Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/XIayUu2C62hwdRNhnKrB9VYomZ0.roa
File:                     XIayUu2C62hwdRNhnKrB9VYomZ0.roa (raw, json)
Hash identifier:          kuV/UXmInbcFbXhlPFftVp7zRawdtjmfM+9dJArQ0jQ=
Subject key identifier:   5C:86:B2:52:ED:82:EB:68:70:75:13:61:9C:AA:C1:F5:56:28:99:9D
Certificate issuer:       /CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
Certificate serial:       018CC3B6BBF8B1FB6D879C31F68E781EB558
Authority key identifier: 1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/XIayUu2C62hwdRNhnKrB9VYomZ0.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209014
IP address blocks:        185.128.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bb:f8:b1:fb:6d:87:9c:31:f6:8e:78:1e:b5:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c86b252ed82eb68707513619caac1f55628999d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:99:37:8f:4f:a6:f3:47:d0:4d:59:d6:77:5d:
                    65:77:d3:b0:51:26:76:6b:56:a0:70:90:d5:56:54:
                    69:92:71:5e:61:07:21:f6:86:35:a1:de:e9:9a:8c:
                    f6:59:f5:45:25:78:75:7b:22:63:ce:09:54:d1:7c:
                    88:a7:c5:0a:1a:01:54:6c:ed:aa:4e:4c:9d:2a:4d:
                    36:a6:c1:bb:6e:f2:ce:f6:0c:c3:c9:ff:71:e6:48:
                    8e:77:b1:ed:03:04:0f:36:40:62:d0:67:96:4e:3c:
                    27:3c:58:92:e4:e9:90:a0:1e:82:ad:39:ab:4f:12:
                    59:8c:60:f4:a2:7d:a7:17:45:10:e3:8c:e1:b6:e2:
                    d4:64:8b:e2:01:9c:3d:79:4d:0c:f6:64:8d:c7:2f:
                    97:77:81:e7:51:49:19:bd:68:7f:d8:86:2c:2f:27:
                    20:81:03:26:07:80:59:6b:3a:d9:f4:51:20:b5:71:
                    ee:2a:9c:a0:88:ff:ab:47:35:24:56:91:fd:90:10:
                    bb:94:46:11:3f:09:60:15:20:73:54:ce:ad:1f:62:
                    7c:16:48:d3:7e:ec:f8:a1:6b:38:51:fa:d9:de:99:
                    fe:8b:e4:fc:a3:bb:fb:e8:4b:81:ba:d3:cd:73:4d:
                    a3:62:5f:5a:3f:89:01:87:1a:16:e3:b9:95:03:99:
                    25:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:86:B2:52:ED:82:EB:68:70:75:13:61:9C:AA:C1:F5:56:28:99:9D
            X509v3 Authority Key Identifier:
                keyid:1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/XIayUu2C62hwdRNhnKrB9VYomZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:48:a6:17:ad:81:5f:81:da:14:08:9d:bc:7b:9f:39:70:31:
         24:fd:e3:67:1f:0c:97:ef:6c:f3:d3:0e:c9:62:c3:c4:ba:de:
         6d:26:70:d4:72:1c:f0:84:1d:a0:95:75:4a:46:ac:60:30:0b:
         2d:61:db:ad:a7:91:0b:1c:4c:4b:c1:3f:4f:35:11:ad:5d:3c:
         2b:69:0c:5c:61:16:f6:ab:d8:c8:56:98:5d:10:f7:e4:7a:87:
         bd:bb:ae:1a:4a:0f:98:99:e7:10:18:62:f3:c5:41:52:55:31:
         51:7f:eb:5b:d8:17:01:78:e3:6c:d2:ba:33:3f:d8:30:c2:12:
         bc:95:33:39:08:d7:4e:cc:9c:91:09:ca:0b:83:d1:a8:83:4d:
         43:57:43:f2:c7:86:6d:c6:7c:b2:b7:e6:ef:91:90:3b:91:67:
         c2:27:18:b2:e3:72:3c:3a:e5:be:57:ff:76:6f:17:d6:36:71:
         f1:b8:be:e8:d8:49:cb:e9:87:ee:15:8b:e4:54:43:4e:50:3f:
         f2:ce:20:57:08:b3:73:12:bc:5e:42:e1:b1:58:af:aa:5e:1f:
         41:29:2f:19:ec:3f:f8:e2:f3:5d:b5:c1:b0:12:3f:0f:64:0a:
         23:c2:51:9c:29:b1:d5:6c:d2:84:c3:60:c0:0b:a1:e5:fa:bf:
         d7:6c:0a:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrv4sftth5wx9o54HrVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjE2YTNjZjgxMTY3MjFhZmFkOGMxZTViM2U4M2EyOTU5
Y2ViOTkwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzg2YjI1MmVkODJlYjY4NzA3NTEzNjE5Y2FhYzFmNTU2Mjg5OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJk3j0+m80fQTVnWd11ld9OwUSZ2
a1agcJDVVlRpknFeYQch9oY1od7pmoz2WfVFJXh1eyJjzglU0XyIp8UKGgFUbO2q
TkydKk02psG7bvLO9gzDyf9x5kiOd7HtAwQPNkBi0GeWTjwnPFiS5OmQoB6CrTmr
TxJZjGD0on2nF0UQ44zhtuLUZIviAZw9eU0M9mSNxy+Xd4HnUUkZvWh/2IYsLycg
gQMmB4BZazrZ9FEgtXHuKpygiP+rRzUkVpH9kBC7lEYRPwlgFSBzVM6tH2J8FkjT
fuz4oWs4UfrZ3pn+i+T8o7v76EuButPNc02jYl9aP4kBhxoW47mVA5klBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyGslLtgutocHUTYZyqwfVWKJmdMB8GA1UdIwQY
MBaAFBrxajz4EWchr62MHls+g6KVnOuZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgt
MWRjMmE1MjM2OGMxLzEvWElheVV1MkM2Mmh3ZFJOaG5LckI5VllvbVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgtMWRjMmE1MjM2OGMx
LzEvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDhMA0G
CSqGSIb3DQEBCwUAA4IBAQBuSKYXrYFfgdoUCJ28e585cDEk/eNnHwyX72zz0w7J
YsPEut5tJnDUchzwhB2glXVKRqxgMAstYdutp5ELHExLwT9PNRGtXTwraQxcYRb2
q9jIVphdEPfkeoe9u64aSg+YmecQGGLzxUFSVTFRf+tb2BcBeONs0rozP9gwwhK8
lTM5CNdOzJyRCcoLg9Gog01DV0Pyx4Ztxnyyt+bvkZA7kWfCJxiy43I8OuW+V/92
bxfWNnHxuL7o2EnL6YfuFYvkVENOUD/yziBXCLNzErxeQuGxWK+qXh9BKS8Z7D/4
4vNdtcGwEj8PZAojwlGcKbHVbNKEw2DAC6Hl+r/XbArH
-----END CERTIFICATE-----