Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/1-C3-WRlAd7e9wQqP2qsRXkzlvP0.roa
File:                     1-C3-WRlAd7e9wQqP2qsRXkzlvP0.roa (raw, json)
Hash identifier:          OWpCl97jKV/Mw3cRdzPqC15vk+2F2AJ7OPTRm6tSLKM=
Subject key identifier:   F8:2D:FE:59:19:40:77:B7:BD:C1:0A:8F:DA:AB:11:5E:4C:E5:BC:FD
Certificate issuer:       /CN=de51da32762a6f9c126d63ba705d62c050b8484e
Certificate serial:       018CC8DF1908244E3641D5EE7C9409E54275
Authority key identifier: DE:51:DA:32:76:2A:6F:9C:12:6D:63:BA:70:5D:62:C0:50:B8:48:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/1-C3-WRlAd7e9wQqP2qsRXkzlvP0.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205914
IP address blocks:        185.72.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:19:08:24:4e:36:41:d5:ee:7c:94:09:e5:42:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de51da32762a6f9c126d63ba705d62c050b8484e
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f82dfe59194077b7bdc10a8fdaab115e4ce5bcfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:0c:6a:bc:c2:b7:fa:11:01:6f:9c:60:86:
                    88:cc:93:3a:35:66:73:86:61:b3:e7:d9:7f:fc:24:
                    d3:a9:28:35:9e:c9:c9:9c:a5:e8:b7:5c:6e:e3:44:
                    7b:71:83:e9:cc:b4:0b:25:d0:dc:0b:fd:9b:f0:b3:
                    ca:41:b4:a1:40:ca:35:78:ef:03:f2:27:13:99:fa:
                    98:cf:ab:f0:f7:4f:1a:12:e4:dc:ad:00:55:7d:3f:
                    50:88:65:71:8c:d9:31:b1:64:ee:e6:a5:f3:05:68:
                    79:e6:c1:3d:8b:c8:2e:de:40:0c:d2:73:52:bf:dc:
                    0a:e0:9f:ff:7f:f2:48:8e:de:7e:21:da:ea:57:29:
                    1c:67:9b:3e:9f:df:eb:ad:88:44:b5:9d:19:ce:ae:
                    86:ed:d9:d2:14:fe:81:df:01:f1:57:d5:42:79:27:
                    13:02:9a:00:2e:2f:1f:62:23:33:52:68:b4:07:66:
                    6a:7b:c3:b8:3d:57:af:13:b4:67:3c:51:bf:2b:9c:
                    c4:aa:a2:47:2d:d3:68:29:0e:38:53:d0:38:ba:6c:
                    0c:89:dd:76:50:46:b6:48:87:22:9b:1f:6c:69:44:
                    f5:8b:dd:dd:b1:f5:b6:89:c3:2a:d2:59:aa:b1:ca:
                    f8:ba:27:e4:ff:af:67:ce:aa:3d:55:e6:e6:d7:16:
                    24:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:2D:FE:59:19:40:77:B7:BD:C1:0A:8F:DA:AB:11:5E:4C:E5:BC:FD
            X509v3 Authority Key Identifier:
                keyid:DE:51:DA:32:76:2A:6F:9C:12:6D:63:BA:70:5D:62:C0:50:B8:48:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/1-C3-WRlAd7e9wQqP2qsRXkzlvP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:89:3e:18:de:a6:60:20:57:3e:27:f8:72:6b:a8:a3:db:ef:
         4e:90:2b:9b:eb:16:35:51:64:3e:28:8f:dc:93:c5:4c:e9:a6:
         1c:3a:54:ac:53:ab:16:3f:a7:b7:a5:d7:a0:c3:e0:31:d3:bb:
         df:8e:12:78:13:78:4f:93:fe:c3:90:79:81:0d:e0:a7:b1:3b:
         48:4c:90:f9:5b:04:e2:4b:17:f5:d4:29:2b:06:db:54:c7:df:
         2c:a1:59:a1:aa:06:9b:90:83:4d:b2:b1:23:58:c1:ba:6b:11:
         9e:3f:d3:2b:5d:a5:ff:6d:6c:88:a8:11:f1:0b:7e:ad:05:65:
         63:8f:2d:e5:ba:f9:a1:19:72:95:f2:f9:0f:91:ff:b3:2e:6e:
         de:b7:18:89:45:dc:07:4b:f2:ad:f7:87:e1:2b:01:6c:20:07:
         6f:21:7a:f2:65:fd:6e:3e:d1:d0:14:a1:ee:33:38:03:72:8f:
         c8:2f:ae:16:68:51:38:ec:42:32:e4:60:cf:cc:ff:35:b2:3e:
         e6:e7:c1:78:de:0a:ca:2f:ac:89:74:eb:c2:e9:20:62:d3:f3:
         85:88:ea:c2:2c:5c:94:ce:21:b1:1c:3e:3d:29:b0:39:e6:a3:
         87:84:cb:4e:61:83:fb:b7:5c:68:7c:e0:77:f2:5c:b7:e1:c0:
         8e:1e:55:f8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3xkIJE42QdXufJQJ5UJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNTFkYTMyNzYyYTZmOWMxMjZkNjNiYTcwNWQ2MmMwNTBi
ODQ4NGUwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODJkZmU1OTE5NDA3N2I3YmRjMTBhOGZkYWFiMTE1ZTRjZTViY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ8MarzCt/oRAW+cYIaIzJM6NWZz
hmGz59l//CTTqSg1nsnJnKXot1xu40R7cYPpzLQLJdDcC/2b8LPKQbShQMo1eO8D
8icTmfqYz6vw908aEuTcrQBVfT9QiGVxjNkxsWTu5qXzBWh55sE9i8gu3kAM0nNS
v9wK4J//f/JIjt5+IdrqVykcZ5s+n9/rrYhEtZ0Zzq6G7dnSFP6B3wHxV9VCeScT
ApoALi8fYiMzUmi0B2Zqe8O4PVevE7RnPFG/K5zEqqJHLdNoKQ44U9A4umwMid12
UEa2SIcimx9saUT1i93dsfW2icMq0lmqscr4uifk/69nzqo9Vebm1xYk4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgt/lkZQHe3vcEKj9qrEV5M5bz9MB8GA1UdIwQY
MBaAFN5R2jJ2Km+cEm1junBdYsBQuEhOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2xIYU1uWXFiNXdTYldPNmNGMWl3RkM0U0U0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9mNzBkYjQtNjJlYS00OWRiLTgzMTkt
Y2RmYTYwMTIyNjkwLzEvMS1DMy1XUmxBZDdlOXdRcVAycXNSWGt6bHZQMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2QvZjcwZGI0LTYyZWEtNDlkYi04MzE5LWNkZmE2MDEyMjY5
MC8xLzNsSGFNbllxYjV3U2JXTzZjRjFpd0ZDNFNFNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlIEzAN
BgkqhkiG9w0BAQsFAAOCAQEAV4k+GN6mYCBXPif4cmuoo9vvTpArm+sWNVFkPiiP
3JPFTOmmHDpUrFOrFj+nt6XXoMPgMdO7344SeBN4T5P+w5B5gQ3gp7E7SEyQ+VsE
4ksX9dQpKwbbVMffLKFZoaoGm5CDTbKxI1jBumsRnj/TK12l/21siKgR8Qt+rQVl
Y48t5br5oRlylfL5D5H/sy5u3rcYiUXcB0vyrfeH4SsBbCAHbyF68mX9bj7R0BSh
7jM4A3KPyC+uFmhROOxCMuRgz8z/NbI+5ufBeN4Kyi+siXTrwukgYtPzhYjqwixc
lM4hsRw+PSmwOeajh4TLTmGD+7dcaHzgd/Jct+HAjh5V+A==
-----END CERTIFICATE-----