Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_hXGXNbkYgo-iSToXBOgHSiv4sY.roa
File:                     _hXGXNbkYgo-iSToXBOgHSiv4sY.roa (raw, json)
Hash identifier:          LCAngRFHUBVu329bbLNcfmnHNQqDpgfKNMXWN8StZck=
Subject key identifier:   FE:15:C6:5C:D6:E4:62:0A:3E:89:24:E8:5C:13:A0:1D:28:AF:E2:C6
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018D364905B599042489E8D2761B04063EA2
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_hXGXNbkYgo-iSToXBOgHSiv4sY.roa
Signing time:             Tue 23 Jan 2024 12:26:11 +0000
ROA not before:           Tue 23 Jan 2024 12:26:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        185.255.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:49:05:b5:99:04:24:89:e8:d2:76:1b:04:06:3e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan 23 12:26:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe15c65cd6e4620a3e8924e85c13a01d28afe2c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7b:03:47:3d:f1:7b:72:5d:be:7a:5e:af:ec:
                    31:ac:ff:10:b3:53:74:04:b2:2c:fa:96:79:ce:7d:
                    1f:58:85:bd:1c:61:eb:f6:dc:4a:ff:04:e7:99:0b:
                    d8:88:fd:e0:ed:ff:b9:fb:c8:38:58:6d:ef:2c:ca:
                    3c:5c:a1:8b:a0:0a:db:bd:7d:1c:43:68:16:84:f5:
                    67:8c:81:2d:ac:24:9e:3e:a6:e7:8e:16:c2:ad:4a:
                    1c:37:49:f9:f1:94:67:2c:fe:f1:84:3f:7f:df:74:
                    a0:ef:96:2b:67:29:fe:e9:06:3c:41:c4:11:c9:40:
                    c7:cf:4d:96:f8:c2:1a:f5:a1:dc:ba:19:8e:77:d5:
                    98:56:ab:a6:7d:3b:fc:f7:42:85:d0:a0:39:bf:4e:
                    ac:cc:ea:c5:70:60:4d:fe:80:15:ad:aa:59:2c:9b:
                    da:26:cb:45:6d:87:64:f4:30:40:ec:43:f3:9e:0c:
                    01:c9:1b:f6:37:3e:31:8a:4d:24:fc:6f:5a:dd:7e:
                    53:d0:e6:e3:ec:d0:e5:a0:01:79:44:73:5d:05:5c:
                    77:d6:78:41:a3:be:b4:81:90:62:56:89:d0:6a:f8:
                    38:4e:a5:79:9c:1e:03:d0:12:f8:f9:8b:c3:95:06:
                    9c:90:00:36:1a:80:8e:a0:40:18:c2:15:13:ea:f9:
                    be:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:15:C6:5C:D6:E4:62:0A:3E:89:24:E8:5C:13:A0:1D:28:AF:E2:C6
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_hXGXNbkYgo-iSToXBOgHSiv4sY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:a1:8a:c3:01:3a:49:b3:15:aa:05:40:59:a6:9e:6a:50:57:
         83:43:79:cb:fd:43:82:ff:71:ac:d0:af:13:c6:05:e6:6c:1a:
         fd:3a:12:f1:dd:dd:ad:9a:a1:de:70:fb:ed:42:dd:2b:14:95:
         81:3c:06:cf:ad:c0:07:48:54:ff:f6:44:9f:8d:d4:8b:71:f8:
         90:f6:50:ca:90:d8:04:7f:be:65:7e:b8:6b:e6:69:5e:00:e5:
         b9:a1:f8:46:a3:45:06:97:f9:77:fe:8b:0e:c3:df:5c:5f:5f:
         bf:03:dd:10:ce:07:54:d1:c2:9a:2d:cb:b9:b8:43:71:2c:42:
         a5:73:30:59:5b:db:da:85:06:ad:cf:a9:35:13:17:64:61:83:
         27:83:60:08:52:a1:5f:6e:f1:51:da:a2:9a:37:ad:d3:81:b2:
         17:8b:fd:c0:71:85:03:e8:9d:9f:d2:bf:a0:3e:6f:31:ba:f7:
         e5:75:6a:9b:5c:2b:47:88:e0:d5:32:46:84:84:62:3d:b1:d3:
         96:eb:ba:6b:29:8a:62:a3:96:ae:5c:fd:44:89:15:0e:c3:19:
         cf:c5:16:65:7c:77:a2:8a:2a:f1:32:b9:82:8a:52:aa:84:9c:
         e7:8c:c0:58:0a:d7:e0:0d:e5:1a:ff:4d:77:d3:0a:ef:d2:78:
         09:2b:ab:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY02SQW1mQQkiejSdhsEBj6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwMTIzMTIyNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTE1YzY1Y2Q2ZTQ2MjBhM2U4OTI0ZTg1YzEzYTAxZDI4YWZlMmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnsDRz3xe3Jdvnper+wxrP8Qs1N0
BLIs+pZ5zn0fWIW9HGHr9txK/wTnmQvYiP3g7f+5+8g4WG3vLMo8XKGLoArbvX0c
Q2gWhPVnjIEtrCSePqbnjhbCrUocN0n58ZRnLP7xhD9/33Sg75YrZyn+6QY8QcQR
yUDHz02W+MIa9aHcuhmOd9WYVqumfTv890KF0KA5v06szOrFcGBN/oAVrapZLJva
JstFbYdk9DBA7EPzngwByRv2Nz4xik0k/G9a3X5T0Obj7NDloAF5RHNdBVx31nhB
o760gZBiVonQavg4TqV5nB4D0BL4+YvDlQackAA2GoCOoEAYwhUT6vm+EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4VxlzW5GIKPokk6FwToB0or+LGMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvX2hYR1hOYmtZZ28taVNUb1hCT2dIU2l2NHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8FMA0G
CSqGSIb3DQEBCwUAA4IBAQBPoYrDATpJsxWqBUBZpp5qUFeDQ3nL/UOC/3Gs0K8T
xgXmbBr9OhLx3d2tmqHecPvtQt0rFJWBPAbPrcAHSFT/9kSfjdSLcfiQ9lDKkNgE
f75lfrhr5mleAOW5ofhGo0UGl/l3/osOw99cX1+/A90QzgdU0cKaLcu5uENxLEKl
czBZW9vahQatz6k1ExdkYYMng2AIUqFfbvFR2qKaN63TgbIXi/3AcYUD6J2f0r+g
Pm8xuvfldWqbXCtHiODVMkaEhGI9sdOW67prKYpio5auXP1EiRUOwxnPxRZlfHei
iirxMrmCilKqhJznjMBYCtfgDeUa/0130wrv0ngJK6sk
-----END CERTIFICATE-----