8:40:12:24:a9:9e:
         15:c3:7f:ac:b2:4c:81:39:9a:b1:0f:4e:11:18:77:4e:ef:e3:
         4f:a1:11:74:9d:89:20:74:87:de:59:0c:7e:c2:10:62:b7:a1:
         d8:61:6a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAY1fHcXYl/uWAn2uQOGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE2MGU2NGU0YTY5ZGE5MzFmNDkwM2YzYWMyY2ZmNmRkMzQwMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC2nR4DwnTvhDVXN/LY/jYKpj1FR
iKqg+HTZnoJ5iCGyNGrAwmgKi9rC6pcnEZk5GUionNsorGBhOdJDdqWjVxys/Hn/
/k2cFlPNc4Mb/Q5cGB4Tq6abFpQWdrtrzF3cQPtPasdvVeMVP1wnSq047ieBZY5x
ZRnYhOx9Cr7WgdVlNr3C4nNN4KoYiIlEbyEY7uU2q2/uw3TvkhRN7qC3uprsEu8l
PaEBHYrwHAYcan/F3seNVgTZC/byy39y1Tr34MfMQz+wzqacYYREr1rZrQoWx+Qw
0EUAaRTM5tnEJehsdSaPShcHPdqdSGK6K50nxa3Kv8rkCz3jv/js4QiaiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKimDmTkpp2pMfSQPzrCz/bdNAAXMB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvcUtZT1pPU21uYWt4OUpBX09zTFA5dDAwQUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua2QMA0G
CSqGSIb3DQEBCwUAA4IBAQCceVN/ZSS1d6/jtLQDQvybEw9/MW+CFZtKYQ71a+kD
OdKfnGZklWAotG10CkUTCcdDfdfDDkdniDDS0aa59DFgNp+8279ufAxApvHjG+Jc
NYvYLJ6tzqpM28h/QFdcufPRktkAJPkaD/TSCFGklVgiOcfBTKHYNK7aAE3zldoa
elUdfVA3vRpAsy2dz3/wtyfpPGTn1m9cpKxcezN/t8nITwUEweFogC+mgYaMLUDS
1+T2WuaODis88VMEPYU0OjLOe0GK+yCJq2GxUbKCMljQ47foQBIkqZ4Vw3+sskyB
OZqxD04RGHdO7+NPoRF0nYkgdIfeWQx+whBit6HYYWom
-----END CERTIFICATE-----