Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/KWP8glNzaUxDx7ImTRsmAJhFF18.roa
File:                     KWP8glNzaUxDx7ImTRsmAJhFF18.roa (raw, json)
Hash identifier:          KZq1LBkEz6vE/VUFwSze6mzoGNLjjepumeI3sNxgREI=
Subject key identifier:   29:63:FC:82:53:73:69:4C:43:C7:B2:26:4D:1B:26:00:98:45:17:5F
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0190DDFDD79BC95DA8AFD5C966C2FAB03271
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/KWP8glNzaUxDx7ImTRsmAJhFF18.roa
Signing time:             Tue 23 Jul 2024 05:08:38 +0000
ROA not before:           Tue 23 Jul 2024 05:08:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21856
IP address blocks:        185.217.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:dd:fd:d7:9b:c9:5d:a8:af:d5:c9:66:c2:fa:b0:32:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jul 23 05:08:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2963fc825373694c43c7b2264d1b26009845175f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:dd:be:62:22:d0:26:6e:d2:c3:e5:b8:78:
                    90:ed:e3:df:d3:8d:cd:93:a2:b4:3c:e1:54:71:58:
                    e8:14:56:14:fd:ff:24:8c:39:6c:4f:12:76:8b:c9:
                    f5:53:68:8f:ad:59:e2:83:46:cd:b5:2c:ee:3d:9b:
                    7a:9e:78:87:07:f6:6e:f1:a5:cb:b4:bf:34:de:ec:
                    63:da:77:ad:9b:72:35:dd:62:1c:96:af:53:18:ab:
                    9b:00:80:af:a5:f5:a9:16:68:2a:ec:ce:3b:f1:56:
                    f2:6f:26:aa:f9:03:74:c5:5e:57:0c:b6:58:81:c5:
                    40:39:c3:58:30:93:cd:b8:c0:34:e7:26:17:e0:23:
                    87:c6:0d:86:f5:64:4d:5e:74:c7:78:82:1d:ce:89:
                    b6:a0:57:ea:e9:8d:d7:77:29:aa:40:e6:3b:e5:72:
                    37:78:5e:0b:34:b4:73:71:66:25:8b:b9:00:a7:e7:
                    04:4f:31:f8:d6:46:c0:b3:b0:66:a5:47:53:66:cc:
                    8a:4c:09:e9:a5:46:ed:78:26:b1:3a:66:79:bd:d3:
                    50:b7:89:ff:be:16:41:8e:24:94:08:5b:62:e6:df:
                    07:0d:ab:f3:5c:fe:d9:ea:83:55:d5:55:42:a2:34:
                    24:47:08:14:b1:69:f0:36:cd:6e:1e:00:9c:72:34:
                    eb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:63:FC:82:53:73:69:4C:43:C7:B2:26:4D:1B:26:00:98:45:17:5F
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/KWP8glNzaUxDx7ImTRsmAJhFF18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:30:88:9f:dd:f7:45:81:86:fc:54:2a:91:7e:b8:69:b1:e9:
         d7:22:dc:ec:ce:af:40:d7:b0:65:d7:ae:54:c4:24:88:ca:a9:
         c2:82:5e:8a:28:7c:02:94:ec:aa:b1:e9:e2:ca:e6:01:2d:40:
         5e:64:c1:2f:69:79:e8:11:61:c9:54:17:a6:2a:b0:ce:7f:54:
         61:8e:bf:aa:0d:88:3c:5c:d6:03:61:68:30:cf:00:bb:30:f6:
         1f:2c:f8:7d:03:87:cc:bc:bf:88:0e:84:51:10:d6:d6:3d:bb:
         94:dc:cb:f7:df:31:10:08:c2:f7:dd:ac:86:42:af:63:f9:f2:
         d1:1b:fb:12:89:c3:42:96:8f:a3:35:50:6b:7a:85:58:24:b1:
         0c:7b:37:76:d5:53:cb:78:58:d0:65:f3:6c:40:c9:76:6e:e2:
         90:40:1f:00:9f:c7:4e:bb:4a:c4:5b:4c:4b:20:4d:dd:4a:e4:
         de:60:a8:c6:08:06:b5:ce:3d:5a:1d:f5:4d:9c:e3:09:96:64:
         24:5c:75:3b:68:27:b4:5e:da:d8:13:b8:a9:bb:10:fa:f2:5f:
         8b:77:8f:d4:20:96:d5:c7:e7:34:a6:69:fa:d1:84:8c:a3:68:
         83:5e:2c:f8:88:65:87:b5:83:50:19:97:32:21:4a:ae:38:da:
         93:61:12:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDd/debyV2or9XJZsL6sDJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNzIzMDUwODM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTYzZmM4MjUzNzM2OTRjNDNjN2IyMjY0ZDFiMjYwMDk4NDUxNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw3dvmIi0CZu0sPluHiQ7ePf043N
k6K0POFUcVjoFFYU/f8kjDlsTxJ2i8n1U2iPrVnig0bNtSzuPZt6nniHB/Zu8aXL
tL803uxj2netm3I13WIclq9TGKubAICvpfWpFmgq7M478Vbybyaq+QN0xV5XDLZY
gcVAOcNYMJPNuMA05yYX4COHxg2G9WRNXnTHeIIdzom2oFfq6Y3XdymqQOY75XI3
eF4LNLRzcWYli7kAp+cETzH41kbAs7BmpUdTZsyKTAnppUbteCaxOmZ5vdNQt4n/
vhZBjiSUCFti5t8HDavzXP7Z6oNV1VVCojQkRwgUsWnwNs1uHgCccjTrOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClj/IJTc2lMQ8eyJk0bJgCYRRdfMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvS1dQOGdsTnphVXhEeDdJbVRSc21BSmhGRjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudnCMA0G
CSqGSIb3DQEBCwUAA4IBAQA9MIif3fdFgYb8VCqRfrhpsenXItzszq9A17Bl165U
xCSIyqnCgl6KKHwClOyqseniyuYBLUBeZMEvaXnoEWHJVBemKrDOf1Rhjr+qDYg8
XNYDYWgwzwC7MPYfLPh9A4fMvL+IDoRRENbWPbuU3Mv33zEQCML33ayGQq9j+fLR
G/sSicNClo+jNVBreoVYJLEMezd21VPLeFjQZfNsQMl2buKQQB8An8dOu0rEW0xL
IE3dSuTeYKjGCAa1zj1aHfVNnOMJlmQkXHU7aCe0XtrYE7ipuxD68l+Ld4/UIJbV
x+c0pmn60YSMo2iDXiz4iGWHtYNQGZcyIUquONqTYRKt
-----END CERTIFICATE-----