Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/0xUUmjjeEaP_p1ViXNsOStGWyKM.roa
File:                     0xUUmjjeEaP_p1ViXNsOStGWyKM.roa (raw, json)
Hash identifier:          YxF2j7mqW0WQAuLrxdWVjA4f5sHh3RVa35O9qTcnNCE=
Subject key identifier:   D3:15:14:9A:38:DE:11:A3:FF:A7:55:62:5C:DB:0E:4A:D1:96:C8:A3
Certificate issuer:       /CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
Certificate serial:       018CC4255FB0C2156AF2266033766B1ED79A
Authority key identifier: 14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/0xUUmjjeEaP_p1ViXNsOStGWyKM.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43905
IP address blocks:        185.127.180.0/24 maxlen: 24
                          185.127.181.0/24 maxlen: 24
                          185.127.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:b0:c2:15:6a:f2:26:60:33:76:6b:1e:d7:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d315149a38de11a3ffa755625cdb0e4ad196c8a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:5d:69:62:70:a5:e6:c4:e2:14:3c:67:ff:ac:
                    54:76:df:21:a3:7c:55:6f:84:38:3e:0d:a1:b4:8a:
                    94:a7:c3:76:97:16:5f:c6:22:b7:ef:ac:60:cc:2d:
                    b0:50:8c:e3:86:7a:91:c1:98:c9:23:5a:d3:36:3b:
                    1b:48:7d:f7:85:0f:18:80:20:3a:1f:3b:5a:21:0b:
                    68:c9:25:e9:d6:59:cd:8a:28:e6:88:81:f7:a4:c7:
                    11:81:70:2c:5e:dc:c4:7d:b1:17:e9:db:62:fb:cb:
                    1e:a9:86:45:ff:88:5a:4b:e3:e5:71:b2:4b:9c:68:
                    31:74:76:9c:d8:78:13:c1:64:44:cc:7f:99:cf:30:
                    c7:f6:58:37:02:99:ca:06:60:c1:19:25:e7:c6:60:
                    2a:25:e9:ff:1b:fa:71:d0:cf:e0:55:27:d3:77:14:
                    8f:b6:04:50:01:a5:ee:34:5e:d2:51:16:2b:a6:8f:
                    1a:9c:a5:7b:f9:04:42:ed:45:d0:b2:7e:b1:ef:93:
                    c5:6b:06:f2:cb:d7:46:66:31:2e:70:bc:65:61:ea:
                    d3:6a:df:e7:ed:4a:6e:2a:76:50:48:cd:7f:22:56:
                    c7:40:7f:e9:ef:62:dc:1e:5f:59:e4:21:30:10:e8:
                    77:c0:a4:de:78:59:e9:f5:7e:16:80:b8:c7:4a:b2:
                    30:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:15:14:9A:38:DE:11:A3:FF:A7:55:62:5C:DB:0E:4A:D1:96:C8:A3
            X509v3 Authority Key Identifier:
                keyid:14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/0xUUmjjeEaP_p1ViXNsOStGWyKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.180.0/23
                  185.127.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:fd:5b:93:59:1b:74:c1:d7:b4:44:0f:31:a8:35:de:74:d2:
         f9:1a:44:33:93:86:cd:2d:0f:54:35:bc:8a:63:70:10:20:ce:
         c6:15:79:7e:3c:8b:d5:6f:f6:9e:ab:6d:e6:28:bf:07:99:de:
         9a:61:79:76:a3:7e:2e:b3:4e:6d:4f:f8:37:bc:9d:62:5e:01:
         6f:8b:7f:bb:62:8e:79:2e:87:11:f7:13:3c:da:d0:8d:6d:ab:
         de:b3:d4:1e:65:37:c4:d3:11:43:28:89:be:37:d8:9d:c4:ab:
         cf:bc:5b:da:20:3a:d4:c0:3a:e2:6a:7b:f3:38:b3:3a:7d:b4:
         55:bb:73:88:98:5b:04:f1:98:8e:2c:1e:59:cd:09:29:ee:17:
         b7:37:a3:ee:20:45:5b:c1:06:8b:96:4e:b5:b4:68:99:22:d1:
         b3:8d:55:f2:fc:9c:e9:f3:af:e1:b2:f3:31:8e:71:f6:46:84:
         2e:90:e6:b3:9a:37:b1:1c:cc:49:68:d4:e7:f8:aa:c1:4e:e0:
         82:8b:21:8c:b5:f0:1b:28:66:43:89:c1:ee:bb:c2:db:f4:be:
         e8:f7:7d:61:8e:41:37:9a:86:3d:d9:e2:ae:9d:6f:f9:d6:18:
         4b:6b:09:c8:91:9b:c6:ac:96:16:c5:23:94:c1:2b:56:4d:f7:
         13:0b:e2:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJV+wwhVq8iZgM3ZrHteaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NzRiNmZjNjdiNmI5MGRiMzExYzYxZmMwZTNhOWM3NTI4
MzNjNTYwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzE1MTQ5YTM4ZGUxMWEzZmZhNzU1NjI1Y2RiMGU0YWQxOTZjOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5l1pYnCl5sTiFDxn/6xUdt8ho3xV
b4Q4Pg2htIqUp8N2lxZfxiK376xgzC2wUIzjhnqRwZjJI1rTNjsbSH33hQ8YgCA6
HztaIQtoySXp1lnNiijmiIH3pMcRgXAsXtzEfbEX6dti+8seqYZF/4haS+PlcbJL
nGgxdHac2HgTwWREzH+ZzzDH9lg3ApnKBmDBGSXnxmAqJen/G/px0M/gVSfTdxSP
tgRQAaXuNF7SURYrpo8anKV7+QRC7UXQsn6x75PFawbyy9dGZjEucLxlYerTat/n
7UpuKnZQSM1/IlbHQH/p72LcHl9Z5CEwEOh3wKTeeFnp9X4WgLjHSrIwKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNMVFJo43hGj/6dVYlzbDkrRlsijMB8GA1UdIwQY
MBaAFBR0tvxntrkNsxHGH8DjqcdSgzxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQt
OGM1NmQ4ZmUxN2I1LzEvMHhVVW1qamVFYVBfcDFWaVhOc09TdEdXeUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQtOGM1NmQ4ZmUxN2I1
LzEvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuX+0AwQA
uX+3MA0GCSqGSIb3DQEBCwUAA4IBAQBp/VuTWRt0wde0RA8xqDXedNL5GkQzk4bN
LQ9UNbyKY3AQIM7GFXl+PIvVb/aeq23mKL8Hmd6aYXl2o34us05tT/g3vJ1iXgFv
i3+7Yo55LocR9xM82tCNbaves9QeZTfE0xFDKIm+N9idxKvPvFvaIDrUwDrianvz
OLM6fbRVu3OImFsE8ZiOLB5ZzQkp7he3N6PuIEVbwQaLlk61tGiZItGzjVXy/Jzp
86/hsvMxjnH2RoQukOazmjexHMxJaNTn+KrBTuCCiyGMtfAbKGZDicHuu8Lb9L7o
931hjkE3moY92eKunW/51hhLawnIkZvGrJYWxSOUwStWTfcTC+IW
-----END CERTIFICATE-----