Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Zg2YUEhg_uReKo8PmZAB4Xn8eYQ.roa
File:                     Zg2YUEhg_uReKo8PmZAB4Xn8eYQ.roa (raw, json)
Hash identifier:          zmMCilyb5CRaJ3Ak9Xk7xXthHEleyA2To9Eor8GSiFA=
Subject key identifier:   66:0D:98:50:48:60:FE:E4:5E:2A:8F:0F:99:90:01:E1:79:FC:79:84
Certificate issuer:       /CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
Certificate serial:       018CC4253690B2FEF29618ED2F263160142A
Authority key identifier: 1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Zg2YUEhg_uReKo8PmZAB4Xn8eYQ.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136796
IP address blocks:        185.192.58.0/24 maxlen: 24
                          185.192.56.0/22 maxlen: 24
                          185.192.56.0/24 maxlen: 24
                          185.192.57.0/24 maxlen: 24
                          185.192.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:36:90:b2:fe:f2:96:18:ed:2f:26:31:60:14:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=660d98504860fee45e2a8f0f999001e179fc7984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:69:ea:03:e4:15:20:48:85:e1:45:d5:d7:86:
                    94:13:46:94:d0:94:4b:c3:1f:f0:48:06:70:5a:e9:
                    5b:3b:a1:fa:26:8d:d4:1b:7c:2e:1c:65:bb:ea:df:
                    22:9a:e8:fe:d8:49:9d:50:3f:6b:c9:3e:cd:f1:7d:
                    22:ac:f0:65:eb:33:b1:56:21:30:5c:fd:fe:4e:6e:
                    24:4a:99:17:22:2d:1d:7f:96:84:a1:e3:3e:99:0f:
                    64:59:ce:28:e2:61:88:81:44:69:75:9b:82:17:14:
                    4c:08:f6:71:b7:d3:7d:1d:08:14:fe:4a:43:cf:b0:
                    a4:31:f1:e1:a0:09:f3:49:9f:2a:86:0a:89:4f:27:
                    49:47:bc:07:96:66:2c:be:1a:bc:c9:20:47:5e:f2:
                    5e:65:90:02:78:bd:3a:ca:aa:08:20:3f:64:63:fd:
                    f9:26:a7:18:17:46:50:e8:15:ba:6b:5c:a9:12:c7:
                    43:44:d7:79:7a:30:06:8a:2d:90:0b:cd:77:d1:6a:
                    68:08:49:a6:42:13:59:d1:5f:65:85:20:f5:05:43:
                    a7:ee:55:16:0e:2b:8d:ae:ce:a0:52:b7:ce:2c:38:
                    70:d2:d4:f7:46:35:02:0e:ca:90:02:f1:41:46:11:
                    53:1e:b6:8e:6b:36:93:01:c9:27:6d:90:bc:85:f7:
                    05:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:0D:98:50:48:60:FE:E4:5E:2A:8F:0F:99:90:01:E1:79:FC:79:84
            X509v3 Authority Key Identifier:
                keyid:1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Zg2YUEhg_uReKo8PmZAB4Xn8eYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:5e:f0:44:41:69:27:a5:fd:e5:05:70:29:d5:03:7f:45:c5:
         c5:59:fc:c9:c9:07:c9:1f:6e:5f:26:c3:3d:7d:ad:86:b7:2d:
         31:7c:3f:d0:a6:13:7e:f3:5d:ed:92:d7:dd:bc:60:e1:41:5a:
         b6:fc:c1:7b:b6:c1:39:06:1e:bd:1c:51:2e:af:b6:c2:52:f5:
         09:48:3e:7c:2b:ae:f6:27:4f:1e:cc:8e:2b:bf:db:c0:33:6d:
         83:14:4d:0c:2d:75:ec:50:cb:ee:63:2f:07:c8:b8:6e:be:ce:
         3f:ff:b9:f2:11:09:bb:ea:c2:ee:92:d6:a5:74:79:35:63:61:
         e7:be:e0:52:1c:f5:6d:ce:97:f8:1f:6b:8c:83:14:51:58:dc:
         7f:4d:75:17:ae:d4:e2:67:93:7e:b4:2c:0b:48:d6:aa:ca:f9:
         f8:01:c6:e0:a1:9d:8a:3d:da:c3:e8:c4:6b:c0:d2:b1:29:2b:
         ce:1a:03:23:71:1f:cf:32:7b:c3:f7:70:1d:f8:a9:0d:d7:e7:
         8e:1d:ba:68:de:fd:8f:44:4f:1a:0f:d7:f1:b1:3d:0d:7a:2f:
         95:07:3b:ce:b0:72:29:f5:0a:64:68:0f:da:12:bd:92:2e:6d:
         50:b5:7e:9e:fa:5e:f2:5c:01:b0:6c:76:21:f7:b9:44:26:aa:
         b6:20:38:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTaQsv7ylhjtLyYxYBQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRkMTE1NTQyNDdiZDJiZDMwMWNlYTQzZmY1MTgwMzcy
YzM4ZTQwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjBkOTg1MDQ4NjBmZWU0NWUyYThmMGY5OTkwMDFlMTc5ZmM3OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWnqA+QVIEiF4UXV14aUE0aU0JRL
wx/wSAZwWulbO6H6Jo3UG3wuHGW76t8imuj+2EmdUD9ryT7N8X0irPBl6zOxViEw
XP3+Tm4kSpkXIi0df5aEoeM+mQ9kWc4o4mGIgURpdZuCFxRMCPZxt9N9HQgU/kpD
z7CkMfHhoAnzSZ8qhgqJTydJR7wHlmYsvhq8ySBHXvJeZZACeL06yqoIID9kY/35
JqcYF0ZQ6BW6a1ypEsdDRNd5ejAGii2QC8130WpoCEmmQhNZ0V9lhSD1BUOn7lUW
DiuNrs6gUrfOLDhw0tT3RjUCDsqQAvFBRhFTHraOazaTAcknbZC8hfcFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYNmFBIYP7kXiqPD5mQAeF5/HmEMB8GA1UdIwQY
MBaAFBpN0RVUJHvSvTAc6kP/UYA3LDjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUt
M2JhNWYzMGNhYWJmLzEvWmcyWVVFaGdfdVJlS284UG1aQUI0WG44ZVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUtM2JhNWYzMGNhYWJm
LzEvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucA4MA0G
CSqGSIb3DQEBCwUAA4IBAQCKXvBEQWknpf3lBXAp1QN/RcXFWfzJyQfJH25fJsM9
fa2Gty0xfD/QphN+813tktfdvGDhQVq2/MF7tsE5Bh69HFEur7bCUvUJSD58K672
J08ezI4rv9vAM22DFE0MLXXsUMvuYy8HyLhuvs4//7nyEQm76sLuktaldHk1Y2Hn
vuBSHPVtzpf4H2uMgxRRWNx/TXUXrtTiZ5N+tCwLSNaqyvn4AcbgoZ2KPdrD6MRr
wNKxKSvOGgMjcR/PMnvD93Ad+KkN1+eOHbpo3v2PRE8aD9fxsT0Nei+VBzvOsHIp
9QpkaA/aEr2SLm1QtX6e+l7yXAGwbHYh97lEJqq2IDhq
-----END CERTIFICATE-----