Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/x__IpEA6u7M8OdiN4GCNRCPzGls.roa
File:                     x__IpEA6u7M8OdiN4GCNRCPzGls.roa (raw, json)
Hash identifier:          JVje4Mbt4we8TpiGHbDSoHqbC/RFPmHKqDhMlvKisKE=
Subject key identifier:   C7:FF:C8:A4:40:3A:BB:B3:3C:39:D8:8D:E0:60:8D:44:23:F3:1A:5B
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AEE50DA2EBD8A207466505A454382
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/x__IpEA6u7M8OdiN4GCNRCPzGls.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212567
IP address blocks:        5.1.66.0/24 maxlen: 32
                          185.150.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ee:50:da:2e:bd:8a:20:74:66:50:5a:45:43:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7ffc8a4403abbb33c39d88de0608d4423f31a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ad:42:dd:b8:47:93:eb:20:fb:4c:2f:98:54:
                    1a:dd:6d:0d:90:a9:e3:cc:8a:26:2c:d5:b4:c4:8e:
                    97:3d:8d:54:7b:0e:3e:95:d5:20:8c:0a:d8:b7:65:
                    7d:30:1a:41:c7:d4:65:4c:a5:4b:bc:54:e5:1e:4f:
                    4f:d5:e4:76:64:34:0a:9f:41:c6:d0:37:57:f6:cd:
                    86:65:e8:a1:dc:fd:31:db:e3:78:f0:c5:aa:f7:bc:
                    cb:2c:05:65:eb:98:e4:bf:6f:a7:27:61:b6:b7:1d:
                    f8:eb:70:fa:6b:d1:34:7c:46:6a:9d:0e:69:a5:e9:
                    e2:38:04:83:5a:38:04:6a:70:d5:7f:bc:9f:82:bf:
                    42:fd:8f:cf:45:b0:78:05:4f:f4:37:e0:e9:cc:c3:
                    c6:1c:f6:6a:b3:55:a4:f1:9f:03:a4:4f:de:77:99:
                    21:64:3b:b2:65:47:80:11:4e:f7:b7:0c:60:1a:c8:
                    6b:1b:3b:d4:6f:e5:eb:cb:c7:15:e6:9b:bb:3c:87:
                    a8:0d:60:30:1e:f5:da:e1:ec:d1:a1:18:42:75:b9:
                    ec:b8:da:7e:5f:ab:a2:60:ed:e0:17:1a:74:6c:30:
                    ef:23:0f:bc:5f:36:68:55:03:cd:49:7d:9e:01:91:
                    1d:dd:07:d4:2a:76:83:13:6c:88:8f:a4:c8:bb:93:
                    08:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:FF:C8:A4:40:3A:BB:B3:3C:39:D8:8D:E0:60:8D:44:23:F3:1A:5B
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/x__IpEA6u7M8OdiN4GCNRCPzGls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.66.0/24
                  185.150.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:17:7a:c3:d1:40:f8:c3:81:09:19:12:f1:f6:c7:b4:b6:d9:
         7e:11:6d:e8:28:a6:e7:cc:9c:8e:f7:59:7c:fc:e3:80:10:ff:
         e4:c2:b5:be:6f:32:9d:44:1a:12:2e:c8:96:ee:df:cc:33:0d:
         f8:c6:39:4f:f0:a8:20:e6:85:49:27:e7:4d:54:a7:59:c9:cf:
         11:7f:ad:83:42:f3:e7:3f:b3:a3:f8:54:ae:bf:e6:0a:c7:11:
         2a:b6:17:a5:3a:18:cc:de:c6:28:6a:cf:6a:a0:70:66:62:50:
         11:67:a7:3c:9f:06:5c:96:1c:da:8e:91:8b:1f:f5:1e:be:09:
         de:c4:62:a6:89:e4:91:88:47:e4:b6:8b:ee:45:54:2e:5e:62:
         21:d8:9e:0d:14:86:c5:5c:76:f7:02:87:1a:2f:b0:f7:5b:47:
         f1:34:bb:3c:c5:7d:b0:ab:3f:b6:34:a7:2c:1d:c2:ee:3d:35:
         6e:4e:63:d1:17:11:0e:17:60:96:67:9a:7a:c6:64:c4:f2:5e:
         40:23:10:0b:f6:ea:5c:84:3e:b0:05:46:65:5f:84:b0:f9:7b:
         a8:55:fb:44:6c:78:79:60:71:e0:8a:71:6e:d4:ab:b7:46:8b:
         31:09:ce:72:7f:ec:85:35:01:71:c8:3b:49:53:d4:25:b5:2a:
         aa:5b:6a:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSu5Q2i69iiB0ZlBaRUOCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ZmYzhhNDQwM2FiYmIzM2MzOWQ4OGRlMDYwOGQ0NDIzZjMxYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq1C3bhHk+sg+0wvmFQa3W0NkKnj
zIomLNW0xI6XPY1Uew4+ldUgjArYt2V9MBpBx9RlTKVLvFTlHk9P1eR2ZDQKn0HG
0DdX9s2GZeih3P0x2+N48MWq97zLLAVl65jkv2+nJ2G2tx3463D6a9E0fEZqnQ5p
peniOASDWjgEanDVf7yfgr9C/Y/PRbB4BU/0N+DpzMPGHPZqs1Wk8Z8DpE/ed5kh
ZDuyZUeAEU73twxgGshrGzvUb+Xry8cV5pu7PIeoDWAwHvXa4ezRoRhCdbnsuNp+
X6uiYO3gFxp0bDDvIw+8XzZoVQPNSX2eAZEd3QfUKnaDE2yIj6TIu5MI+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMf/yKRAOruzPDnYjeBgjUQj8xpbMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEveF9fSXBFQTZ1N004T2RpTjRHQ05SQ1B6R2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQFCAwQA
uZZjMA0GCSqGSIb3DQEBCwUAA4IBAQBqF3rD0UD4w4EJGRLx9se0ttl+EW3oKKbn
zJyO91l8/OOAEP/kwrW+bzKdRBoSLsiW7t/MMw34xjlP8Kgg5oVJJ+dNVKdZyc8R
f62DQvPnP7Oj+FSuv+YKxxEqthelOhjM3sYoas9qoHBmYlARZ6c8nwZclhzajpGL
H/UevgnexGKmieSRiEfktovuRVQuXmIh2J4NFIbFXHb3AocaL7D3W0fxNLs8xX2w
qz+2NKcsHcLuPTVuTmPRFxEOF2CWZ5p6xmTE8l5AIxAL9upchD6wBUZlX4Sw+Xuo
VftEbHh5YHHginFu1Ku3RosxCc5yf+yFNQFxyDtJU9QltSqqW2pq
-----END CERTIFICATE-----