Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/dDGfxJgQDEhWRqruzToq6X8nEuU.roa
File:                     dDGfxJgQDEhWRqruzToq6X8nEuU.roa (raw, json)
Hash identifier:          JnU1eCYRmKhegJDAs13ooRBV55pedHqUqA7hj/wwMwM=
Subject key identifier:   74:31:9F:C4:98:10:0C:48:56:46:AA:EE:CD:3A:2A:E9:7F:27:12:E5
Certificate issuer:       /CN=1f9510606ad94c4f7c7a63e5c1ec26c40fb4aa88
Certificate serial:       01905F75426F41AAA95098D3B5148FF749E9
Authority key identifier: 1F:95:10:60:6A:D9:4C:4F:7C:7A:63:E5:C1:EC:26:C4:0F:B4:AA:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/dDGfxJgQDEhWRqruzToq6X8nEuU.roa
Signing time:             Fri 28 Jun 2024 15:27:18 +0000
ROA not before:           Fri 28 Jun 2024 15:27:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197722
IP address blocks:        185.28.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:75:42:6f:41:aa:a9:50:98:d3:b5:14:8f:f7:49:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f9510606ad94c4f7c7a63e5c1ec26c40fb4aa88
        Validity
            Not Before: Jun 28 15:27:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74319fc498100c485646aaeecd3a2ae97f2712e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:38:86:30:1c:73:d2:ca:5b:34:bb:1a:f4:2f:
                    1d:8b:aa:2d:43:5e:96:1c:72:d9:2f:62:dc:bd:72:
                    07:e4:a0:3e:9d:94:8f:2a:ba:b1:71:44:b7:70:b9:
                    06:77:7a:c0:89:0e:be:c8:8e:47:c0:8b:c3:6c:d1:
                    b9:24:da:92:0e:8c:e5:f6:47:4a:5c:78:42:21:dd:
                    8b:be:e9:45:ee:a9:e8:8a:01:f7:64:d5:01:65:fc:
                    80:55:88:3a:32:e1:c9:ec:36:b1:f5:bf:30:57:2f:
                    99:20:8a:d5:5a:6c:ae:41:56:6d:e8:43:2d:33:c3:
                    aa:eb:15:ee:08:cc:77:87:39:82:83:11:7d:41:ad:
                    24:b6:c6:c8:f2:2c:49:69:85:44:ba:fe:84:ae:a4:
                    48:28:3c:9b:91:9d:bf:93:2f:e3:ba:94:12:f1:2b:
                    2f:12:7d:52:d3:a5:2e:66:e3:0f:be:43:5a:64:61:
                    44:8c:39:6f:74:76:a0:18:19:82:02:f6:ad:cd:5b:
                    8f:de:94:1b:dc:2b:22:6f:18:e4:6c:c4:11:ea:dd:
                    1b:33:75:68:d5:a6:a0:6e:6d:5e:e0:e9:b6:22:8d:
                    ff:39:ae:3d:56:90:0b:e4:ee:74:71:9f:2f:b9:1e:
                    64:c7:e8:49:43:d9:5a:32:31:c3:ee:8b:1e:9b:db:
                    ee:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:31:9F:C4:98:10:0C:48:56:46:AA:EE:CD:3A:2A:E9:7F:27:12:E5
            X509v3 Authority Key Identifier:
                keyid:1F:95:10:60:6A:D9:4C:4F:7C:7A:63:E5:C1:EC:26:C4:0F:B4:AA:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/dDGfxJgQDEhWRqruzToq6X8nEuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:b0:b0:a7:eb:1a:17:a3:92:58:3a:b9:44:f5:2a:bd:3a:db:
         33:0f:de:30:62:32:1d:93:a3:42:68:39:1a:ca:e9:a7:6e:59:
         b0:4d:03:0c:e5:28:7b:87:9d:e4:22:ed:17:90:8f:6f:40:e1:
         e9:ec:ec:1c:48:1f:41:10:d6:57:d5:30:4f:2d:75:a3:03:0f:
         bc:da:3c:46:e7:a8:e1:43:c5:07:7b:2a:21:d4:cb:5e:c1:ad:
         fa:64:b6:9f:34:94:2d:87:d6:0d:68:86:8c:b7:f9:5d:32:c3:
         dc:06:e1:78:a4:a6:95:70:6c:00:c1:4c:1d:11:74:13:e9:79:
         18:18:f0:08:6d:42:cf:dc:85:95:f8:34:e4:ad:83:00:18:be:
         ef:fb:41:cc:97:06:fb:67:d3:83:7e:34:8e:9c:af:53:c2:2a:
         38:ac:d6:19:4e:bf:31:cf:74:b8:40:c3:80:c0:79:e7:8a:09:
         81:a7:b3:f4:37:6d:49:56:e1:b0:fe:91:08:50:84:68:fd:e5:
         ae:d1:8d:8a:9e:3d:27:35:67:b5:e1:33:29:eb:bf:99:7f:23:
         f4:09:05:8f:5f:a1:ef:7b:46:27:31:28:e2:8b:a4:b1:80:ce:
         c9:fc:41:0e:06:32:5e:0e:b9:80:a5:1b:2d:5f:41:0a:bd:dd:
         26:d7:1a:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBfdUJvQaqpUJjTtRSP90npMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTUxMDYwNmFkOTRjNGY3YzdhNjNlNWMxZWMyNmM0MGZi
NGFhODgwHhcNMjQwNjI4MTUyNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDMxOWZjNDk4MTAwYzQ4NTY0NmFhZWVjZDNhMmFlOTdmMjcxMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnziGMBxz0spbNLsa9C8di6otQ16W
HHLZL2LcvXIH5KA+nZSPKrqxcUS3cLkGd3rAiQ6+yI5HwIvDbNG5JNqSDozl9kdK
XHhCId2LvulF7qnoigH3ZNUBZfyAVYg6MuHJ7Dax9b8wVy+ZIIrVWmyuQVZt6EMt
M8Oq6xXuCMx3hzmCgxF9Qa0ktsbI8ixJaYVEuv6ErqRIKDybkZ2/ky/jupQS8Ssv
En1S06UuZuMPvkNaZGFEjDlvdHagGBmCAvatzVuP3pQb3CsibxjkbMQR6t0bM3Vo
1aagbm1e4Om2Io3/Oa49VpAL5O50cZ8vuR5kx+hJQ9laMjHD7osem9vuKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQxn8SYEAxIVkaq7s06Kul/JxLlMB8GA1UdIwQY
MBaAFB+VEGBq2UxPfHpj5cHsJsQPtKqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVVUVlHclpURTk4ZW1QbHdld214QS0wcW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zMGJmYjctM2M3ZC00N2Q3LWFjNjgt
OTQ2MmQ0ZTFjYzcyLzEvZERHZnhKZ1FERWhXUnFydXpUb3E2WDhuRXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zMGJmYjctM2M3ZC00N2Q3LWFjNjgtOTQ2MmQ0ZTFjYzcy
LzEvSDVVUVlHclpURTk4ZW1QbHdld214QS0wcW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRyoMA0G
CSqGSIb3DQEBCwUAA4IBAQCMsLCn6xoXo5JYOrlE9Sq9OtszD94wYjIdk6NCaDka
yumnblmwTQMM5Sh7h53kIu0XkI9vQOHp7OwcSB9BENZX1TBPLXWjAw+82jxG56jh
Q8UHeyoh1Mtewa36ZLafNJQth9YNaIaMt/ldMsPcBuF4pKaVcGwAwUwdEXQT6XkY
GPAIbULP3IWV+DTkrYMAGL7v+0HMlwb7Z9ODfjSOnK9Twio4rNYZTr8xz3S4QMOA
wHnnigmBp7P0N21JVuGw/pEIUIRo/eWu0Y2Knj0nNWe14TMp67+ZfyP0CQWPX6Hv
e0YnMSjii6SxgM7J/EEOBjJeDrmApRstX0EKvd0m1xon
-----END CERTIFICATE-----