Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7lgKtf9sNL4j3Lv5I_O8H_8OzrI.roa
File:                     7lgKtf9sNL4j3Lv5I_O8H_8OzrI.roa (raw, json)
Hash identifier:          r7al6Ww9nL8Au7tu3L91ef9yCYqvvltWR2dHriSBnwY=
Subject key identifier:   EE:58:0A:B5:FF:6C:34:BE:23:DC:BB:F9:23:F3:BC:1F:FF:0E:CE:B2
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018FD95AF49D7409D6863443698915C4852C
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7lgKtf9sNL4j3Lv5I_O8H_8OzrI.roa
Signing time:             Sun 02 Jun 2024 14:29:27 +0000
ROA not before:           Sun 02 Jun 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.217.192.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d9:5a:f4:9d:74:09:d6:86:34:43:69:89:15:c4:85:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jun  2 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee580ab5ff6c34be23dcbbf923f3bc1fff0eceb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:78:8b:e4:8b:de:b8:13:72:f5:fe:d2:d4:
                    96:97:d2:40:41:5b:9c:fd:1a:27:66:94:ba:5d:d6:
                    c7:fb:ed:00:e9:b2:41:4b:1c:7b:23:0b:66:b6:74:
                    07:c1:23:2d:b8:5c:ff:ab:e6:41:ca:32:8d:b5:18:
                    a9:d0:4a:06:66:7f:c7:e7:1b:f6:96:05:d5:2a:f3:
                    cf:bb:b7:34:a1:27:76:39:21:00:df:57:e2:62:1b:
                    4f:2b:63:01:da:d0:24:a9:09:32:e4:e5:46:e3:17:
                    7e:86:95:b5:4e:39:39:06:66:4e:2c:ba:2c:77:15:
                    5a:b6:01:96:f9:21:d8:fc:c1:72:90:49:77:39:e6:
                    5c:37:a3:16:6c:80:19:54:be:c5:f7:e1:61:47:1a:
                    a8:29:37:b1:e5:a7:0b:6e:79:fd:50:8a:bf:ee:7e:
                    8f:f6:3a:33:3e:31:b3:dc:bc:90:d2:7a:77:9a:fd:
                    00:24:d7:4d:4a:e0:e4:db:aa:2b:e1:ea:ef:af:06:
                    f0:53:cb:3a:b9:93:33:a9:83:53:fa:b4:bf:0a:02:
                    e1:0d:9e:20:b9:d4:8e:68:1b:c4:9b:b9:c0:44:89:
                    e9:4c:be:23:b8:d9:9f:a0:09:44:99:1e:a3:38:62:
                    54:f4:23:72:84:89:fb:3b:0d:ba:89:bf:19:3e:2c:
                    33:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:58:0A:B5:FF:6C:34:BE:23:DC:BB:F9:23:F3:BC:1F:FF:0E:CE:B2
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7lgKtf9sNL4j3Lv5I_O8H_8OzrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:b0:fb:a4:88:1f:09:65:8a:3e:46:b3:05:15:2e:2a:9d:2e:
         84:98:9e:d0:4b:71:3e:7e:0b:55:6b:dd:81:56:72:b1:c7:7e:
         62:3f:28:26:64:e5:de:9d:de:e9:4a:05:0b:fe:23:9b:34:34:
         aa:3d:c4:1c:cd:ad:12:4f:e0:0f:3c:ca:58:ec:43:19:26:bd:
         c0:07:81:66:40:3a:2b:52:69:e2:a3:d1:6e:7d:7f:71:1b:bb:
         25:17:5d:ba:61:f5:79:65:92:a7:c3:f4:06:e4:c0:fa:c8:12:
         bf:eb:95:b9:6c:66:75:1d:80:7d:c8:c3:ad:e4:dc:c1:61:4c:
         80:30:0e:e8:14:f4:91:0a:0c:82:08:19:4b:6c:84:ae:fc:c5:
         ae:21:db:b3:6c:9f:e8:0c:82:b5:10:17:c5:c6:58:60:e3:ea:
         46:78:28:74:5a:27:02:75:c5:12:eb:a1:90:b2:09:05:cb:46:
         ac:81:09:da:a8:7f:be:29:c4:7a:86:ec:8c:70:e1:d8:40:14:
         69:61:77:2c:0b:73:04:93:11:ac:fe:c6:2c:67:9b:bf:24:6f:
         0a:8f:ba:90:b5:a0:58:48:3a:8a:c9:0b:3f:d4:64:43:76:3c:
         9d:03:a0:87:54:c4:6f:3c:af:ee:c0:9c:6f:56:9d:0f:69:2c:
         c4:15:c0:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/ZWvSddAnWhjRDaYkVxIUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNjAyMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTU4MGFiNWZmNmMzNGJlMjNkY2JiZjkyM2YzYmMxZmZmMGVjZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbB4i+SL3rgTcvX+0tSWl9JAQVuc
/RonZpS6XdbH++0A6bJBSxx7IwtmtnQHwSMtuFz/q+ZByjKNtRip0EoGZn/H5xv2
lgXVKvPPu7c0oSd2OSEA31fiYhtPK2MB2tAkqQky5OVG4xd+hpW1Tjk5BmZOLLos
dxVatgGW+SHY/MFykEl3OeZcN6MWbIAZVL7F9+FhRxqoKTex5acLbnn9UIq/7n6P
9jozPjGz3LyQ0np3mv0AJNdNSuDk26or4ervrwbwU8s6uZMzqYNT+rS/CgLhDZ4g
udSOaBvEm7nARInpTL4juNmfoAlEmR6jOGJU9CNyhIn7Ow26ib8ZPiwzYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5YCrX/bDS+I9y7+SPzvB//Ds6yMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvN2xnS3RmOXNOTDRqM0x2NUlfTzhIXzhPenJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudnAMA0G
CSqGSIb3DQEBCwUAA4IBAQADsPukiB8JZYo+RrMFFS4qnS6EmJ7QS3E+fgtVa92B
VnKxx35iPygmZOXend7pSgUL/iObNDSqPcQcza0ST+APPMpY7EMZJr3AB4FmQDor
Umnio9FufX9xG7slF126YfV5ZZKnw/QG5MD6yBK/65W5bGZ1HYB9yMOt5NzBYUyA
MA7oFPSRCgyCCBlLbISu/MWuIduzbJ/oDIK1EBfFxlhg4+pGeCh0WicCdcUS66GQ
sgkFy0asgQnaqH++KcR6huyMcOHYQBRpYXcsC3MEkxGs/sYsZ5u/JG8Kj7qQtaBY
SDqKyQs/1GRDdjydA6CHVMRvPK/uwJxvVp0PaSzEFcCC
-----END CERTIFICATE-----