Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/hIyNBZE3wKbIrJtbUwAZN_OuAfM.roa
File:                     hIyNBZE3wKbIrJtbUwAZN_OuAfM.roa (raw, json)
Hash identifier:          aYTf+qBx0xpmSWHZY6rnutiUQinbha5wZYii0yYivLY=
Subject key identifier:   84:8C:8D:05:91:37:C0:A6:C8:AC:9B:5B:53:00:19:37:F3:AE:01:F3
Certificate issuer:       /CN=c78de7ab3f1e7fc1bca3520eacfe0e1a7e6a55fe
Certificate serial:       018CC56E302BA5E3CF135B89269C4C2DED1A
Authority key identifier: C7:8D:E7:AB:3F:1E:7F:C1:BC:A3:52:0E:AC:FE:0E:1A:7E:6A:55:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x43nqz8ef8G8o1IOrP4OGn5qVf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/hIyNBZE3wKbIrJtbUwAZN_OuAfM.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201939
IP address blocks:        185.57.52.0/22 maxlen: 24
                          2a02:5820::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/x43nqz8ef8G8o1IOrP4OGn5qVf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/x43nqz8ef8G8o1IOrP4OGn5qVf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x43nqz8ef8G8o1IOrP4OGn5qVf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:30:2b:a5:e3:cf:13:5b:89:26:9c:4c:2d:ed:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c78de7ab3f1e7fc1bca3520eacfe0e1a7e6a55fe
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=848c8d059137c0a6c8ac9b5b53001937f3ae01f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:57:51:bc:1b:fe:2c:2d:00:80:d6:62:b8:fd:
                    4e:6d:09:d8:86:8f:50:e6:23:40:fa:67:a3:c0:57:
                    f5:0e:f1:46:09:26:5b:d2:d2:be:76:33:cf:39:55:
                    79:4c:63:00:c8:32:e9:32:b5:9f:50:45:b4:9f:09:
                    5e:68:d9:7f:e5:07:c2:2e:9a:86:4e:28:ac:4f:1f:
                    f3:41:43:e9:d1:ac:09:73:b6:a2:70:59:63:80:ed:
                    ee:44:9d:cf:c8:2b:1a:8c:78:3b:31:ca:5e:f5:b5:
                    a5:41:e0:55:c0:d9:0c:0c:5d:9e:1d:ec:ce:3d:20:
                    9c:13:53:9d:eb:43:a7:7a:5a:d4:6a:e7:48:26:de:
                    86:2f:30:4b:f4:6c:c7:4d:2b:c9:1c:fb:7b:ae:59:
                    28:49:02:a5:59:85:84:a0:e5:86:bf:c4:a5:4f:d8:
                    f1:8c:ee:69:79:0e:6f:3f:ef:09:3f:6c:1d:b4:92:
                    4f:fd:79:86:8f:11:02:29:c6:88:0b:86:3b:06:59:
                    74:29:57:06:60:ae:8c:ef:48:e4:fd:6c:ef:df:85:
                    79:47:9c:89:ec:91:95:04:36:33:25:74:41:b1:a5:
                    19:dc:d2:8c:e0:06:94:23:88:f9:46:58:00:ea:7f:
                    39:c3:3f:ef:b2:86:88:a5:1d:82:9f:d3:75:a6:59:
                    ba:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8C:8D:05:91:37:C0:A6:C8:AC:9B:5B:53:00:19:37:F3:AE:01:F3
            X509v3 Authority Key Identifier:
                keyid:C7:8D:E7:AB:3F:1E:7F:C1:BC:A3:52:0E:AC:FE:0E:1A:7E:6A:55:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x43nqz8ef8G8o1IOrP4OGn5qVf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/hIyNBZE3wKbIrJtbUwAZN_OuAfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/353338-9efb-40bd-98a9-a7bf9e50af0b/1/x43nqz8ef8G8o1IOrP4OGn5qVf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.52.0/22
                IPv6:
                  2a02:5820::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:8f:09:a2:6b:c5:37:86:2c:3c:3a:cd:66:17:9e:73:60:66:
         cd:33:6e:db:8f:56:a1:77:3e:c2:3b:33:4b:a8:2d:56:d3:bf:
         73:02:b9:58:cc:70:93:b1:6a:55:62:58:b2:1c:1f:73:f3:bf:
         2f:cc:25:15:65:fa:bf:28:4b:96:e1:a7:af:c7:ae:71:32:80:
         57:c9:6f:96:60:6d:b4:24:02:95:87:f5:15:31:69:85:7b:25:
         92:12:cc:70:10:40:93:ee:ce:bc:7c:b4:11:77:cb:35:97:c0:
         c4:83:84:03:c2:ca:bc:df:37:37:ed:f0:c5:1d:07:ab:03:14:
         ab:48:9f:ff:57:2f:4e:06:b3:15:f8:94:ce:67:76:1d:44:6a:
         7c:0f:c7:fb:e9:b5:cb:3e:2f:91:15:4d:cf:37:4c:9b:ef:dd:
         55:d6:e8:69:73:e8:d8:ec:6f:8a:a1:88:4b:4e:d0:3e:c4:c4:
         86:24:45:31:93:60:8e:29:de:11:23:cf:a4:9d:fe:17:9e:f3:
         15:4c:c4:84:75:1a:fe:56:be:05:cf:ea:10:e0:c7:b7:95:c5:
         02:b6:52:f2:56:a4:6f:cc:47:5a:cb:ec:b5:fd:22:63:d8:d8:
         1c:a0:53:7a:a7:ae:22:5f:78:9c:f8:49:34:59:af:5b:45:ad:
         1f:85:f8:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbjArpePPE1uJJpxMLe0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OGRlN2FiM2YxZTdmYzFiY2EzNTIwZWFjZmUwZTFhN2U2
YTU1ZmUwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhjOGQwNTkxMzdjMGE2YzhhYzliNWI1MzAwMTkzN2YzYWUwMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVdRvBv+LC0AgNZiuP1ObQnYho9Q
5iNA+mejwFf1DvFGCSZb0tK+djPPOVV5TGMAyDLpMrWfUEW0nwleaNl/5QfCLpqG
TiisTx/zQUPp0awJc7aicFljgO3uRJ3PyCsajHg7Mcpe9bWlQeBVwNkMDF2eHezO
PSCcE1Od60OnelrUaudIJt6GLzBL9GzHTSvJHPt7rlkoSQKlWYWEoOWGv8SlT9jx
jO5peQ5vP+8JP2wdtJJP/XmGjxECKcaIC4Y7Bll0KVcGYK6M70jk/Wzv34V5R5yJ
7JGVBDYzJXRBsaUZ3NKM4AaUI4j5RlgA6n85wz/vsoaIpR2Cn9N1plm6kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFISMjQWRN8CmyKybW1MAGTfzrgHzMB8GA1UdIwQY
MBaAFMeN56s/Hn/BvKNSDqz+Dhp+alX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDQzbnF6OGVmOEc4bzFJT3JQNE9HbjVxVmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8zNTMzMzgtOWVmYi00MGJkLTk4YTkt
YTdiZjllNTBhZjBiLzEvaEl5TkJaRTN3S2JJckp0YlV3QVpOX091QWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8zNTMzMzgtOWVmYi00MGJkLTk4YTktYTdiZjllNTBhZjBi
LzEveDQzbnF6OGVmOEc4bzFJT3JQNE9HbjVxVmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTk0MA0E
AgACMAcDBQAqAlggMA0GCSqGSIb3DQEBCwUAA4IBAQCkjwmia8U3hiw8Os1mF55z
YGbNM27bj1ahdz7COzNLqC1W079zArlYzHCTsWpVYliyHB9z878vzCUVZfq/KEuW
4aevx65xMoBXyW+WYG20JAKVh/UVMWmFeyWSEsxwEECT7s68fLQRd8s1l8DEg4QD
wsq83zc37fDFHQerAxSrSJ//Vy9OBrMV+JTOZ3YdRGp8D8f76bXLPi+RFU3PN0yb
791V1uhpc+jY7G+KoYhLTtA+xMSGJEUxk2COKd4RI8+knf4XnvMVTMSEdRr+Vr4F
z+oQ4Me3lcUCtlLyVqRvzEday+y1/SJj2NgcoFN6p64iX3ic+Ek0Wa9bRa0fhfif
-----END CERTIFICATE-----