Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/CuqArkSqWCkwcyW8_hB-PT99xYs.roa
File:                     CuqArkSqWCkwcyW8_hB-PT99xYs.roa (raw, json)
Hash identifier:          h81Q3PvcePc8He0B4j5vrju8gwjXnGx6ti4JmqUpoFA=
Subject key identifier:   0A:EA:80:AE:44:AA:58:29:30:73:25:BC:FE:10:7E:3D:3F:7D:C5:8B
Certificate issuer:       /CN=1594f00471e248abe394d521e96cba9630d8520e
Certificate serial:       018CC94E55763EB5EC21222AA4011DBE71E5
Authority key identifier: 15:94:F0:04:71:E2:48:AB:E3:94:D5:21:E9:6C:BA:96:30:D8:52:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/CuqArkSqWCkwcyW8_hB-PT99xYs.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49619
IP address blocks:        185.252.128.0/22 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 04:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:55:76:3e:b5:ec:21:22:2a:a4:01:1d:be:71:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1594f00471e248abe394d521e96cba9630d8520e
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aea80ae44aa5829307325bcfe107e3d3f7dc58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cd:77:db:86:44:f3:a3:9a:5b:0a:15:c3:7f:
                    96:17:ea:f7:9b:79:28:b9:32:db:77:ca:aa:d6:3a:
                    0f:ce:d6:1a:35:71:0b:4d:73:5e:52:10:21:67:83:
                    1e:76:55:0d:98:48:7b:6a:0b:8a:3a:cd:0e:81:7b:
                    b8:4c:17:f9:b1:90:a2:e0:d0:9f:00:91:d6:c0:e1:
                    da:fb:fe:d9:bb:67:3b:95:fa:b4:09:1c:52:2d:94:
                    50:56:bd:9a:f5:ea:6a:88:62:0e:8d:bb:26:38:5d:
                    fe:be:71:f9:2d:b5:59:0e:ce:c9:10:ec:ae:75:60:
                    c2:c5:09:6f:a0:c5:7d:1f:79:03:bf:88:9c:6b:32:
                    0f:8e:53:d5:4f:6d:30:12:58:c3:03:bc:29:5f:07:
                    54:90:56:7c:07:4c:a7:18:b0:13:99:e9:de:6e:4f:
                    d2:97:39:ab:66:12:7d:6d:fe:3d:90:2c:ce:5b:c0:
                    6f:aa:88:4e:93:3a:f6:5e:13:d1:82:85:be:df:52:
                    e7:2a:de:ed:21:1e:8a:17:47:15:ac:bb:bf:43:dd:
                    11:f8:ba:b9:56:d5:ce:38:bf:ab:88:1b:97:f0:c1:
                    6e:fb:6c:bf:81:f5:6c:29:3a:aa:3b:e2:e9:43:2a:
                    bc:a0:f6:92:df:dd:7b:6e:6a:44:d1:66:89:6c:6b:
                    43:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:EA:80:AE:44:AA:58:29:30:73:25:BC:FE:10:7E:3D:3F:7D:C5:8B
            X509v3 Authority Key Identifier:
                keyid:15:94:F0:04:71:E2:48:AB:E3:94:D5:21:E9:6C:BA:96:30:D8:52:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/CuqArkSqWCkwcyW8_hB-PT99xYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:1b:00:6d:ae:e7:ee:09:19:cd:8d:0d:09:80:17:a4:27:8a:
         a7:f4:e6:73:9f:3f:5a:05:6d:25:aa:6e:78:77:82:0d:8c:46:
         75:42:f7:87:c7:60:22:6e:b1:0c:1a:6c:67:55:32:e4:3e:a2:
         ff:60:4a:5f:ca:48:82:88:ca:f6:dd:51:19:af:11:11:ca:de:
         8e:8c:03:1f:bd:dc:f5:05:a8:cf:e6:00:19:3f:da:a1:6a:25:
         83:bf:ab:e7:45:a3:2b:62:85:49:de:70:b6:a8:ee:f5:7f:c9:
         4c:f2:42:ef:e5:57:02:c1:73:22:57:eb:ff:d2:65:c0:83:5c:
         d4:db:cc:a1:5e:e6:5f:d6:91:63:8a:53:b7:b1:84:2b:c5:53:
         81:2b:1f:20:0d:eb:9d:da:2f:d6:9e:37:da:aa:8a:82:fc:d5:
         22:71:26:3e:32:39:df:34:1b:44:58:cb:bb:2f:04:b3:bd:b2:
         e6:d1:8d:ab:c2:9f:53:43:f0:20:d8:de:5c:02:e9:84:b7:cf:
         e3:d3:9b:bd:c7:8b:85:ae:58:87:a9:8f:d6:4e:34:92:2f:be:
         db:6f:1c:25:3d:f5:d8:64:7d:b6:74:48:82:66:1e:fb:a9:a6:
         fa:bb:6d:77:a4:7b:cd:89:ba:7e:4a:92:ef:3e:b5:31:d1:12:
         a2:0d:37:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlV2PrXsISIqpAEdvnHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OTRmMDA0NzFlMjQ4YWJlMzk0ZDUyMWU5NmNiYTk2MzBk
ODUyMGUwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWVhODBhZTQ0YWE1ODI5MzA3MzI1YmNmZTEwN2UzZDNmN2RjNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA481324ZE86OaWwoVw3+WF+r3m3ko
uTLbd8qq1joPztYaNXELTXNeUhAhZ4MedlUNmEh7aguKOs0OgXu4TBf5sZCi4NCf
AJHWwOHa+/7Zu2c7lfq0CRxSLZRQVr2a9epqiGIOjbsmOF3+vnH5LbVZDs7JEOyu
dWDCxQlvoMV9H3kDv4icazIPjlPVT20wEljDA7wpXwdUkFZ8B0ynGLATmenebk/S
lzmrZhJ9bf49kCzOW8BvqohOkzr2XhPRgoW+31LnKt7tIR6KF0cVrLu/Q90R+Lq5
VtXOOL+riBuX8MFu+2y/gfVsKTqqO+LpQyq8oPaS3917bmpE0WaJbGtDtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArqgK5EqlgpMHMlvP4Qfj0/fcWLMB8GA1UdIwQY
MBaAFBWU8ARx4kir45TVIelsupYw2FIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlpUd0JISGlTS3ZqbE5VaDZXeTZsakRZVWc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83OWE2NGUtMDY5Zi00OTlkLWE2MzEt
OGNkNDJjZWRlMjIwLzEvQ3VxQXJrU3FXQ2t3Y3lXOF9oQi1QVDk5eFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83OWE2NGUtMDY5Zi00OTlkLWE2MzEtOGNkNDJjZWRlMjIw
LzEvRlpUd0JISGlTS3ZqbE5VaDZXeTZsakRZVWc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAbGwBtrufuCRnNjQ0JgBekJ4qn9OZznz9aBW0lqm54
d4INjEZ1QveHx2AibrEMGmxnVTLkPqL/YEpfykiCiMr23VEZrxERyt6OjAMfvdz1
BajP5gAZP9qhaiWDv6vnRaMrYoVJ3nC2qO71f8lM8kLv5VcCwXMiV+v/0mXAg1zU
28yhXuZf1pFjilO3sYQrxVOBKx8gDeud2i/WnjfaqoqC/NUicSY+MjnfNBtEWMu7
LwSzvbLm0Y2rwp9TQ/Ag2N5cAumEt8/j05u9x4uFrliHqY/WTjSSL77bbxwlPfXY
ZH22dEiCZh77qab6u213pHvNibp+SpLvPrUx0RKiDTdK
-----END CERTIFICATE-----