Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/JaIluHb9Ol2H67Ys_nrWjj3A9ig.roa
File:                     JaIluHb9Ol2H67Ys_nrWjj3A9ig.roa (raw, json)
Hash identifier:          LP+bDdFCcwv92ikvTs/m9H7GE/XhiIk1lICpND9OEV4=
Subject key identifier:   25:A2:25:B8:76:FD:3A:5D:87:EB:B6:2C:FE:7A:D6:8E:3D:C0:F6:28
Certificate issuer:       /CN=dab740f6665f9983f54061dca1650261ad6f2138
Certificate serial:       018CC42552237DBDCC2808610895133BB421
Authority key identifier: DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/JaIluHb9Ol2H67Ys_nrWjj3A9ig.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201333
IP address blocks:        185.100.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:52:23:7d:bd:cc:28:08:61:08:95:13:3b:b4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dab740f6665f9983f54061dca1650261ad6f2138
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25a225b876fd3a5d87ebb62cfe7ad68e3dc0f628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7e:ca:82:2f:b3:48:a2:be:f8:a0:02:57:ab:
                    d5:cc:bb:e1:f5:74:bd:ed:37:1a:4c:02:ec:0f:83:
                    ca:6d:ca:fc:5b:1e:5d:c7:46:bb:cd:14:5d:93:1b:
                    fd:d7:76:39:6d:3d:93:15:cb:15:82:c6:84:40:14:
                    6d:d5:83:f3:80:47:9e:cc:16:57:2c:94:a6:ab:3a:
                    c7:31:7e:4d:80:87:ba:b0:6c:18:91:24:be:76:e8:
                    61:cd:ac:32:88:b5:73:c2:2b:57:57:c7:c7:87:0f:
                    c0:20:1b:42:5d:96:76:f5:f4:35:3f:63:31:09:8a:
                    26:04:2d:4e:1d:12:d8:93:a7:5d:58:7f:de:48:dc:
                    b6:21:1b:81:14:f8:b1:0d:26:fd:9d:c4:46:00:2d:
                    7e:18:33:df:83:32:ec:1d:78:c7:57:06:72:9e:90:
                    de:23:b3:ef:12:a7:ed:ad:55:42:c8:c6:b3:49:61:
                    a1:c3:00:54:1d:6b:77:27:e7:11:46:c3:67:bf:f3:
                    52:f6:8c:bf:4c:54:9c:6d:1b:5f:ef:b6:99:0a:ee:
                    9f:02:2b:85:7b:e5:94:e5:07:85:e6:fd:ac:b1:f8:
                    dc:af:5e:ff:ec:60:72:b0:df:dc:4c:6e:9c:bc:0a:
                    2c:c4:7c:e5:66:cd:aa:ba:90:cb:0e:d9:6f:af:51:
                    6b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A2:25:B8:76:FD:3A:5D:87:EB:B6:2C:FE:7A:D6:8E:3D:C0:F6:28
            X509v3 Authority Key Identifier:
                keyid:DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/JaIluHb9Ol2H67Ys_nrWjj3A9ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:59:69:47:e6:ef:e0:8b:15:27:1e:57:02:04:db:d3:2f:16:
         65:4e:b5:a8:2d:27:de:b6:d4:d2:b4:57:ff:9d:df:a5:19:60:
         1f:a9:cf:58:af:32:58:bd:67:7a:f8:b4:21:1c:f5:28:d9:41:
         97:aa:fa:9e:31:70:86:3f:c3:67:49:21:1e:6d:19:c5:b0:5f:
         59:d2:44:5f:c5:23:60:9d:dd:6d:c6:bd:c3:d4:63:9e:d5:ad:
         32:d8:37:71:6a:35:7d:a3:09:3d:66:29:0f:bc:6d:d0:4d:2c:
         ec:d3:78:31:3a:11:03:05:71:e6:6f:d4:99:dc:24:dd:80:e0:
         6c:dc:cc:86:59:a4:0a:1e:06:ab:61:78:fd:ae:49:f9:61:16:
         91:f3:3b:86:d8:7b:3c:33:d1:78:f2:61:ae:da:f3:f5:92:72:
         ed:36:85:53:d0:fe:17:db:ab:f2:35:2b:83:8d:ca:d2:8c:e7:
         ef:7c:8a:63:0e:0f:be:b4:72:d3:09:05:40:0e:ce:47:6d:d1:
         ab:af:61:47:0a:37:81:13:8e:1b:01:7c:f0:62:61:0e:5e:7c:
         c3:ca:b9:fb:9f:73:87:38:77:80:82:44:03:e1:c7:da:32:05:
         50:63:e9:d2:0a:08:19:f7:54:dd:a8:6c:74:98:74:cc:70:a7:
         f5:8a:c4:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVIjfb3MKAhhCJUTO7QhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYjc0MGY2NjY1Zjk5ODNmNTQwNjFkY2ExNjUwMjYxYWQ2
ZjIxMzgwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWEyMjViODc2ZmQzYTVkODdlYmI2MmNmZTdhZDY4ZTNkYzBmNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn7Kgi+zSKK++KACV6vVzLvh9XS9
7TcaTALsD4PKbcr8Wx5dx0a7zRRdkxv913Y5bT2TFcsVgsaEQBRt1YPzgEeezBZX
LJSmqzrHMX5NgIe6sGwYkSS+duhhzawyiLVzwitXV8fHhw/AIBtCXZZ29fQ1P2Mx
CYomBC1OHRLYk6ddWH/eSNy2IRuBFPixDSb9ncRGAC1+GDPfgzLsHXjHVwZynpDe
I7PvEqftrVVCyMazSWGhwwBUHWt3J+cRRsNnv/NS9oy/TFScbRtf77aZCu6fAiuF
e+WU5QeF5v2ssfjcr17/7GBysN/cTG6cvAosxHzlZs2qupDLDtlvr1FrhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWiJbh2/Tpdh+u2LP561o49wPYoMB8GA1UdIwQY
MBaAFNq3QPZmX5mD9UBh3KFlAmGtbyE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnJkQTltWmZtWVAxUUdIY29XVUNZYTF2SVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xMzVjZjQtMDg2Zi00NTE2LWEzZWIt
MWI3YzkyYTYxZGY2LzEvSmFJbHVIYjlPbDJINjdZc19ucldqajNBOWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xMzVjZjQtMDg2Zi00NTE2LWEzZWItMWI3YzkyYTYxZGY2
LzEvMnJkQTltWmZtWVAxUUdIY29XVUNZYTF2SVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWQQMA0G
CSqGSIb3DQEBCwUAA4IBAQBuWWlH5u/gixUnHlcCBNvTLxZlTrWoLSfettTStFf/
nd+lGWAfqc9YrzJYvWd6+LQhHPUo2UGXqvqeMXCGP8NnSSEebRnFsF9Z0kRfxSNg
nd1txr3D1GOe1a0y2DdxajV9owk9ZikPvG3QTSzs03gxOhEDBXHmb9SZ3CTdgOBs
3MyGWaQKHgarYXj9rkn5YRaR8zuG2Hs8M9F48mGu2vP1knLtNoVT0P4X26vyNSuD
jcrSjOfvfIpjDg++tHLTCQVADs5HbdGrr2FHCjeBE44bAXzwYmEOXnzDyrn7n3OH
OHeAgkQD4cfaMgVQY+nSCggZ91TdqGx0mHTMcKf1isSz
-----END CERTIFICATE-----