Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/ui5Mat4nsMmfRi3PSBDmfjJ3Dv8.roa
File:                     ui5Mat4nsMmfRi3PSBDmfjJ3Dv8.roa (raw, json)
Hash identifier:          mkzGULpmmlE8/QktPaCU0rLHK2lgFHeJiCq2O81bqz0=
Subject key identifier:   BA:2E:4C:6A:DE:27:B0:C9:9F:46:2D:CF:48:10:E6:7E:32:77:0E:FF
Certificate issuer:       /CN=dd8a4e1dee5bb1e6579b1161ca912ca9c03b46ed
Certificate serial:       018CC64A5FD1C52567601BE33F5E2B684790
Authority key identifier: DD:8A:4E:1D:EE:5B:B1:E6:57:9B:11:61:CA:91:2C:A9:C0:3B:46:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/ui5Mat4nsMmfRi3PSBDmfjJ3Dv8.roa
Signing time:             Mon 01 Jan 2024 18:30:12 +0000
ROA not before:           Mon 01 Jan 2024 18:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60605
IP address blocks:        185.25.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:5f:d1:c5:25:67:60:1b:e3:3f:5e:2b:68:47:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd8a4e1dee5bb1e6579b1161ca912ca9c03b46ed
        Validity
            Not Before: Jan  1 18:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba2e4c6ade27b0c99f462dcf4810e67e32770eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:90:78:1d:d1:01:a4:22:91:d6:1a:87:44:bd:
                    48:1d:c8:32:16:b0:16:eb:33:23:80:e8:5e:8f:30:
                    e6:47:81:d1:d5:7c:24:10:0f:22:a6:0b:4c:5e:70:
                    0c:60:b9:7d:8c:1e:30:f0:70:49:5d:09:b6:4b:c2:
                    b8:7e:43:b3:9d:03:64:7b:b0:5b:4f:89:4f:d3:a7:
                    88:1c:b1:41:13:ae:86:7f:76:f4:01:52:21:b1:e6:
                    32:0b:0a:92:ec:26:51:45:d9:9e:a7:bc:26:80:25:
                    95:55:a2:11:31:28:9f:19:d5:4d:91:2b:7d:2c:4c:
                    7c:1b:b2:31:65:cc:32:9c:99:dd:7f:ce:5f:57:0e:
                    6a:23:88:72:09:85:6f:e6:1a:37:fc:5c:e4:0e:4b:
                    6a:45:2f:80:ee:f4:2d:6d:06:92:07:f8:29:7d:42:
                    51:fa:3c:b2:f2:d6:06:58:72:13:09:8c:b0:37:25:
                    7e:81:09:bf:c3:fc:73:50:8e:aa:37:1f:fd:91:65:
                    a8:bd:96:a2:bf:3f:c3:c7:51:fa:8d:36:a1:ea:26:
                    77:39:de:94:3d:40:64:ef:dc:e8:08:7b:07:7b:a8:
                    af:8e:d4:2d:f9:62:82:de:06:bf:aa:d1:6f:84:e7:
                    5d:5b:76:25:21:8c:4b:52:d6:41:f4:87:81:3b:29:
                    98:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:2E:4C:6A:DE:27:B0:C9:9F:46:2D:CF:48:10:E6:7E:32:77:0E:FF
            X509v3 Authority Key Identifier:
                keyid:DD:8A:4E:1D:EE:5B:B1:E6:57:9B:11:61:CA:91:2C:A9:C0:3B:46:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3YpOHe5bseZXmxFhypEsqcA7Ru0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/ui5Mat4nsMmfRi3PSBDmfjJ3Dv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5d1908-6c4d-4581-8f10-985aac5beb30/1/3YpOHe5bseZXmxFhypEsqcA7Ru0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:7e:52:57:89:99:c0:da:37:11:4b:61:a4:cb:06:7b:46:9f:
         12:54:88:7a:f3:f2:47:2b:d5:0c:db:d7:4e:c9:a8:8b:79:cd:
         02:0d:80:23:47:63:4a:30:3b:58:f0:ef:b8:c6:26:f1:5a:af:
         e0:90:4b:d1:53:20:3b:96:4c:d1:ad:18:12:f4:9c:d6:65:24:
         94:d3:fd:16:69:5f:7c:4e:3e:df:0c:5a:a9:82:fd:66:bd:ff:
         8c:fe:da:a0:49:10:19:da:c9:1c:7b:ae:47:9a:c7:dc:16:66:
         27:60:c2:a8:b4:6c:ed:73:17:55:dd:b9:fc:60:42:26:33:c7:
         1f:f2:95:b2:77:07:57:b6:51:15:81:ba:8f:19:96:f6:6d:04:
         14:70:eb:1d:6b:44:80:24:92:76:93:47:29:c0:a0:85:ab:37:
         75:18:4f:6c:52:0f:6e:40:0c:fa:9a:3a:38:9a:83:17:da:2c:
         69:75:71:e9:f8:00:f9:71:82:14:56:50:9b:cb:c6:03:62:fe:
         08:69:f4:4a:94:56:09:86:0f:8a:4f:03:af:91:7f:e6:ce:1b:
         44:a6:55:39:e1:19:05:8f:75:c3:13:7d:f9:5a:33:5a:e3:7c:
         b9:38:0f:9e:1b:a5:da:01:37:b0:ed:e8:b8:fd:5d:c3:5c:ec:
         3c:1e:be:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSl/RxSVnYBvjP14raEeQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOGE0ZTFkZWU1YmIxZTY1NzliMTE2MWNhOTEyY2E5YzAz
YjQ2ZWQwHhcNMjQwMTAxMTgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTJlNGM2YWRlMjdiMGM5OWY0NjJkY2Y0ODEwZTY3ZTMyNzcwZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5B4HdEBpCKR1hqHRL1IHcgyFrAW
6zMjgOhejzDmR4HR1XwkEA8ipgtMXnAMYLl9jB4w8HBJXQm2S8K4fkOznQNke7Bb
T4lP06eIHLFBE66Gf3b0AVIhseYyCwqS7CZRRdmep7wmgCWVVaIRMSifGdVNkSt9
LEx8G7IxZcwynJndf85fVw5qI4hyCYVv5ho3/FzkDktqRS+A7vQtbQaSB/gpfUJR
+jyy8tYGWHITCYywNyV+gQm/w/xzUI6qNx/9kWWovZaivz/Dx1H6jTah6iZ3Od6U
PUBk79zoCHsHe6ivjtQt+WKC3ga/qtFvhOddW3YlIYxLUtZB9IeBOymYmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLouTGreJ7DJn0Ytz0gQ5n4ydw7/MB8GA1UdIwQY
MBaAFN2KTh3uW7HmV5sRYcqRLKnAO0btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lwT0hlNWJzZVpYbXhGaHlwRXNxY0E3UnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81ZDE5MDgtNmM0ZC00NTgxLThmMTAt
OTg1YWFjNWJlYjMwLzEvdWk1TWF0NG5zTW1mUmkzUFNCRG1makozRHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81ZDE5MDgtNmM0ZC00NTgxLThmMTAtOTg1YWFjNWJlYjMw
LzEvM1lwT0hlNWJzZVpYbXhGaHlwRXNxY0E3UnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCrflJXiZnA2jcRS2GkywZ7Rp8SVIh68/JHK9UM29dO
yaiLec0CDYAjR2NKMDtY8O+4xibxWq/gkEvRUyA7lkzRrRgS9JzWZSSU0/0WaV98
Tj7fDFqpgv1mvf+M/tqgSRAZ2skce65HmsfcFmYnYMKotGztcxdV3bn8YEImM8cf
8pWydwdXtlEVgbqPGZb2bQQUcOsda0SAJJJ2k0cpwKCFqzd1GE9sUg9uQAz6mjo4
moMX2ixpdXHp+AD5cYIUVlCby8YDYv4IafRKlFYJhg+KTwOvkX/mzhtEplU54RkF
j3XDE335WjNa43y5OA+eG6XaATew7ei4/V3DXOw8Hr4R
-----END CERTIFICATE-----