Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/9Uh2ZjfQ4UQ6r3SHQV3OQXTo79E.roa
File:                     9Uh2ZjfQ4UQ6r3SHQV3OQXTo79E.roa (raw, json)
Hash identifier:          29WH2/Itti/Gn0TEkLZAQjyzszUQ/WN5oKSILtJEBmE=
Subject key identifier:   F5:48:76:66:37:D0:E1:44:3A:AF:74:87:41:5D:CE:41:74:E8:EF:D1
Certificate issuer:       /CN=1d1e354362cb9224c016dac944e3d9d49909b17f
Certificate serial:       018CC7954435FDB5C0759B5EC664201EB2D9
Authority key identifier: 1D:1E:35:43:62:CB:92:24:C0:16:DA:C9:44:E3:D9:D4:99:09:B1:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HR41Q2LLkiTAFtrJROPZ1JkJsX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/9Uh2ZjfQ4UQ6r3SHQV3OQXTo79E.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197328
IP address blocks:        185.125.32.0/24 maxlen: 24
                          185.125.35.0/24 maxlen: 24
                          185.125.34.0/24 maxlen: 24
                          185.125.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/HR41Q2LLkiTAFtrJROPZ1JkJsX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/HR41Q2LLkiTAFtrJROPZ1JkJsX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HR41Q2LLkiTAFtrJROPZ1JkJsX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 00:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:44:35:fd:b5:c0:75:9b:5e:c6:64:20:1e:b2:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d1e354362cb9224c016dac944e3d9d49909b17f
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f548766637d0e1443aaf7487415dce4174e8efd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2a:f9:e4:f9:01:54:de:5a:71:45:03:7f:e7:
                    74:2a:1a:4a:b2:41:ed:5d:54:7d:65:fc:70:7f:42:
                    48:4d:43:59:76:f3:f1:e8:7d:9e:25:a4:d8:fd:86:
                    d2:90:36:9f:4a:77:6c:3f:d8:d8:bf:68:03:ca:96:
                    30:cb:7c:da:e5:d6:07:a0:14:80:70:6d:5f:8d:9a:
                    c2:c0:56:b9:b6:8a:5c:68:61:85:47:57:2a:d7:1a:
                    18:f3:e8:80:42:42:11:f2:c7:21:74:a7:c3:66:05:
                    8f:e9:18:6e:f8:0d:63:ae:09:a1:98:90:12:f8:30:
                    33:16:bc:ad:27:5b:15:24:b9:c8:31:d4:34:3c:65:
                    70:61:1e:af:5c:9d:91:86:9e:89:5c:3e:94:50:e8:
                    89:cb:f7:2f:3f:25:8d:0a:0c:f9:1e:db:96:d4:c7:
                    0d:19:d3:03:6d:6e:36:fa:e8:34:38:9b:ee:7f:d2:
                    28:59:82:4c:47:aa:4a:d8:bc:64:d6:42:b7:92:d7:
                    98:52:1b:a6:40:42:6c:8b:a4:fd:2c:32:68:a7:10:
                    35:64:ac:6a:6c:47:1b:3c:6a:02:25:e3:bb:02:29:
                    31:4a:77:85:01:a9:00:8d:1d:7d:0c:27:8b:7d:34:
                    4f:75:df:d3:50:19:83:a8:9d:32:c3:4e:56:3e:56:
                    05:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:48:76:66:37:D0:E1:44:3A:AF:74:87:41:5D:CE:41:74:E8:EF:D1
            X509v3 Authority Key Identifier:
                keyid:1D:1E:35:43:62:CB:92:24:C0:16:DA:C9:44:E3:D9:D4:99:09:B1:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HR41Q2LLkiTAFtrJROPZ1JkJsX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/9Uh2ZjfQ4UQ6r3SHQV3OQXTo79E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/282b19-68b9-4ef3-ad39-6ec8c81fdc3f/1/HR41Q2LLkiTAFtrJROPZ1JkJsX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:7f:95:e4:a8:94:ad:e6:18:41:df:15:d4:b1:f4:cf:2a:f7:
         74:c6:bd:4b:9b:9f:52:c7:b7:69:35:af:a3:de:0e:16:d0:1a:
         3b:a5:9b:77:68:f7:6f:a2:1a:1e:38:60:44:c2:94:ec:9c:d6:
         ce:e5:3f:cf:a8:5c:ac:a0:02:9a:79:16:85:fa:3b:4a:77:4a:
         fd:b7:60:95:57:38:45:58:c2:b5:dd:7f:9d:71:6a:3c:f1:4a:
         ff:46:4f:ab:16:11:2b:63:e5:c4:e8:b8:e9:6b:2e:a1:4f:62:
         e9:8a:5b:09:51:9d:57:83:92:95:ca:04:43:59:b4:1b:ef:21:
         25:61:4c:75:7c:50:9f:e7:5e:a8:81:f7:45:46:18:77:98:ad:
         59:fa:63:1f:f3:3f:6e:b3:75:8a:d2:4d:c5:be:f6:42:1b:8e:
         32:c6:1c:c5:b0:39:c4:78:13:2a:6c:2a:b6:97:a5:5e:d0:ac:
         fa:a2:8d:73:4e:72:15:1f:f9:7a:86:46:30:b4:78:65:ec:35:
         44:5b:21:ad:56:09:dd:cf:fe:39:80:b2:9b:ff:77:ab:64:f9:
         8d:c6:9b:ff:7f:ce:88:61:7d:90:80:52:e8:7d:ab:33:5c:17:
         25:9b:60:b2:47:6f:01:a6:76:ed:b5:26:bd:39:28:7c:59:6f:
         21:7a:6d:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUQ1/bXAdZtexmQgHrLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMWUzNTQzNjJjYjkyMjRjMDE2ZGFjOTQ0ZTNkOWQ0OTkw
OWIxN2YwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ4NzY2NjM3ZDBlMTQ0M2FhZjc0ODc0MTVkY2U0MTc0ZThlZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgir55PkBVN5acUUDf+d0KhpKskHt
XVR9Zfxwf0JITUNZdvPx6H2eJaTY/YbSkDafSndsP9jYv2gDypYwy3za5dYHoBSA
cG1fjZrCwFa5topcaGGFR1cq1xoY8+iAQkIR8schdKfDZgWP6Rhu+A1jrgmhmJAS
+DAzFrytJ1sVJLnIMdQ0PGVwYR6vXJ2Rhp6JXD6UUOiJy/cvPyWNCgz5HtuW1McN
GdMDbW42+ug0OJvuf9IoWYJMR6pK2Lxk1kK3kteYUhumQEJsi6T9LDJopxA1ZKxq
bEcbPGoCJeO7AikxSneFAakAjR19DCeLfTRPdd/TUBmDqJ0yw05WPlYFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVIdmY30OFEOq90h0FdzkF06O/RMB8GA1UdIwQY
MBaAFB0eNUNiy5IkwBbayUTj2dSZCbF/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFI0MVEyTExraVRBRnRySlJPUFoxSmtKc1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8yODJiMTktNjhiOS00ZWYzLWFkMzkt
NmVjOGM4MWZkYzNmLzEvOVVoMlpqZlE0VVE2cjNTSFFWM09RWFRvNzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8yODJiMTktNjhiOS00ZWYzLWFkMzktNmVjOGM4MWZkYzNm
LzEvSFI0MVEyTExraVRBRnRySlJPUFoxSmtKc1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX0gMA0G
CSqGSIb3DQEBCwUAA4IBAQCSf5XkqJSt5hhB3xXUsfTPKvd0xr1Lm59Sx7dpNa+j
3g4W0Bo7pZt3aPdvohoeOGBEwpTsnNbO5T/PqFysoAKaeRaF+jtKd0r9t2CVVzhF
WMK13X+dcWo88Ur/Rk+rFhErY+XE6Ljpay6hT2LpilsJUZ1Xg5KVygRDWbQb7yEl
YUx1fFCf516ogfdFRhh3mK1Z+mMf8z9us3WK0k3FvvZCG44yxhzFsDnEeBMqbCq2
l6Ve0Kz6oo1zTnIVH/l6hkYwtHhl7DVEWyGtVgndz/45gLKb/3erZPmNxpv/f86I
YX2QgFLofaszXBclm2CyR28BpnbttSa9OSh8WW8hem2/
-----END CERTIFICATE-----