Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/ODTGcFOEUPRBa9bYv4_YAlR8uR8.roa
File:                     ODTGcFOEUPRBa9bYv4_YAlR8uR8.roa (raw, json)
Hash identifier:          hv1jQUkZJs+wme2QKyOmLQEvmvE5SZjPnuv/Ico5ROI=
Subject key identifier:   38:34:C6:70:53:84:50:F4:41:6B:D6:D8:BF:8F:D8:02:54:7C:B9:1F
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       018CC94E49A4B1ABB693B5C222DB705F876C
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/ODTGcFOEUPRBa9bYv4_YAlR8uR8.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211632
IP address blocks:        185.190.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:49:a4:b1:ab:b6:93:b5:c2:22:db:70:5f:87:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3834c670538450f4416bd6d8bf8fd802547cb91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3d:6c:d1:4e:f5:c6:03:67:06:f9:e5:05:9a:
                    49:53:9a:03:4f:12:f5:49:8f:8e:e7:27:68:ef:03:
                    3e:d7:fc:82:a7:ad:0e:cf:0e:ce:84:5e:74:7b:54:
                    3b:26:b9:b4:2d:38:99:c5:dc:92:4f:a9:c5:a6:e8:
                    28:91:5f:31:52:fa:ff:50:a0:2e:f9:37:ff:7b:e4:
                    2b:bb:1b:3e:6f:7a:18:ca:f0:44:c6:50:de:6c:64:
                    a6:e6:5d:95:b3:d4:82:a8:6a:04:c9:d8:06:8a:db:
                    f8:e1:55:0c:f3:87:b5:bc:ea:40:77:09:89:af:88:
                    f4:1f:64:2c:fd:a1:1f:20:fc:b5:c1:97:d2:26:a6:
                    a1:76:08:a5:66:10:fa:59:33:61:5a:a5:77:a9:0e:
                    46:f5:f6:39:73:3b:a1:9b:8c:5c:55:ab:a5:17:97:
                    f0:5c:94:b1:c7:5e:40:61:e1:ab:a8:67:5e:ac:c3:
                    17:a9:47:dd:74:bc:42:bc:ad:36:df:64:61:0e:e8:
                    25:d6:83:6b:d8:1f:85:4d:f8:d0:8d:5d:2f:63:fd:
                    78:dd:a3:09:3d:1f:40:bb:8f:ca:ee:74:3e:64:a0:
                    8f:c0:22:c5:bf:b1:1a:d5:6b:57:ab:82:19:c2:00:
                    77:d5:e3:cd:2b:6b:65:94:d1:65:0e:5b:8a:fb:9e:
                    d4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:34:C6:70:53:84:50:F4:41:6B:D6:D8:BF:8F:D8:02:54:7C:B9:1F
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/ODTGcFOEUPRBa9bYv4_YAlR8uR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:89:7f:e6:c0:9f:56:67:ee:8e:eb:9a:22:8d:ec:4c:29:ac:
         15:5d:dd:f0:d5:fd:3a:4b:f6:c5:66:ae:94:15:01:7a:96:59:
         10:24:6c:3d:96:56:9d:62:f2:41:a0:93:29:c3:25:7b:5c:36:
         67:9f:ae:a7:e2:8c:bf:65:9f:4a:fb:79:68:bf:25:cc:df:c0:
         ec:68:82:98:79:35:39:38:3a:ff:32:03:23:33:5a:59:70:5a:
         5a:6a:55:4f:9c:dc:af:d1:d0:73:95:f8:f8:27:32:97:d4:af:
         d9:37:11:15:4c:05:a9:13:3f:82:06:f1:74:d8:ff:5c:1f:9b:
         3c:fd:16:74:bd:42:06:ba:95:12:bd:bb:54:84:9e:6a:74:c8:
         af:f3:5f:14:63:2a:d4:d1:08:52:d5:e1:7d:00:14:e4:41:12:
         ec:23:73:2c:d1:8a:29:c7:91:7e:a7:04:30:ed:18:93:90:e1:
         a8:11:63:f5:c1:9e:0e:4b:d4:5d:20:19:45:f5:cd:bd:25:be:
         74:d6:cd:e3:9e:d7:58:ce:f3:4b:87:f8:c4:08:9c:5a:24:2f:
         8f:94:92:01:12:38:b5:2b:f1:08:88:90:c1:3c:69:f7:3b:fc:
         a3:d3:4b:e0:c9:3a:0f:77:d1:48:27:f4:35:02:fa:b7:c6:3c:
         3c:a8:8d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkmksau2k7XCIttwX4dsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM0YzY3MDUzODQ1MGY0NDE2YmQ2ZDhiZjhmZDgwMjU0N2NiOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD1s0U71xgNnBvnlBZpJU5oDTxL1
SY+O5ydo7wM+1/yCp60Ozw7OhF50e1Q7Jrm0LTiZxdyST6nFpugokV8xUvr/UKAu
+Tf/e+Qruxs+b3oYyvBExlDebGSm5l2Vs9SCqGoEydgGitv44VUM84e1vOpAdwmJ
r4j0H2Qs/aEfIPy1wZfSJqahdgilZhD6WTNhWqV3qQ5G9fY5czuhm4xcVaulF5fw
XJSxx15AYeGrqGderMMXqUfddLxCvK0232RhDugl1oNr2B+FTfjQjV0vY/143aMJ
PR9Au4/K7nQ+ZKCPwCLFv7Ea1WtXq4IZwgB31ePNK2tllNFlDluK+57UTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg0xnBThFD0QWvW2L+P2AJUfLkfMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvT0RUR2NGT0VVUFJCYTliWXY0X1lBbFI4dVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub4YMA0G
CSqGSIb3DQEBCwUAA4IBAQAmiX/mwJ9WZ+6O65oijexMKawVXd3w1f06S/bFZq6U
FQF6llkQJGw9lladYvJBoJMpwyV7XDZnn66n4oy/ZZ9K+3lovyXM38DsaIKYeTU5
ODr/MgMjM1pZcFpaalVPnNyv0dBzlfj4JzKX1K/ZNxEVTAWpEz+CBvF02P9cH5s8
/RZ0vUIGupUSvbtUhJ5qdMiv818UYyrU0QhS1eF9ABTkQRLsI3Ms0Yopx5F+pwQw
7RiTkOGoEWP1wZ4OS9RdIBlF9c29Jb501s3jntdYzvNLh/jECJxaJC+PlJIBEji1
K/EIiJDBPGn3O/yj00vgyToPd9FIJ/Q1Avq3xjw8qI3F
-----END CERTIFICATE-----