Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/ldQUZzHPfOmrHPeRlzR-sXXtKBI.roa
File:                     ldQUZzHPfOmrHPeRlzR-sXXtKBI.roa (raw, json)
Hash identifier:          WCVJTHadxJbSQgUVLVDt/GMEY9b8OcP/FZ1VMXJFfGc=
Subject key identifier:   95:D4:14:67:31:CF:7C:E9:AB:1C:F7:91:97:34:7E:B1:75:ED:28:12
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       0190DE2DCA661AC7DAC521C8D60F912A79FB
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/ldQUZzHPfOmrHPeRlzR-sXXtKBI.roa
Signing time:             Tue 23 Jul 2024 06:01:01 +0000
ROA not before:           Tue 23 Jul 2024 06:01:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.197.128.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:2d:ca:66:1a:c7:da:c5:21:c8:d6:0f:91:2a:79:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jul 23 06:01:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d4146731cf7ce9ab1cf79197347eb175ed2812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b2:2a:55:ea:6e:e5:5f:d2:4e:bf:71:1c:f8:
                    13:a0:a5:8c:22:09:aa:57:24:c0:8b:ed:14:a0:c7:
                    2f:37:8b:0c:67:92:99:a8:54:92:0c:87:c8:59:f4:
                    23:53:bf:7e:24:c8:dc:c5:66:6e:54:52:d7:cb:3e:
                    c0:a5:b2:d0:97:cc:b1:72:50:d1:c9:39:eb:35:31:
                    5e:6a:7c:f8:56:4a:67:ab:01:5c:13:8c:0b:7c:05:
                    ad:da:1f:22:30:bd:d2:10:11:51:b3:a0:38:2f:a1:
                    1c:73:33:99:04:5b:dd:14:33:7c:b1:dd:ff:8f:2b:
                    e1:af:8e:70:2d:10:d0:46:19:78:eb:c2:44:d4:c7:
                    5d:e8:d2:25:05:4c:54:ef:b4:4c:26:4f:02:10:ed:
                    b9:61:00:19:ca:4a:1d:0f:23:63:89:84:0e:0e:14:
                    18:ea:45:96:d6:5b:7d:4f:88:02:a2:70:8e:1a:eb:
                    7a:b9:05:04:73:76:8e:75:90:3b:d5:58:6c:67:3e:
                    bc:48:37:3b:6b:db:dd:17:db:1c:26:06:9e:e9:38:
                    59:32:0e:37:4a:4f:d7:29:f7:81:b6:8a:57:8b:b6:
                    89:1b:a2:0d:40:0b:3f:ce:39:7e:11:6b:a5:23:20:
                    fb:cf:76:6f:60:18:4d:30:90:90:db:60:9b:4a:c7:
                    3a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D4:14:67:31:CF:7C:E9:AB:1C:F7:91:97:34:7E:B1:75:ED:28:12
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/ldQUZzHPfOmrHPeRlzR-sXXtKBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:e9:16:39:1a:04:b5:2b:37:a0:b5:d3:ce:3a:51:1c:12:19:
         0c:09:f3:e4:8f:69:56:94:71:11:6f:a4:1b:01:aa:04:b8:e6:
         ce:88:53:7a:7e:02:de:be:19:44:86:d2:a2:74:9f:68:11:de:
         59:f7:10:9b:30:41:cd:8e:f5:19:72:b9:7f:1e:f0:92:00:64:
         6c:45:8e:90:a3:ff:ac:5a:f8:8f:e0:fe:8b:47:92:ae:ec:ac:
         ae:f2:8d:49:ca:c3:f1:21:6c:9b:7f:9b:52:3e:05:d0:0b:58:
         8f:7f:b5:16:94:d1:af:a9:0c:6e:f8:53:36:ee:ae:c8:b2:50:
         df:4a:34:b3:b8:34:71:53:44:11:22:a2:38:e4:26:d4:25:f6:
         c3:51:c9:d0:d6:e1:a6:81:8e:96:02:57:e1:3a:95:aa:8e:50:
         cb:cb:d4:66:15:92:24:2e:6c:ca:f9:72:2a:13:ba:e4:6f:ff:
         1b:d8:8d:8c:dd:cb:ba:7a:c6:04:a3:47:d1:53:be:16:8e:2a:
         48:06:be:a7:fb:60:dc:c6:bf:20:48:92:85:2d:aa:7e:28:85:
         59:fe:bb:db:ba:f1:af:6b:8a:38:a5:b6:ae:d7:ac:93:b4:ce:
         ec:93:a2:c5:42:18:fb:72:a3:49:60:f8:e6:ee:c9:0b:e8:5d:
         f6:c8:8a:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDeLcpmGsfaxSHI1g+RKnn7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwNzIzMDYwMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ0MTQ2NzMxY2Y3Y2U5YWIxY2Y3OTE5NzM0N2ViMTc1ZWQyODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrIqVepu5V/STr9xHPgToKWMIgmq
VyTAi+0UoMcvN4sMZ5KZqFSSDIfIWfQjU79+JMjcxWZuVFLXyz7ApbLQl8yxclDR
yTnrNTFeanz4VkpnqwFcE4wLfAWt2h8iML3SEBFRs6A4L6EcczOZBFvdFDN8sd3/
jyvhr45wLRDQRhl468JE1Mdd6NIlBUxU77RMJk8CEO25YQAZykodDyNjiYQODhQY
6kWW1lt9T4gConCOGut6uQUEc3aOdZA71VhsZz68SDc7a9vdF9scJgae6ThZMg43
Sk/XKfeBtopXi7aJG6INQAs/zjl+EWulIyD7z3ZvYBhNMJCQ22CbSsc6iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXUFGcxz3zpqxz3kZc0frF17SgSMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvbGRRVVp6SFBmT21ySFBlUmx6Ui1zWFh0S0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucWAMA0G
CSqGSIb3DQEBCwUAA4IBAQCj6RY5GgS1KzegtdPOOlEcEhkMCfPkj2lWlHERb6Qb
AaoEuObOiFN6fgLevhlEhtKidJ9oEd5Z9xCbMEHNjvUZcrl/HvCSAGRsRY6Qo/+s
WviP4P6LR5Ku7Kyu8o1JysPxIWybf5tSPgXQC1iPf7UWlNGvqQxu+FM27q7IslDf
SjSzuDRxU0QRIqI45CbUJfbDUcnQ1uGmgY6WAlfhOpWqjlDLy9RmFZIkLmzK+XIq
E7rkb/8b2I2M3cu6esYEo0fRU74WjipIBr6n+2Dcxr8gSJKFLap+KIVZ/rvbuvGv
a4o4pbau16yTtM7sk6LFQhj7cqNJYPjm7skL6F32yIrG
-----END CERTIFICATE-----