Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/0kARTh58Qq5hDk9XQ3d85SaVGJk.roa
File:                     0kARTh58Qq5hDk9XQ3d85SaVGJk.roa (raw, json)
Hash identifier:          Wk6grWmY51jsbHu20ColtIULpqgAfTeG7L7CPctuxjs=
Subject key identifier:   D2:40:11:4E:1E:7C:42:AE:61:0E:4F:57:43:77:7C:E5:26:95:18:99
Certificate issuer:       /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial:       018D7E8D244DF1BB338A5BBAB15D7FD37BC5
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/0kARTh58Qq5hDk9XQ3d85SaVGJk.roa
Signing time:             Tue 06 Feb 2024 13:13:15 +0000
ROA not before:           Tue 06 Feb 2024 13:13:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204457
IP address blocks:        188.125.163.0/24 maxlen: 24
                          188.125.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:8d:24:4d:f1:bb:33:8a:5b:ba:b1:5d:7f:d3:7b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
        Validity
            Not Before: Feb  6 13:13:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d240114e1e7c42ae610e4f5743777ce526951899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4b:15:1d:91:da:0e:2e:29:24:29:9e:ca:c6:
                    f1:1a:51:12:ea:23:14:86:2b:2b:83:77:b0:6d:3d:
                    31:17:92:4c:d0:41:8a:53:cc:7e:6c:15:7c:77:92:
                    5d:eb:dc:3b:1d:66:95:37:58:b3:0a:c6:51:d6:6d:
                    0e:d5:1b:b8:e7:97:64:1c:5c:c4:9d:6d:ed:b8:cc:
                    a9:08:96:89:73:1b:8b:0d:95:58:dd:9d:d1:2c:7f:
                    8f:a5:1b:88:33:1f:50:4a:11:d4:ac:1b:6f:aa:da:
                    b6:ad:91:d1:2e:f4:38:c2:fa:51:ad:66:5b:5a:ba:
                    4a:11:c3:83:0c:19:77:5d:29:c2:e4:78:d2:af:17:
                    a9:37:b7:d2:9f:c5:11:a0:fe:c5:21:b9:31:96:e6:
                    dd:1a:e5:d4:39:13:c9:6b:a1:46:58:4a:db:37:81:
                    01:3b:d7:97:ef:1e:16:72:bd:2f:88:7f:22:79:3a:
                    34:80:ed:7d:64:28:27:f0:84:27:88:3b:13:4d:a4:
                    7f:57:97:e1:68:d0:f5:48:34:96:fd:e5:e8:70:0f:
                    fe:c5:ce:20:27:a7:db:5f:4f:64:c2:1c:45:eb:4d:
                    b8:29:db:4a:78:1b:5c:7d:ab:cb:d4:6c:9b:b8:f9:
                    0c:3b:3b:69:af:ba:d4:e0:9d:b4:a1:cf:03:6b:98:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:40:11:4E:1E:7C:42:AE:61:0E:4F:57:43:77:7C:E5:26:95:18:99
            X509v3 Authority Key Identifier:
                keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/0kARTh58Qq5hDk9XQ3d85SaVGJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.163.0/24
                  188.125.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:60:3f:1d:7b:b6:bf:82:a6:f4:24:00:09:e7:86:14:58:2d:
         1b:b8:b2:b7:6a:2c:05:ff:0e:97:6e:11:60:07:13:0b:85:20:
         9a:2e:1a:97:3f:b0:54:f3:63:f3:d4:bb:26:0f:2b:7a:3b:73:
         ac:bd:7c:f4:85:a4:c1:79:9b:d7:56:34:b4:a9:9b:aa:46:8a:
         61:28:97:af:0c:ef:72:dc:d2:fd:26:f3:08:a8:e6:23:3c:14:
         4d:61:ee:2f:18:20:d6:78:c4:45:82:51:2a:96:12:f4:53:84:
         45:50:72:79:8e:16:a6:7a:73:74:84:ab:8d:51:38:d7:22:bd:
         54:00:c7:ed:58:b2:87:06:75:bc:05:67:4e:d2:1b:38:14:fb:
         13:68:f8:35:ff:81:ed:23:c1:a3:cc:ae:d1:e3:1a:62:31:b2:
         7f:98:81:d6:69:77:04:a6:a7:0a:f8:80:55:98:3b:dd:0a:ed:
         8c:02:79:55:ab:a3:ec:84:32:fe:ba:6a:cd:14:e6:75:f7:11:
         91:b8:0b:90:e2:ac:e7:2e:fd:2c:b9:e8:aa:7d:33:20:bb:73:
         bb:9c:93:a2:49:76:a6:cc:af:d6:f8:f7:48:b9:0d:c0:23:fa:
         82:4f:c1:79:2e:ba:56:4d:f0:bf:3f:f6:24:aa:42:f8:dd:38:
         cf:53:b7:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1+jSRN8bszilu6sV1/03vFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjQwMjA2MTMxMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQwMTE0ZTFlN2M0MmFlNjEwZTRmNTc0Mzc3N2NlNTI2OTUxODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUsVHZHaDi4pJCmeysbxGlES6iMU
hisrg3ewbT0xF5JM0EGKU8x+bBV8d5Jd69w7HWaVN1izCsZR1m0O1Ru455dkHFzE
nW3tuMypCJaJcxuLDZVY3Z3RLH+PpRuIMx9QShHUrBtvqtq2rZHRLvQ4wvpRrWZb
WrpKEcODDBl3XSnC5HjSrxepN7fSn8URoP7FIbkxlubdGuXUORPJa6FGWErbN4EB
O9eX7x4Wcr0viH8ieTo0gO19ZCgn8IQniDsTTaR/V5fhaND1SDSW/eXocA/+xc4g
J6fbX09kwhxF6024KdtKeBtcfavL1GybuPkMOztpr7rU4J20oc8Da5j2cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNJAEU4efEKuYQ5PV0N3fOUmlRiZMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvMGtBUlRoNThRcTVoRGs5WFEzZDg1U2FWR0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvH2jAwQA
vH2qMA0GCSqGSIb3DQEBCwUAA4IBAQArYD8de7a/gqb0JAAJ54YUWC0buLK3aiwF
/w6XbhFgBxMLhSCaLhqXP7BU82Pz1LsmDyt6O3OsvXz0haTBeZvXVjS0qZuqRoph
KJevDO9y3NL9JvMIqOYjPBRNYe4vGCDWeMRFglEqlhL0U4RFUHJ5jhamenN0hKuN
UTjXIr1UAMftWLKHBnW8BWdO0hs4FPsTaPg1/4HtI8GjzK7R4xpiMbJ/mIHWaXcE
pqcK+IBVmDvdCu2MAnlVq6PshDL+umrNFOZ19xGRuAuQ4qznLv0sueiqfTMgu3O7
nJOiSXamzK/W+PdIuQ3AI/qCT8F5LrpWTfC/P/YkqkL43TjPU7e/
-----END CERTIFICATE-----