Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/ut75VngCOaAsp7-xXDIeLxQ-RMg.roa
File:                     ut75VngCOaAsp7-xXDIeLxQ-RMg.roa (raw, json)
Hash identifier:          P/z7QbPbPpHz9Kw1ctUaX3/WMLLPCKXeghWumq2XqLc=
Subject key identifier:   BA:DE:F9:56:78:02:39:A0:2C:A7:BF:B1:5C:32:1E:2F:14:3E:44:C8
Certificate issuer:       /CN=4050bca29c1813ae3b11f381f0442aa2a8a931bf
Certificate serial:       018CC86F0C21EDF17A768E3343082BBDE45F
Authority key identifier: 40:50:BC:A2:9C:18:13:AE:3B:11:F3:81:F0:44:2A:A2:A8:A9:31:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QFC8opwYE647EfOB8EQqoqipMb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/ut75VngCOaAsp7-xXDIeLxQ-RMg.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61136
IP address blocks:        185.253.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/QFC8opwYE647EfOB8EQqoqipMb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/QFC8opwYE647EfOB8EQqoqipMb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QFC8opwYE647EfOB8EQqoqipMb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0c:21:ed:f1:7a:76:8e:33:43:08:2b:bd:e4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4050bca29c1813ae3b11f381f0442aa2a8a931bf
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=badef956780239a02ca7bfb15c321e2f143e44c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:63:b8:1a:87:2f:5a:70:91:c4:de:65:bc:22:
                    36:d1:c0:bd:83:23:9a:ac:b8:9d:98:e8:1f:1d:48:
                    82:be:77:e8:59:63:18:75:65:88:92:ad:d3:57:1f:
                    24:e4:10:97:32:88:f9:00:27:29:39:18:a4:3f:b6:
                    da:2b:00:aa:ac:c4:c3:02:f0:6e:50:54:b2:f9:5d:
                    fe:54:96:b1:d2:83:ed:47:45:8e:32:15:ba:91:56:
                    4b:0c:6d:00:a8:b8:a1:b2:2d:27:0c:87:42:db:cf:
                    d5:73:ee:c5:5f:4c:70:bf:3b:15:5b:7f:5c:0c:51:
                    9c:5c:f8:cd:16:20:af:24:05:9a:ce:bf:b7:32:32:
                    e4:05:0f:f3:76:9c:89:85:3f:5b:7d:14:f7:0f:ec:
                    1e:78:2f:92:c1:95:9c:20:c9:3f:87:bd:53:d6:74:
                    1f:00:65:30:32:ba:11:25:3d:78:5b:ee:54:f8:14:
                    c0:a8:7a:86:49:9a:c9:ac:01:0e:a1:40:49:b7:a5:
                    69:f6:f2:fe:af:29:3e:bb:84:f2:3c:b8:d7:b6:28:
                    dd:b1:ff:0a:09:0f:ca:4f:49:bc:ff:8c:8f:22:74:
                    cd:96:c6:6d:52:d5:c8:72:3b:76:50:75:2f:c9:07:
                    a7:82:34:27:92:ce:2f:8b:4b:a3:18:ab:92:da:98:
                    54:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:DE:F9:56:78:02:39:A0:2C:A7:BF:B1:5C:32:1E:2F:14:3E:44:C8
            X509v3 Authority Key Identifier:
                keyid:40:50:BC:A2:9C:18:13:AE:3B:11:F3:81:F0:44:2A:A2:A8:A9:31:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QFC8opwYE647EfOB8EQqoqipMb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/ut75VngCOaAsp7-xXDIeLxQ-RMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/46d891-249b-4a4c-a35d-7fe9ed7d647d/1/QFC8opwYE647EfOB8EQqoqipMb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:0a:f1:a7:1c:13:66:c8:86:bd:3c:e5:3c:2a:ef:8a:b0:e3:
         b1:84:6c:d2:1d:5d:89:e4:8a:4f:5d:6a:df:b6:85:92:ff:34:
         c5:ce:9c:98:76:a3:34:3f:b8:e5:c4:e2:8a:76:9c:81:5b:3a:
         27:d6:5c:9b:35:2e:99:27:d5:39:73:c5:90:e9:f5:fb:1c:8e:
         9e:e9:19:e9:5f:21:ae:7e:ef:13:6a:fa:13:0b:85:79:c9:30:
         14:4f:4a:e4:ac:d0:94:d7:f0:a2:90:be:7a:35:b7:72:99:cc:
         9a:b5:43:1a:f2:c8:b9:32:15:82:92:78:2f:86:64:6f:a9:6a:
         96:13:3f:88:55:1c:4b:88:6f:0b:f4:b2:e7:b5:67:49:b5:aa:
         f8:e0:b0:4a:d8:95:43:71:b4:05:78:32:57:bf:ad:7c:61:ff:
         44:75:7e:d6:e3:b0:01:4f:01:23:97:cb:ca:19:aa:40:dc:45:
         c5:8c:e6:bf:98:e4:e0:d7:43:5f:3d:f8:b3:4b:4a:15:15:c1:
         8d:8b:c8:f5:be:14:36:90:3f:4b:cf:19:0f:b2:c9:8c:f2:a6:
         69:1b:68:63:e4:af:bc:b4:3b:03:a7:3e:f7:a8:9a:6c:66:c6:
         11:dc:32:4e:fe:f2:61:55:55:36:f2:4c:51:50:35:2d:e3:77:
         6c:41:8d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwwh7fF6do4zQwgrveRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNTBiY2EyOWMxODEzYWUzYjExZjM4MWYwNDQyYWEyYThh
OTMxYmYwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRlZjk1Njc4MDIzOWEwMmNhN2JmYjE1YzMyMWUyZjE0M2U0NGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2O4GocvWnCRxN5lvCI20cC9gyOa
rLidmOgfHUiCvnfoWWMYdWWIkq3TVx8k5BCXMoj5ACcpORikP7baKwCqrMTDAvBu
UFSy+V3+VJax0oPtR0WOMhW6kVZLDG0AqLihsi0nDIdC28/Vc+7FX0xwvzsVW39c
DFGcXPjNFiCvJAWazr+3MjLkBQ/zdpyJhT9bfRT3D+weeC+SwZWcIMk/h71T1nQf
AGUwMroRJT14W+5U+BTAqHqGSZrJrAEOoUBJt6Vp9vL+ryk+u4TyPLjXtijdsf8K
CQ/KT0m8/4yPInTNlsZtUtXIcjt2UHUvyQengjQnks4vi0ujGKuS2phUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLre+VZ4AjmgLKe/sVwyHi8UPkTIMB8GA1UdIwQY
MBaAFEBQvKKcGBOuOxHzgfBEKqKoqTG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUZDOG9wd1lFNjQ3RWZPQjhFUXFvcWlwTWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80NmQ4OTEtMjQ5Yi00YTRjLWEzNWQt
N2ZlOWVkN2Q2NDdkLzEvdXQ3NVZuZ0NPYUFzcDcteFhESWVMeFEtUk1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80NmQ4OTEtMjQ5Yi00YTRjLWEzNWQtN2ZlOWVkN2Q2NDdk
LzEvUUZDOG9wd1lFNjQ3RWZPQjhFUXFvcWlwTWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf2EMA0G
CSqGSIb3DQEBCwUAA4IBAQAVCvGnHBNmyIa9POU8Ku+KsOOxhGzSHV2J5IpPXWrf
toWS/zTFzpyYdqM0P7jlxOKKdpyBWzon1lybNS6ZJ9U5c8WQ6fX7HI6e6RnpXyGu
fu8TavoTC4V5yTAUT0rkrNCU1/CikL56NbdymcyatUMa8si5MhWCkngvhmRvqWqW
Ez+IVRxLiG8L9LLntWdJtar44LBK2JVDcbQFeDJXv618Yf9EdX7W47ABTwEjl8vK
GapA3EXFjOa/mOTg10NfPfizS0oVFcGNi8j1vhQ2kD9LzxkPssmM8qZpG2hj5K+8
tDsDpz73qJpsZsYR3DJO/vJhVVU28kxRUDUt43dsQY3F
-----END CERTIFICATE-----