Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dEqc3UOoNjkcBENYHZ0uatmL18o.roa
File:                     dEqc3UOoNjkcBENYHZ0uatmL18o.roa (raw, json)
Hash identifier:          DWoNloh6v1CwMPJanUPaFRfiuxm/qX6c8c7Qn7qzcpk=
Subject key identifier:   74:4A:9C:DD:43:A8:36:39:1C:04:43:58:1D:9D:2E:6A:D9:8B:D7:CA
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0190DEE579C7732300D08D9B4C37C0EA4C2E
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dEqc3UOoNjkcBENYHZ0uatmL18o.roa
Signing time:             Tue 23 Jul 2024 09:21:39 +0000
ROA not before:           Tue 23 Jul 2024 09:21:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        185.217.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:e5:79:c7:73:23:00:d0:8d:9b:4c:37:c0:ea:4c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jul 23 09:21:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=744a9cdd43a836391c0443581d9d2e6ad98bd7ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4c:16:be:2c:9b:5d:76:5f:09:ba:bd:8a:53:
                    77:70:02:55:16:8c:55:66:01:22:a2:dc:07:99:06:
                    e2:93:e3:4d:c8:40:e3:69:79:c5:82:0a:20:f2:16:
                    a4:b7:39:a0:45:aa:00:59:e0:7f:2a:95:ce:50:22:
                    8b:a2:95:a6:a0:04:26:ce:34:fd:f6:b3:96:bf:0d:
                    72:58:ac:50:80:52:c3:16:2d:8b:d7:50:bb:cf:a1:
                    88:6c:a5:75:4c:77:40:5a:54:61:31:34:17:85:f5:
                    56:82:71:8a:20:64:f5:18:92:8f:02:ea:9e:4b:8b:
                    01:ce:c1:dd:fa:0a:6f:9f:ec:3b:51:df:58:bc:89:
                    94:9d:b8:b3:1d:ff:05:7f:f0:b4:16:ba:3c:99:96:
                    49:08:9f:b8:ef:e0:cb:62:81:a2:8e:f8:52:6a:1e:
                    85:f7:ae:b6:1a:94:e2:5f:0c:b8:90:05:da:f4:4b:
                    a1:08:0d:e5:ae:44:c7:11:71:b2:89:cc:81:7c:5d:
                    36:9a:ee:30:61:1d:36:33:47:4c:18:a8:42:ff:04:
                    57:23:88:a0:c2:8a:cb:50:c2:57:63:8e:66:fb:b9:
                    cf:df:00:48:d4:87:9f:b0:02:48:88:df:9f:bd:da:
                    eb:ee:37:0f:6f:aa:a5:0c:29:f3:99:5c:e0:3a:b2:
                    22:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:4A:9C:DD:43:A8:36:39:1C:04:43:58:1D:9D:2E:6A:D9:8B:D7:CA
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dEqc3UOoNjkcBENYHZ0uatmL18o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9f:7e:91:de:95:79:a3:a2:6b:95:43:20:fd:49:e7:ee:4a:
         fa:56:f2:44:72:e5:ea:14:56:4d:78:89:e1:b2:2d:9e:a6:24:
         6c:bf:24:4a:14:9a:06:ea:e1:8a:f8:7e:ba:b0:e8:22:91:45:
         9d:29:3d:4c:5c:43:5b:15:14:a0:80:d0:98:8d:11:45:63:85:
         41:e2:18:d0:00:26:2f:fd:d6:da:9a:6a:d4:c9:f4:a0:12:27:
         a8:b3:20:ab:b8:2e:3a:31:77:9a:4c:40:f7:52:9a:76:94:9c:
         7f:36:70:c1:e4:20:fa:3c:8f:94:7a:aa:b6:31:52:a5:0b:d7:
         74:23:92:31:4a:3b:b2:c6:29:08:39:f1:e3:e9:8f:96:a4:b1:
         1b:f0:b6:8b:8b:73:52:12:76:9a:b2:20:e7:a7:66:0f:00:06:
         34:82:7d:75:2f:d4:5e:92:81:c3:7b:02:3d:30:f3:91:b8:c5:
         66:96:a3:30:cd:0c:be:f9:e8:86:b2:13:f2:45:bc:35:d3:8b:
         84:98:a9:39:dc:a2:be:d7:aa:6e:a1:23:f7:80:f8:b8:f9:ae:
         c8:fb:f0:fe:b7:0c:18:67:e4:fd:67:05:6a:d6:0b:4f:fa:7e:
         9c:eb:97:4d:e5:b9:57:22:2a:87:c2:c7:78:fd:ca:22:b0:17:
         f1:01:63:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDe5XnHcyMA0I2bTDfA6kwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNzIzMDkyMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDRhOWNkZDQzYTgzNjM5MWMwNDQzNTgxZDlkMmU2YWQ5OGJkN2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EwWviybXXZfCbq9ilN3cAJVFoxV
ZgEiotwHmQbik+NNyEDjaXnFggog8haktzmgRaoAWeB/KpXOUCKLopWmoAQmzjT9
9rOWvw1yWKxQgFLDFi2L11C7z6GIbKV1THdAWlRhMTQXhfVWgnGKIGT1GJKPAuqe
S4sBzsHd+gpvn+w7Ud9YvImUnbizHf8Ff/C0Fro8mZZJCJ+47+DLYoGijvhSah6F
9662GpTiXwy4kAXa9EuhCA3lrkTHEXGyicyBfF02mu4wYR02M0dMGKhC/wRXI4ig
worLUMJXY45m+7nP3wBI1IefsAJIiN+fvdrr7jcPb6qlDCnzmVzgOrIiYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRKnN1DqDY5HARDWB2dLmrZi9fKMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvZEVxYzNVT29OamtjQkVOWUhaMHVhdG1MMThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudnCMA0G
CSqGSIb3DQEBCwUAA4IBAQA3n36R3pV5o6JrlUMg/Unn7kr6VvJEcuXqFFZNeInh
si2epiRsvyRKFJoG6uGK+H66sOgikUWdKT1MXENbFRSggNCYjRFFY4VB4hjQACYv
/dbammrUyfSgEieosyCruC46MXeaTED3Upp2lJx/NnDB5CD6PI+Ueqq2MVKlC9d0
I5IxSjuyxikIOfHj6Y+WpLEb8LaLi3NSEnaasiDnp2YPAAY0gn11L9RekoHDewI9
MPORuMVmlqMwzQy++eiGshPyRbw104uEmKk53KK+16puoSP3gPi4+a7I+/D+twwY
Z+T9ZwVq1gtP+n6c65dN5blXIiqHwsd4/coisBfxAWPk
-----END CERTIFICATE-----