Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/226Df1BZCl1nYoSYmzwSiJ10DcA.roa
File:                     226Df1BZCl1nYoSYmzwSiJ10DcA.roa (raw, json)
Hash identifier:          drzeJa/RSsNVVRYoa3dyI/noXcgYyLvl+SmKQZr4o2s=
Subject key identifier:   DB:6E:83:7F:50:59:0A:5D:67:62:84:98:9B:3C:12:88:9D:74:0D:C0
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       0190EB668BEA4F0CD7B1BCB2982FC2214A02
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/226Df1BZCl1nYoSYmzwSiJ10DcA.roa
Signing time:             Thu 25 Jul 2024 19:38:04 +0000
ROA not before:           Thu 25 Jul 2024 19:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        185.143.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:eb:66:8b:ea:4f:0c:d7:b1:bc:b2:98:2f:c2:21:4a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jul 25 19:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db6e837f50590a5d676284989b3c12889d740dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:33:97:92:8c:37:e9:2b:1d:de:92:f8:43:99:
                    c6:fe:df:2e:e2:ff:32:60:35:58:ad:da:6b:2d:8e:
                    2b:7b:7d:dc:ae:4b:1d:58:c6:7e:e2:f3:76:bc:5e:
                    8a:88:39:87:56:a4:ad:57:70:15:61:5c:d1:7b:19:
                    fa:57:c8:84:68:a2:98:6e:08:3c:89:f1:68:23:ca:
                    14:d6:30:d8:90:07:9d:be:88:89:36:6e:83:ec:8f:
                    58:26:9e:20:66:a1:ad:d3:fb:a2:e2:d0:ad:5d:74:
                    4d:27:8d:c5:ca:0a:d4:64:1b:de:45:43:91:40:c7:
                    9f:96:5c:85:84:6c:bb:07:2e:e8:e3:f6:b0:38:aa:
                    44:a7:d8:5c:42:79:e6:45:b6:8b:f2:84:96:f7:4e:
                    37:d9:00:a5:98:3f:4e:d2:80:68:6c:aa:f8:d5:c5:
                    0e:9a:b9:4b:32:84:7c:e5:b1:75:28:ee:97:4f:ba:
                    83:f2:f6:38:3c:e3:bd:10:b8:d3:60:4a:59:a7:9e:
                    80:fe:8a:cd:03:1c:a7:71:2b:db:89:22:85:51:d5:
                    d5:ea:b1:e1:9d:6c:eb:ac:85:4e:68:2d:8b:05:19:
                    5c:16:a0:cd:15:d3:9b:42:09:25:c5:9b:ce:81:34:
                    ac:72:40:06:b9:5c:f6:71:88:29:18:78:8d:a8:f3:
                    47:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6E:83:7F:50:59:0A:5D:67:62:84:98:9B:3C:12:88:9D:74:0D:C0
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/226Df1BZCl1nYoSYmzwSiJ10DcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b8:7f:28:09:8b:19:f8:06:24:eb:a8:87:d8:b4:0d:27:32:
         47:7e:79:fd:83:33:bb:ed:90:e3:48:91:16:88:28:80:cb:ed:
         14:53:a6:28:14:db:ec:93:29:c9:7c:d7:c6:de:fe:c1:9a:16:
         25:37:52:f1:90:90:d4:ba:66:00:a6:95:f0:4c:b2:3b:f8:95:
         88:6c:46:77:ca:d2:0e:fd:57:60:bb:e3:a2:fb:56:6b:f3:e0:
         3e:8e:4c:bc:8e:db:ec:62:6d:a2:c4:7b:fe:c9:6b:c2:20:80:
         c4:63:c0:aa:1e:de:46:4f:bd:09:c3:53:b0:0e:7d:35:ea:04:
         62:22:16:ae:d6:6c:c7:44:7a:07:72:83:cc:e5:95:f1:8a:cf:
         69:20:f7:03:82:cc:62:48:67:e9:5b:86:ba:7b:08:71:82:c6:
         4f:31:1d:d6:fa:8a:80:bc:13:00:0b:e7:23:59:68:85:71:a5:
         14:6d:7e:fc:9c:eb:dd:4f:eb:5b:50:cf:6f:9a:42:af:3c:ce:
         f1:55:1b:7b:ff:c9:7f:fa:cc:05:c1:95:80:98:ab:41:58:5f:
         b7:52:1f:ff:4a:bc:5e:e8:cf:4d:47:86:d8:70:fe:9e:2f:28:
         d0:ba:5d:14:16:3b:65:b5:f9:11:e4:fa:44:7c:97:60:ce:06:
         b2:15:77:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDrZovqTwzXsbyymC/CIUoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjQwNzI1MTkzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjZlODM3ZjUwNTkwYTVkNjc2Mjg0OTg5YjNjMTI4ODlkNzQwZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzOXkow36Ssd3pL4Q5nG/t8u4v8y
YDVYrdprLY4re33crksdWMZ+4vN2vF6KiDmHVqStV3AVYVzRexn6V8iEaKKYbgg8
ifFoI8oU1jDYkAedvoiJNm6D7I9YJp4gZqGt0/ui4tCtXXRNJ43FygrUZBveRUOR
QMefllyFhGy7By7o4/awOKpEp9hcQnnmRbaL8oSW90432QClmD9O0oBobKr41cUO
mrlLMoR85bF1KO6XT7qD8vY4POO9ELjTYEpZp56A/orNAxyncSvbiSKFUdXV6rHh
nWzrrIVOaC2LBRlcFqDNFdObQgklxZvOgTSsckAGuVz2cYgpGHiNqPNHbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtug39QWQpdZ2KEmJs8EoiddA3AMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvMjI2RGYxQlpDbDFuWW9TWW16d1NpSjEwRGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQAEuH8oCYsZ+AYk66iH2LQNJzJHfnn9gzO77ZDjSJEW
iCiAy+0UU6YoFNvskynJfNfG3v7BmhYlN1LxkJDUumYAppXwTLI7+JWIbEZ3ytIO
/Vdgu+Oi+1Zr8+A+jky8jtvsYm2ixHv+yWvCIIDEY8CqHt5GT70Jw1OwDn016gRi
Ihau1mzHRHoHcoPM5ZXxis9pIPcDgsxiSGfpW4a6ewhxgsZPMR3W+oqAvBMAC+cj
WWiFcaUUbX78nOvdT+tbUM9vmkKvPM7xVRt7/8l/+swFwZWAmKtBWF+3Uh//Srxe
6M9NR4bYcP6eLyjQul0UFjtltfkR5PpEfJdgzgayFXcw
-----END CERTIFICATE-----