Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/blYcCndn_yP2oT1AYGj_8yDLyJ8.roa
File:                     blYcCndn_yP2oT1AYGj_8yDLyJ8.roa (raw, json)
Hash identifier:          lMGd0YdSFs31BzG6W731XolCoa1uVeSK8Wwc7HRxFqA=
Subject key identifier:   6E:56:1C:0A:77:67:FF:23:F6:A1:3D:40:60:68:FF:F3:20:CB:C8:9F
Certificate issuer:       /CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
Certificate serial:       018CC42535D6A32174E82F6B327B9DB86E1B
Authority key identifier: 1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/blYcCndn_yP2oT1AYGj_8yDLyJ8.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        185.192.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:35:d6:a3:21:74:e8:2f:6b:32:7b:9d:b8:6e:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e561c0a7767ff23f6a13d406068fff320cbc89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:81:4d:0d:f3:a6:02:0a:6c:37:38:02:65:13:
                    2d:cc:52:45:ae:85:b9:a0:72:9c:38:b7:61:ea:4f:
                    ac:aa:96:29:af:3f:91:16:e0:39:4c:c0:70:e7:1f:
                    52:ad:38:14:ac:e8:19:7f:23:11:24:7a:bc:57:a4:
                    1b:45:6b:3d:a4:08:0f:93:81:f9:c9:72:97:f8:e5:
                    04:e7:17:98:9e:bf:31:9b:da:45:23:61:3f:ee:60:
                    f3:4a:9c:6a:8f:65:06:91:ee:18:5f:17:5d:8f:18:
                    7f:6e:96:12:28:fd:b0:a9:09:67:45:7f:e9:5c:f6:
                    e1:c7:59:5a:19:fc:e4:89:fa:9d:67:eb:6f:2f:37:
                    4c:da:cc:2e:cc:28:04:b9:f6:7d:d7:22:44:6f:25:
                    39:e3:15:95:77:53:9a:25:5a:5a:fe:3b:a3:97:64:
                    3a:21:04:3e:49:38:25:9d:86:f3:57:fd:00:b7:9a:
                    ee:a6:8b:ba:d9:7c:77:64:a3:0f:44:b5:89:7d:57:
                    a9:86:75:b8:9b:d2:7b:cf:b9:19:4c:f3:80:cf:31:
                    c1:ac:8e:13:72:a8:1d:9b:19:9f:56:ee:bb:06:37:
                    f9:6f:b2:9f:33:ed:09:5d:37:da:35:ee:1e:71:a4:
                    d3:3b:3f:8e:44:e7:83:a3:e5:bf:ee:f0:8b:c9:49:
                    f2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:56:1C:0A:77:67:FF:23:F6:A1:3D:40:60:68:FF:F3:20:CB:C8:9F
            X509v3 Authority Key Identifier:
                keyid:1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/blYcCndn_yP2oT1AYGj_8yDLyJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:c0:d4:63:50:18:f7:35:f2:62:29:d6:bc:6e:92:56:1e:ac:
         00:fa:f8:bc:f7:c8:f7:74:3d:87:1f:be:59:28:40:7e:7a:c7:
         c2:3e:eb:32:65:ae:b4:4c:de:1c:84:a5:81:4a:8b:81:a5:e4:
         d1:c7:d2:39:71:45:8b:bc:16:14:18:ed:c9:e1:7a:28:3b:a2:
         e6:7f:79:2d:4d:54:1b:bc:2e:70:8e:9b:00:8a:ba:15:22:47:
         0c:9a:17:5c:df:8b:09:92:14:e8:f2:61:5d:62:08:7b:4a:eb:
         54:43:38:34:56:a8:9c:3e:aa:22:7b:58:54:2e:92:e4:af:fa:
         cb:68:aa:6a:92:a1:c7:8c:18:62:14:30:93:a5:26:9c:8b:1a:
         88:a5:a7:fd:80:63:74:28:cf:e7:4e:21:3e:f8:32:47:8e:8f:
         d6:1f:e6:9f:ac:5c:b1:ee:01:a0:29:10:7f:1d:ed:14:70:04:
         ed:28:1b:08:27:2e:c8:bf:11:29:47:69:c3:65:65:09:d1:64:
         20:e2:f2:8f:6d:bd:07:da:4d:1a:6b:77:ee:f7:16:ce:e5:4e:
         f2:eb:80:3b:d7:6f:6c:ae:3d:91:95:4d:58:92:f3:21:61:f3:
         95:ee:9d:0c:54:57:36:4a:1e:38:44:70:98:ec:65:27:89:9e:
         37:54:f3:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTXWoyF06C9rMnuduG4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRkMTE1NTQyNDdiZDJiZDMwMWNlYTQzZmY1MTgwMzcy
YzM4ZTQwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTU2MWMwYTc3NjdmZjIzZjZhMTNkNDA2MDY4ZmZmMzIwY2JjODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoFNDfOmAgpsNzgCZRMtzFJFroW5
oHKcOLdh6k+sqpYprz+RFuA5TMBw5x9SrTgUrOgZfyMRJHq8V6QbRWs9pAgPk4H5
yXKX+OUE5xeYnr8xm9pFI2E/7mDzSpxqj2UGke4YXxddjxh/bpYSKP2wqQlnRX/p
XPbhx1laGfzkifqdZ+tvLzdM2swuzCgEufZ91yJEbyU54xWVd1OaJVpa/jujl2Q6
IQQ+STglnYbzV/0At5rupou62Xx3ZKMPRLWJfVephnW4m9J7z7kZTPOAzzHBrI4T
cqgdmxmfVu67Bjf5b7KfM+0JXTfaNe4ecaTTOz+OROeDo+W/7vCLyUnyWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5WHAp3Z/8j9qE9QGBo//Mgy8ifMB8GA1UdIwQY
MBaAFBpN0RVUJHvSvTAc6kP/UYA3LDjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUt
M2JhNWYzMGNhYWJmLzEvYmxZY0NuZG5feVAyb1QxQVlHal84eURMeUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUtM2JhNWYzMGNhYWJm
LzEvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucA4MA0G
CSqGSIb3DQEBCwUAA4IBAQCIwNRjUBj3NfJiKda8bpJWHqwA+vi898j3dD2HH75Z
KEB+esfCPusyZa60TN4chKWBSouBpeTRx9I5cUWLvBYUGO3J4XooO6Lmf3ktTVQb
vC5wjpsAiroVIkcMmhdc34sJkhTo8mFdYgh7SutUQzg0VqicPqoie1hULpLkr/rL
aKpqkqHHjBhiFDCTpSacixqIpaf9gGN0KM/nTiE++DJHjo/WH+afrFyx7gGgKRB/
He0UcATtKBsIJy7IvxEpR2nDZWUJ0WQg4vKPbb0H2k0aa3fu9xbO5U7y64A7129s
rj2RlU1YkvMhYfOV7p0MVFc2Sh44RHCY7GUniZ43VPOz
-----END CERTIFICATE-----