Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FkUrsPp3r4jbUnbWrjIq3uDlRew.roa
File:                     FkUrsPp3r4jbUnbWrjIq3uDlRew.roa (raw, json)
Hash identifier:          uMEGfdRLyCjtf5hJF3Vv6KDRc6MJliaX8HpExeauWmM=
Subject key identifier:   16:45:2B:B0:FA:77:AF:88:DB:52:76:D6:AE:32:2A:DE:E0:E5:45:EC
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018CC5006E4E482A6603BCC55D5928BAB488
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FkUrsPp3r4jbUnbWrjIq3uDlRew.roa
Signing time:             Mon 01 Jan 2024 12:29:48 +0000
ROA not before:           Mon 01 Jan 2024 12:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41088
IP address blocks:        185.125.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6e:4e:48:2a:66:03:bc:c5:5d:59:28:ba:b4:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16452bb0fa77af88db5276d6ae322adee0e545ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e5:84:4f:26:b3:99:43:b5:dd:08:00:56:6a:
                    ec:b8:ad:70:07:72:3a:d3:6b:54:02:5b:a7:cc:fb:
                    59:e8:05:d9:fd:13:7f:8d:a6:13:b7:38:38:23:f5:
                    18:5b:7b:62:bb:9f:e6:82:fc:9f:4a:c0:68:4b:ca:
                    d4:a3:9a:25:41:ac:e5:a4:25:84:a4:b0:aa:5a:8c:
                    93:5d:1a:c1:84:52:bd:fe:0f:59:87:5c:02:25:8b:
                    fc:26:69:9d:de:16:4d:cc:c6:37:08:af:c7:d3:07:
                    2a:eb:fa:ef:bc:c9:fb:80:e4:b1:13:ab:08:2d:de:
                    b5:e0:26:b9:bd:27:92:e7:11:53:12:8d:86:25:13:
                    27:d9:c8:b0:9b:6d:59:7b:26:ed:e4:14:55:cf:91:
                    eb:9d:f6:44:a3:14:e8:ca:5c:13:09:47:e6:b5:f3:
                    4c:4c:8d:ae:97:10:f9:71:5f:73:70:84:40:f3:75:
                    b4:b4:7d:1b:9c:a1:7b:ca:6e:f0:5e:40:1f:79:17:
                    19:85:37:11:48:ae:a8:d7:8b:93:db:32:66:d4:a0:
                    e6:44:98:73:2d:10:60:02:92:72:f3:98:a6:e1:69:
                    92:8b:12:6e:6d:32:4d:76:06:58:ec:af:37:da:f6:
                    20:62:1c:21:a9:7f:ac:d1:8c:a4:b9:83:25:f9:ad:
                    80:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:45:2B:B0:FA:77:AF:88:DB:52:76:D6:AE:32:2A:DE:E0:E5:45:EC
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FkUrsPp3r4jbUnbWrjIq3uDlRew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:b7:12:b8:6d:3c:fe:8b:4f:e7:a2:45:eb:6a:9d:21:4f:dd:
         37:db:89:b4:03:4e:fb:2c:67:16:25:ce:86:b1:dd:58:19:75:
         4b:1a:72:8b:c9:61:99:50:62:8b:99:c3:71:59:9e:a6:7c:13:
         4c:e2:53:4c:cf:72:87:6f:da:95:57:8e:7c:fe:af:50:57:66:
         27:b4:5a:90:07:74:4a:37:47:ef:c7:01:91:35:b7:e2:96:0a:
         29:df:cd:e7:35:2c:b2:f5:04:ab:ee:5a:4a:83:69:04:f9:c4:
         1a:ba:80:5e:03:71:6e:a1:1f:a3:32:c1:40:15:42:2f:15:ae:
         79:42:27:ba:61:16:a1:96:aa:ca:22:55:73:06:0d:db:41:1e:
         6b:13:a2:69:0e:01:73:ab:53:2d:97:4a:77:c4:b2:7f:fc:b1:
         4b:0f:c6:44:88:fc:2c:e9:74:3c:7a:fb:90:ef:ea:eb:fd:ed:
         2c:09:f2:c2:e6:32:c4:ac:15:2e:e5:41:7f:af:08:ba:60:17:
         09:21:e9:9a:42:62:3c:54:ab:99:dd:a3:60:a3:6a:30:c3:43:
         07:f4:13:5a:13:00:bf:f9:dd:c0:e2:d2:08:a8:43:a5:3b:2e:
         6f:67:ef:51:36:fa:19:c9:b0:ab:33:5c:33:2d:60:4e:8a:df:
         b9:49:f1:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAG5OSCpmA7zFXVkourSIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQwMTAxMTIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ1MmJiMGZhNzdhZjg4ZGI1Mjc2ZDZhZTMyMmFkZWUwZTU0NWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+WETyazmUO13QgAVmrsuK1wB3I6
02tUAlunzPtZ6AXZ/RN/jaYTtzg4I/UYW3tiu5/mgvyfSsBoS8rUo5olQazlpCWE
pLCqWoyTXRrBhFK9/g9Zh1wCJYv8Jmmd3hZNzMY3CK/H0wcq6/rvvMn7gOSxE6sI
Ld614Ca5vSeS5xFTEo2GJRMn2ciwm21Zeybt5BRVz5HrnfZEoxToylwTCUfmtfNM
TI2ulxD5cV9zcIRA83W0tH0bnKF7ym7wXkAfeRcZhTcRSK6o14uT2zJm1KDmRJhz
LRBgApJy85im4WmSixJubTJNdgZY7K832vYgYhwhqX+s0YykuYMl+a2A8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZFK7D6d6+I21J21q4yKt7g5UXsMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvRmtVcnNQcDNyNGpiVW5iV3JqSXEzdURsUmV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX2AMA0G
CSqGSIb3DQEBCwUAA4IBAQCgtxK4bTz+i0/nokXrap0hT90324m0A077LGcWJc6G
sd1YGXVLGnKLyWGZUGKLmcNxWZ6mfBNM4lNMz3KHb9qVV458/q9QV2YntFqQB3RK
N0fvxwGRNbfilgop383nNSyy9QSr7lpKg2kE+cQauoBeA3FuoR+jMsFAFUIvFa55
Qie6YRahlqrKIlVzBg3bQR5rE6JpDgFzq1Mtl0p3xLJ//LFLD8ZEiPws6XQ8evuQ
7+rr/e0sCfLC5jLErBUu5UF/rwi6YBcJIemaQmI8VKuZ3aNgo2oww0MH9BNaEwC/
+d3A4tIIqEOlOy5vZ+9RNvoZybCrM1wzLWBOit+5SfG0
-----END CERTIFICATE-----