Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/cuXw-wdQy7ClKOiXtJsAUlqBFhQ.roa
File:                     cuXw-wdQy7ClKOiXtJsAUlqBFhQ.roa (raw, json)
Hash identifier:          pRPAxhwSkPdf89m90G0Oz7e+/dRd8EhHZr9dR7uQdbk=
Subject key identifier:   72:E5:F0:FB:07:50:CB:B0:A5:28:E8:97:B4:9B:00:52:5A:81:16:14
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018CC727061A8EF622A35574BC68410ED5CB
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/cuXw-wdQy7ClKOiXtJsAUlqBFhQ.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        185.189.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:06:1a:8e:f6:22:a3:55:74:bc:68:41:0e:d5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72e5f0fb0750cbb0a528e897b49b00525a811614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:2a:ea:16:7d:d1:27:79:be:90:e4:30:7d:
                    d9:9a:bd:9c:b0:5a:c6:84:1c:04:9e:36:c1:42:4c:
                    ec:fb:43:d3:6f:44:22:6a:41:55:7c:ba:79:bf:6c:
                    fc:89:1b:ee:3f:b3:c1:87:f3:b3:f2:a6:d1:6c:b0:
                    6d:e8:ab:4d:3d:ae:7d:b2:78:30:e9:a9:3a:c9:e0:
                    2c:59:6b:14:ad:ec:b5:57:0b:e8:14:a7:24:c7:03:
                    28:69:a3:0f:d4:50:94:d8:3b:fd:dd:9b:6f:2c:0d:
                    74:9a:3c:e0:a9:f7:be:29:f0:69:c9:5b:68:36:2f:
                    f9:db:0b:23:3e:df:21:e1:33:0d:a6:f0:7f:51:e8:
                    0b:4f:3e:a8:8c:5f:d7:ba:91:9c:99:52:32:fb:83:
                    d2:db:1d:46:86:b8:13:d9:48:c2:3e:71:01:c9:40:
                    14:da:76:dc:b4:79:37:23:89:f2:92:a3:58:06:7e:
                    49:f7:d5:8b:48:31:fa:0f:bd:ff:c5:bc:06:c1:b3:
                    41:db:87:0b:90:0c:52:58:49:94:70:3c:6c:8a:8e:
                    f6:25:0c:a0:98:ea:64:92:72:61:f6:f5:10:02:a1:
                    a9:46:38:a0:e9:de:a7:aa:52:cd:a8:79:89:ce:05:
                    b6:54:75:77:22:bd:fd:02:13:8d:ef:d8:fd:71:d9:
                    a1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E5:F0:FB:07:50:CB:B0:A5:28:E8:97:B4:9B:00:52:5A:81:16:14
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/cuXw-wdQy7ClKOiXtJsAUlqBFhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:a5:fb:f5:42:f7:41:56:24:6b:a2:ef:bb:51:5c:ea:4f:b1:
         9c:aa:84:a7:b4:67:1f:68:81:00:16:ef:d3:54:6e:55:e7:a2:
         0c:5a:fe:3f:77:2e:7f:11:93:13:49:88:06:07:61:f1:60:7a:
         3c:d4:94:a4:6e:e7:fe:7e:ba:b9:10:b3:54:c8:a3:96:e6:80:
         67:27:a0:df:9d:44:38:b1:be:dc:18:0b:fa:9c:6d:86:8c:3a:
         43:8f:ab:e5:5e:f9:4a:56:0a:81:10:dc:02:49:d0:ac:65:48:
         f6:ea:6f:28:b8:6e:fb:6c:36:d1:25:4c:02:89:5d:20:c7:a3:
         00:a6:97:7b:cf:f2:77:8e:0f:1d:98:74:6a:9c:04:a0:1f:f5:
         93:d1:0f:ed:93:89:5b:11:43:3d:f0:f2:95:d5:1c:dc:60:2d:
         5a:45:1b:da:85:7f:21:b0:e7:f6:73:db:93:4c:da:39:28:96:
         92:bd:5c:5e:a0:08:70:26:85:91:f5:37:9d:f7:6c:58:9c:d2:
         88:de:2f:94:cc:10:67:6a:c8:25:1c:76:ad:72:5b:13:12:15:
         46:94:4c:9b:32:b7:9a:f8:13:31:e2:25:93:fd:5b:74:b9:e3:
         ab:40:de:48:05:20:9d:69:92:28:bc:0f:9a:c5:ed:0e:e2:3c:
         83:c2:b1:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwYajvYio1V0vGhBDtXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU1ZjBmYjA3NTBjYmIwYTUyOGU4OTdiNDliMDA1MjVhODExNjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDoq6hZ90Sd5vpDkMH3Zmr2csFrG
hBwEnjbBQkzs+0PTb0QiakFVfLp5v2z8iRvuP7PBh/Oz8qbRbLBt6KtNPa59sngw
6ak6yeAsWWsUrey1VwvoFKckxwMoaaMP1FCU2Dv93ZtvLA10mjzgqfe+KfBpyVto
Ni/52wsjPt8h4TMNpvB/UegLTz6ojF/XupGcmVIy+4PS2x1GhrgT2UjCPnEByUAU
2nbctHk3I4nykqNYBn5J99WLSDH6D73/xbwGwbNB24cLkAxSWEmUcDxsio72JQyg
mOpkknJh9vUQAqGpRjig6d6nqlLNqHmJzgW2VHV3Ir39AhON79j9cdmhjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLl8PsHUMuwpSjol7SbAFJagRYUMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvY3VYdy13ZFF5N0NsS09pWHRKc0FVbHFCRmhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub0hMA0G
CSqGSIb3DQEBCwUAA4IBAQCvpfv1QvdBViRrou+7UVzqT7GcqoSntGcfaIEAFu/T
VG5V56IMWv4/dy5/EZMTSYgGB2HxYHo81JSkbuf+frq5ELNUyKOW5oBnJ6DfnUQ4
sb7cGAv6nG2GjDpDj6vlXvlKVgqBENwCSdCsZUj26m8ouG77bDbRJUwCiV0gx6MA
ppd7z/J3jg8dmHRqnASgH/WT0Q/tk4lbEUM98PKV1RzcYC1aRRvahX8hsOf2c9uT
TNo5KJaSvVxeoAhwJoWR9Ted92xYnNKI3i+UzBBnasglHHatclsTEhVGlEybMrea
+BMx4iWT/Vt0ueOrQN5IBSCdaZIovA+axe0O4jyDwrEv
-----END CERTIFICATE-----