Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/axPkx7IIBGtpg8kpYOgtEhVBUZ8.roa
File:                     axPkx7IIBGtpg8kpYOgtEhVBUZ8.roa (raw, json)
Hash identifier:          ds/dbw6vhJopNHOgGK5toxkIshQARPLRZalppwa75P0=
Subject key identifier:   6B:13:E4:C7:B2:08:04:6B:69:83:C9:29:60:E8:2D:12:15:41:51:9F
Certificate issuer:       /CN=1f0565865a533402c2f4343fe1af541a006d9d6e
Certificate serial:       01925DBBE935318EE73EC42BBBF9B6409FF1
Authority key identifier: 1F:05:65:86:5A:53:34:02:C2:F4:34:3F:E1:AF:54:1A:00:6D:9D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/axPkx7IIBGtpg8kpYOgtEhVBUZ8.roa
Signing time:             Sat 05 Oct 2024 17:30:48 +0000
ROA not before:           Sat 05 Oct 2024 17:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.190.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5d:bb:e9:35:31:8e:e7:3e:c4:2b:bb:f9:b6:40:9f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f0565865a533402c2f4343fe1af541a006d9d6e
        Validity
            Not Before: Oct  5 17:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b13e4c7b208046b6983c92960e82d121541519f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b5:d8:3e:0b:5f:7a:3f:b0:c5:63:3d:c8:2b:
                    fd:11:46:d2:57:78:ee:f4:84:3a:b1:2a:a6:bc:fd:
                    8d:b9:a1:f6:c3:d2:7f:b1:53:2a:9a:46:bd:34:34:
                    48:9b:aa:d6:06:e9:78:56:b1:d7:01:b5:c2:3c:fb:
                    3a:c7:58:26:b3:e5:07:e9:5c:9e:0e:2b:20:95:61:
                    5b:b1:c6:a4:59:81:b0:9a:66:aa:17:2e:2e:a2:6d:
                    b4:5c:b2:be:c2:bf:77:13:68:e5:97:d0:46:cf:f1:
                    1e:b0:18:76:98:83:48:49:40:b6:8f:90:e0:8d:cd:
                    52:52:2b:49:85:a4:61:8e:a0:8a:ac:43:3d:53:40:
                    47:b4:2d:01:70:77:c6:03:63:0f:00:fd:5e:19:93:
                    6d:1d:f0:75:20:00:23:e7:14:83:05:76:7a:44:1b:
                    c4:c0:fa:41:66:08:dd:8e:c8:6f:f5:c9:38:d4:86:
                    e3:cd:40:f3:40:9e:50:4f:04:9a:77:ab:99:80:58:
                    69:8b:52:48:a2:2d:eb:ea:35:45:d0:bd:90:89:48:
                    bc:13:40:f5:35:40:0e:fd:6f:51:be:81:61:d8:d3:
                    74:24:27:cb:51:58:e8:c2:86:5b:25:a8:4b:cc:0f:
                    6d:20:b8:98:0c:05:e1:2b:84:c1:80:3f:4b:d3:0d:
                    8c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:13:E4:C7:B2:08:04:6B:69:83:C9:29:60:E8:2D:12:15:41:51:9F
            X509v3 Authority Key Identifier:
                keyid:1F:05:65:86:5A:53:34:02:C2:F4:34:3F:E1:AF:54:1A:00:6D:9D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwVlhlpTNALC9DQ_4a9UGgBtnW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/axPkx7IIBGtpg8kpYOgtEhVBUZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9fe49f-9ed0-4db3-9be5-5c690447ba89/1/HwVlhlpTNALC9DQ_4a9UGgBtnW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:97:6c:b4:42:50:be:7d:e8:fb:f1:0d:1f:0d:d1:5b:39:70:
         71:14:95:47:86:b9:67:85:b9:0e:d9:ab:18:9f:e0:d3:61:52:
         63:b1:e4:59:49:d2:60:48:09:3c:66:d7:fa:47:b6:9a:49:c3:
         8e:71:de:2b:90:0f:0a:f8:6e:27:07:3e:20:22:8d:ba:19:11:
         1d:fd:e7:4b:c5:31:af:0d:6b:f4:2d:6f:70:e5:57:0d:b3:e6:
         96:cc:8f:e0:b7:0b:9f:0d:df:b1:1d:2a:07:27:c2:cc:13:fa:
         df:7a:ad:f9:bd:57:ce:c9:00:e5:9f:30:45:67:a0:08:3a:bb:
         8c:9d:11:91:2f:42:ec:51:88:b4:f7:50:5c:ea:40:f0:a5:d5:
         4c:db:e1:9a:bf:77:19:d1:40:8f:7a:fa:62:95:58:70:4d:e4:
         51:e1:83:9f:80:b3:e7:bb:61:1f:57:7a:9b:da:8c:aa:ba:97:
         07:e1:b3:47:64:23:05:3f:12:2e:57:bc:fb:ea:e4:75:92:14:
         4d:1f:88:85:90:aa:86:b3:11:62:8c:a0:c2:9f:13:83:bb:47:
         d7:89:4a:c2:47:04:75:48:40:39:66:2f:08:c0:f8:2b:56:b1:
         e1:1d:b2:2f:d1:46:a9:29:c5:cc:38:f7:06:50:cb:a0:62:1c:
         0e:dc:01:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJdu+k1MY7nPsQru/m2QJ/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMDU2NTg2NWE1MzM0MDJjMmY0MzQzZmUxYWY1NDFhMDA2
ZDlkNmUwHhcNMjQxMDA1MTczMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjEzZTRjN2IyMDgwNDZiNjk4M2M5Mjk2MGU4MmQxMjE1NDE1MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7XYPgtfej+wxWM9yCv9EUbSV3ju
9IQ6sSqmvP2NuaH2w9J/sVMqmka9NDRIm6rWBul4VrHXAbXCPPs6x1gms+UH6Vye
DisglWFbscakWYGwmmaqFy4uom20XLK+wr93E2jll9BGz/EesBh2mINISUC2j5Dg
jc1SUitJhaRhjqCKrEM9U0BHtC0BcHfGA2MPAP1eGZNtHfB1IAAj5xSDBXZ6RBvE
wPpBZgjdjshv9ck41IbjzUDzQJ5QTwSad6uZgFhpi1JIoi3r6jVF0L2QiUi8E0D1
NUAO/W9RvoFh2NN0JCfLUVjowoZbJahLzA9tILiYDAXhK4TBgD9L0w2M2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsT5MeyCARraYPJKWDoLRIVQVGfMB8GA1UdIwQY
MBaAFB8FZYZaUzQCwvQ0P+GvVBoAbZ1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHdWbGhscFROQUxDOURRXzRhOVVHZ0J0blc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85ZmU0OWYtOWVkMC00ZGIzLTliZTUt
NWM2OTA0NDdiYTg5LzEvYXhQa3g3SUlCR3RwZzhrcFlPZ3RFaFZCVVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85ZmU0OWYtOWVkMC00ZGIzLTliZTUtNWM2OTA0NDdiYTg5
LzEvSHdWbGhscFROQUxDOURRXzRhOVVHZ0J0blc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub4lMA0G
CSqGSIb3DQEBCwUAA4IBAQCul2y0QlC+fej78Q0fDdFbOXBxFJVHhrlnhbkO2asY
n+DTYVJjseRZSdJgSAk8Ztf6R7aaScOOcd4rkA8K+G4nBz4gIo26GREd/edLxTGv
DWv0LW9w5VcNs+aWzI/gtwufDd+xHSoHJ8LME/rfeq35vVfOyQDlnzBFZ6AIOruM
nRGRL0LsUYi091Bc6kDwpdVM2+Gav3cZ0UCPevpilVhwTeRR4YOfgLPnu2EfV3qb
2oyqupcH4bNHZCMFPxIuV7z76uR1khRNH4iFkKqGsxFijKDCnxODu0fXiUrCRwR1
SEA5Zi8IwPgrVrHhHbIv0UapKcXMOPcGUMugYhwO3AEE
-----END CERTIFICATE-----