Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/zmBhEe6G9U1599jVEFw8wusHNDQ.roa
File:                     zmBhEe6G9U1599jVEFw8wusHNDQ.roa (raw, json)
Hash identifier:          XeqbZWQCFUM7QXNVWUxMIPVFjN9gyZBOvIIuO4a6/CE=
Subject key identifier:   CE:60:61:11:EE:86:F5:4D:79:F7:D8:D5:10:5C:3C:C2:EB:07:34:34
Certificate issuer:       /CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
Certificate serial:       0191BCE0018185F0A9C29D8DC64EA5EABB9C
Authority key identifier: 1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/zmBhEe6G9U1599jVEFw8wusHNDQ.roa
Signing time:             Wed 04 Sep 2024 11:51:22 +0000
ROA not before:           Wed 04 Sep 2024 11:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58323
IP address blocks:        185.128.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:e0:01:81:85:f0:a9:c2:9d:8d:c6:4e:a5:ea:bb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
        Validity
            Not Before: Sep  4 11:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce606111ee86f54d79f7d8d5105c3cc2eb073434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:56:a0:3f:2c:2e:62:c9:84:b3:da:6b:90:bc:
                    60:6a:01:d4:2c:0d:67:31:f0:4e:96:62:dc:e6:9d:
                    e8:8e:ee:64:1d:8f:aa:13:9f:56:57:14:7c:49:8e:
                    02:6b:dd:3b:e4:cf:d0:ce:4e:6f:7a:d6:f9:a3:6d:
                    0f:b5:25:75:53:9e:e8:57:4c:8c:cd:4a:c4:d3:b1:
                    49:a2:ab:e3:99:f4:b9:1f:61:c5:bf:bb:92:e7:c1:
                    8c:1f:ec:50:a1:e5:f9:95:79:28:db:b3:a1:dd:14:
                    f4:68:28:74:8f:67:f8:7e:8c:aa:33:bc:65:e5:54:
                    f7:74:6b:b6:2a:3e:90:75:0e:30:4a:53:1a:38:52:
                    4c:05:dd:7c:36:72:7d:c0:b7:86:c7:e6:3b:9e:3e:
                    78:46:67:82:12:82:7a:5b:76:fb:56:a1:38:5d:9a:
                    a2:fe:9a:58:46:cc:44:84:2a:5f:43:e2:ba:77:a2:
                    7c:d3:5e:71:d0:25:03:53:11:2e:20:72:f8:71:f3:
                    7d:da:2c:bf:f2:c7:81:69:7b:a5:90:68:d8:51:49:
                    40:99:63:1c:a0:9d:c5:9f:ff:a5:69:71:16:64:af:
                    72:45:c2:cd:c9:64:38:23:fe:f1:32:f9:6e:c8:bf:
                    a3:94:b6:8c:ce:da:71:ed:e3:dc:e1:1a:93:d6:29:
                    a3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:60:61:11:EE:86:F5:4D:79:F7:D8:D5:10:5C:3C:C2:EB:07:34:34
            X509v3 Authority Key Identifier:
                keyid:1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/zmBhEe6G9U1599jVEFw8wusHNDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:5a:ec:10:a9:21:43:1d:84:56:1c:ab:77:a5:1a:8d:81:2a:
         6f:cd:e1:2d:1f:d5:0c:42:f2:52:54:e1:9d:56:cc:06:57:7b:
         0d:75:95:3b:bd:d4:b8:39:7a:d8:5d:7a:17:9c:57:16:72:28:
         0b:5a:45:21:99:64:53:8a:59:36:98:25:04:f5:f1:20:41:57:
         94:2f:b0:03:54:e4:44:1a:76:69:d5:5a:f5:7b:c0:98:3d:48:
         f9:fc:87:39:a3:e0:be:6c:09:f4:c1:4b:90:2e:99:9a:d6:09:
         2c:88:e4:4a:ec:41:df:17:18:3c:3d:22:08:c8:1a:b0:de:3c:
         1f:71:a1:9b:71:4a:3f:8c:c7:4e:33:46:a1:1f:92:b0:e2:e4:
         87:71:e6:ae:d7:e0:f8:78:c0:2c:dd:d2:85:fe:10:64:ad:0c:
         e4:fa:6e:88:c4:92:26:42:d0:e5:21:5b:27:99:95:c9:32:7c:
         df:2f:68:5b:ba:d3:5e:07:48:2a:24:8d:78:55:0c:59:8d:24:
         93:0e:d9:21:35:00:1b:5d:9c:83:dd:64:b8:32:6b:5f:bf:a3:
         6a:ed:7f:8d:ca:36:f8:54:fe:0a:b5:56:73:96:f4:6d:4d:b8:
         cc:b6:d8:22:fb:62:85:bb:8b:39:6b:e5:81:49:08:2a:a3:8c:
         7f:25:da:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG84AGBhfCpwp2Nxk6l6rucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjE2YTNjZjgxMTY3MjFhZmFkOGMxZTViM2U4M2EyOTU5
Y2ViOTkwHhcNMjQwOTA0MTE1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTYwNjExMWVlODZmNTRkNzlmN2Q4ZDUxMDVjM2NjMmViMDczNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlagPywuYsmEs9prkLxgagHULA1n
MfBOlmLc5p3oju5kHY+qE59WVxR8SY4Ca9075M/Qzk5vetb5o20PtSV1U57oV0yM
zUrE07FJoqvjmfS5H2HFv7uS58GMH+xQoeX5lXko27Oh3RT0aCh0j2f4foyqM7xl
5VT3dGu2Kj6QdQ4wSlMaOFJMBd18NnJ9wLeGx+Y7nj54RmeCEoJ6W3b7VqE4XZqi
/ppYRsxEhCpfQ+K6d6J8015x0CUDUxEuIHL4cfN92iy/8seBaXulkGjYUUlAmWMc
oJ3Fn/+laXEWZK9yRcLNyWQ4I/7xMvluyL+jlLaMztpx7ePc4RqT1imjLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5gYRHuhvVNeffY1RBcPMLrBzQ0MB8GA1UdIwQY
MBaAFBrxajz4EWchr62MHls+g6KVnOuZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgt
MWRjMmE1MjM2OGMxLzEvem1CaEVlNkc5VTE1OTlqVkVGdzh3dXNITkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgtMWRjMmE1MjM2OGMx
LzEvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDhMA0G
CSqGSIb3DQEBCwUAA4IBAQB/WuwQqSFDHYRWHKt3pRqNgSpvzeEtH9UMQvJSVOGd
VswGV3sNdZU7vdS4OXrYXXoXnFcWcigLWkUhmWRTilk2mCUE9fEgQVeUL7ADVORE
GnZp1Vr1e8CYPUj5/Ic5o+C+bAn0wUuQLpma1gksiORK7EHfFxg8PSIIyBqw3jwf
caGbcUo/jMdOM0ahH5Kw4uSHceau1+D4eMAs3dKF/hBkrQzk+m6IxJImQtDlIVsn
mZXJMnzfL2hbutNeB0gqJI14VQxZjSSTDtkhNQAbXZyD3WS4Mmtfv6Nq7X+Nyjb4
VP4KtVZzlvRtTbjMttgi+2KFu4s5a+WBSQgqo4x/Jdq7
-----END CERTIFICATE-----