Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/HxAaK-of1gI5EaSllz4LZXX1Ek4.roa
File:                     HxAaK-of1gI5EaSllz4LZXX1Ek4.roa (raw, json)
Hash identifier:          kA+a98DMJY99C70TTgU8UbMDBXn3FyijtLWwOQL/0G0=
Subject key identifier:   1F:10:1A:2B:EA:1F:D6:02:39:11:A4:A5:97:3E:0B:65:75:F5:12:4E
Certificate issuer:       /CN=425bf4375f17a0357019690301f9419324ff7d44
Certificate serial:       018CC8713F83AE7F8AEEE04EF8C822392C8E
Authority key identifier: 42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/HxAaK-of1gI5EaSllz4LZXX1Ek4.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199989
IP address blocks:        185.6.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3f:83:ae:7f:8a:ee:e0:4e:f8:c8:22:39:2c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=425bf4375f17a0357019690301f9419324ff7d44
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f101a2bea1fd6023911a4a5973e0b6575f5124e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a6:1d:aa:1c:98:36:9d:7a:a8:ab:25:07:a9:
                    e2:87:29:de:7b:c4:ef:16:ec:23:7d:38:bb:dd:d1:
                    e0:81:3d:e0:be:f4:3a:54:e0:22:63:4c:c9:d0:79:
                    92:38:94:d3:b4:c4:ee:fe:27:fc:44:41:8e:54:86:
                    86:bb:b2:1d:2f:a1:a1:dc:72:8d:97:6c:44:88:5f:
                    9f:88:fb:c8:1b:40:f9:fe:1c:eb:3b:b5:f0:f2:b2:
                    c6:0b:8e:b0:e3:c0:dd:9d:91:54:3d:ff:3f:49:c9:
                    a5:1b:91:5c:fa:1a:e1:17:16:92:1a:3a:c2:0d:53:
                    93:85:91:8a:e0:1d:ad:44:91:40:d2:53:dd:6a:80:
                    86:3e:fb:89:64:e5:b1:e3:18:4e:c1:66:42:ea:cd:
                    a1:33:e5:37:32:86:45:d1:db:3c:1d:f2:fc:a7:11:
                    91:59:7e:b1:d1:2a:09:ee:42:c0:78:c6:f0:94:aa:
                    16:d9:34:aa:5c:d0:8e:51:54:11:b2:cd:fc:4f:ca:
                    9b:e0:fb:cf:98:e0:d8:c9:24:f4:1b:31:54:a1:2d:
                    9f:f0:b0:bf:61:02:c0:3f:e8:21:29:62:31:e6:c7:
                    3c:6c:0c:d6:43:d9:01:ef:84:20:8f:03:45:63:6a:
                    fd:b0:a9:5b:f9:4d:a7:e2:38:35:3c:36:4a:d5:c8:
                    5c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:10:1A:2B:EA:1F:D6:02:39:11:A4:A5:97:3E:0B:65:75:F5:12:4E
            X509v3 Authority Key Identifier:
                keyid:42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/HxAaK-of1gI5EaSllz4LZXX1Ek4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:5a:f9:3d:46:8d:6e:54:1a:35:e1:b1:63:5c:c3:38:27:af:
         ae:e8:5e:2b:a4:59:2f:21:ff:f1:e2:b0:15:2e:01:2b:84:36:
         a8:51:a7:85:b6:66:29:ba:7a:f6:b1:68:c7:7a:87:5c:68:48:
         89:66:1c:43:b6:87:0a:dd:62:cf:17:f0:b7:bc:17:da:aa:e4:
         51:8d:f9:29:6f:29:7d:5c:b1:69:1b:ba:2f:d1:ad:03:1f:ee:
         c7:c4:b1:bc:2e:64:7a:08:d9:ff:67:cd:c1:a7:48:e8:4e:56:
         01:4c:f7:6a:2f:54:9c:50:7b:c4:f4:a5:08:99:9e:0e:f6:ae:
         b1:fa:4c:06:d4:5c:1f:e4:7b:c4:4d:84:8d:46:17:38:d9:17:
         c7:14:ce:da:04:bd:93:3c:86:09:5c:3a:6f:89:67:7a:c5:40:
         ad:c8:8d:d0:22:b3:2b:dd:df:54:c7:92:c4:7a:bd:a0:e3:3e:
         2a:05:c1:70:2b:74:d5:49:a8:2e:ce:ba:da:d1:98:4a:16:84:
         f2:e6:5d:9b:f6:36:33:d9:6e:2f:b0:5a:cd:46:30:a3:c3:95:
         0c:1a:52:4b:05:67:6a:c1:b1:3d:2a:2a:63:cd:5a:16:4d:4c:
         7e:c3:8a:53:28:d5:3a:fa:3e:f7:e6:9b:a3:85:0e:f0:19:85:
         cd:1a:ef:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcT+Drn+K7uBO+MgiOSyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNWJmNDM3NWYxN2EwMzU3MDE5NjkwMzAxZjk0MTkzMjRm
ZjdkNDQwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjEwMWEyYmVhMWZkNjAyMzkxMWE0YTU5NzNlMGI2NTc1ZjUxMjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6YdqhyYNp16qKslB6nihynee8Tv
FuwjfTi73dHggT3gvvQ6VOAiY0zJ0HmSOJTTtMTu/if8REGOVIaGu7IdL6Gh3HKN
l2xEiF+fiPvIG0D5/hzrO7Xw8rLGC46w48DdnZFUPf8/ScmlG5Fc+hrhFxaSGjrC
DVOThZGK4B2tRJFA0lPdaoCGPvuJZOWx4xhOwWZC6s2hM+U3MoZF0ds8HfL8pxGR
WX6x0SoJ7kLAeMbwlKoW2TSqXNCOUVQRss38T8qb4PvPmODYyST0GzFUoS2f8LC/
YQLAP+ghKWIx5sc8bAzWQ9kB74QgjwNFY2r9sKlb+U2n4jg1PDZK1chczQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8QGivqH9YCORGkpZc+C2V19RJOMB8GA1UdIwQY
MBaAFEJb9DdfF6A1cBlpAwH5QZMk/31EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWx2ME4xOFhvRFZ3R1drREFmbEJreVRfZlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMjhhNzUtZDUzZi00ZTlmLTgyZGQt
ZjBlZDhmZTgyYjk3LzEvSHhBYUstb2YxZ0k1RWFTbGx6NExaWFgxRWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMjhhNzUtZDUzZi00ZTlmLTgyZGQtZjBlZDhmZTgyYjk3
LzEvUWx2ME4xOFhvRFZ3R1drREFmbEJreVRfZlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQZBMA0G
CSqGSIb3DQEBCwUAA4IBAQBZWvk9Ro1uVBo14bFjXMM4J6+u6F4rpFkvIf/x4rAV
LgErhDaoUaeFtmYpunr2sWjHeodcaEiJZhxDtocK3WLPF/C3vBfaquRRjfkpbyl9
XLFpG7ov0a0DH+7HxLG8LmR6CNn/Z83Bp0joTlYBTPdqL1ScUHvE9KUImZ4O9q6x
+kwG1Fwf5HvETYSNRhc42RfHFM7aBL2TPIYJXDpviWd6xUCtyI3QIrMr3d9Ux5LE
er2g4z4qBcFwK3TVSaguzrra0ZhKFoTy5l2b9jYz2W4vsFrNRjCjw5UMGlJLBWdq
wbE9KipjzVoWTUx+w4pTKNU6+j735pujhQ7wGYXNGu9T
-----END CERTIFICATE-----