Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/C5lG7bx0JeveIt3xno3eiHcG-54.roa
File:                     C5lG7bx0JeveIt3xno3eiHcG-54.roa (raw, json)
Hash identifier:          8NBlgWMLheEd0VWnzgwVSWsetIJzRhf8/vxfO8luj2k=
Subject key identifier:   0B:99:46:ED:BC:74:25:EB:DE:22:DD:F1:9E:8D:DE:88:77:06:FB:9E
Certificate issuer:       /CN=66f8206e3311df394f48389b8122b94aa1f0b05c
Certificate serial:       018E668C39E6F4F4E72910E1B63F29366E3C
Authority key identifier: 66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/C5lG7bx0JeveIt3xno3eiHcG-54.roa
Signing time:             Fri 22 Mar 2024 14:24:09 +0000
ROA not before:           Fri 22 Mar 2024 14:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215380
IP address blocks:        185.229.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:8c:39:e6:f4:f4:e7:29:10:e1:b6:3f:29:36:6e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f8206e3311df394f48389b8122b94aa1f0b05c
        Validity
            Not Before: Mar 22 14:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b9946edbc7425ebde22ddf19e8dde887706fb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a6:5f:36:5b:13:84:29:84:52:b9:ef:14:9f:
                    b8:c3:e7:01:14:09:30:0b:b6:33:04:5b:57:a7:a0:
                    69:39:13:72:0d:aa:ea:d9:88:cf:ce:b4:84:8c:b1:
                    37:83:5e:f5:9c:2c:4f:ce:78:5c:c6:ec:c5:26:72:
                    8b:1a:78:3b:7b:5e:19:2e:ac:11:da:80:27:a9:8b:
                    7e:17:81:c0:a8:23:c0:6a:a1:61:f9:78:60:3b:4a:
                    d5:f3:49:a4:2d:1a:8b:d4:75:19:c9:20:b6:e9:2c:
                    5b:89:8d:83:13:5a:9b:4c:4a:c3:59:96:07:5d:1d:
                    35:1b:f0:41:48:bf:c7:2c:55:ea:12:e0:13:2c:91:
                    82:04:c3:18:03:bd:0e:09:67:91:13:e5:fd:f4:47:
                    99:e4:fe:05:2d:6a:a7:1b:2d:73:fa:d5:31:ef:ed:
                    e4:88:02:0c:c8:35:54:97:09:fd:6c:07:a8:10:fb:
                    b7:9b:3d:43:8a:75:8d:50:d4:99:08:eb:74:41:06:
                    96:c4:9e:46:77:a5:0d:35:24:f4:63:1b:27:f0:b0:
                    52:03:05:61:46:9f:47:bb:6e:16:9a:96:88:ef:df:
                    eb:26:80:c3:8e:0f:2d:a8:0f:df:37:c7:57:14:79:
                    a0:2a:52:f7:c5:60:99:b1:e4:30:0a:ce:e8:12:ac:
                    0e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:99:46:ED:BC:74:25:EB:DE:22:DD:F1:9E:8D:DE:88:77:06:FB:9E
            X509v3 Authority Key Identifier:
                keyid:66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/C5lG7bx0JeveIt3xno3eiHcG-54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:a0:f3:8c:36:6e:3b:be:9b:f2:1b:35:0f:16:a3:8a:71:0f:
         df:eb:df:ba:38:ac:3a:02:8a:eb:cc:49:37:84:60:b8:ce:00:
         ca:4c:0d:c1:e9:2a:8e:3e:57:2c:ed:fc:d2:f6:9d:46:93:5e:
         4b:cc:2e:38:e8:1a:7c:e8:cd:3e:f8:63:56:6f:3c:0d:44:41:
         de:13:a3:c0:6b:68:85:07:2d:b5:19:2a:06:5c:57:10:8a:76:
         63:21:ed:42:ff:75:33:6a:cb:24:c5:5d:11:a5:a5:2b:e8:20:
         50:39:a3:33:85:1a:d8:b4:49:a9:96:9a:47:02:65:6f:4e:b7:
         00:be:ab:67:01:8f:df:b6:2e:f3:d0:8b:78:35:27:db:be:ba:
         63:f6:85:73:73:84:05:18:98:df:df:5f:52:02:8f:fc:be:7a:
         36:0e:ee:db:a3:eb:93:ce:b4:07:f1:ad:aa:01:53:b5:c8:8a:
         3d:51:a5:1d:7e:25:b3:3f:44:7d:b6:bf:d9:06:22:3e:48:cf:
         8e:38:ea:23:1e:7d:1c:4c:89:9e:75:57:14:2c:4f:c1:e1:a1:
         df:e7:c3:d8:65:ec:cf:86:fd:14:33:ad:92:1e:fd:a5:df:37:
         5c:b6:ae:d6:81:04:24:d1:92:60:92:ef:d7:d3:25:1b:6a:87:
         c1:13:6c:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mjDnm9PTnKRDhtj8pNm48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjgyMDZlMzMxMWRmMzk0ZjQ4Mzg5YjgxMjJiOTRhYTFm
MGIwNWMwHhcNMjQwMzIyMTQyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjk5NDZlZGJjNzQyNWViZGUyMmRkZjE5ZThkZGU4ODc3MDZmYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36ZfNlsThCmEUrnvFJ+4w+cBFAkw
C7YzBFtXp6BpORNyDarq2YjPzrSEjLE3g171nCxPznhcxuzFJnKLGng7e14ZLqwR
2oAnqYt+F4HAqCPAaqFh+XhgO0rV80mkLRqL1HUZySC26SxbiY2DE1qbTErDWZYH
XR01G/BBSL/HLFXqEuATLJGCBMMYA70OCWeRE+X99EeZ5P4FLWqnGy1z+tUx7+3k
iAIMyDVUlwn9bAeoEPu3mz1DinWNUNSZCOt0QQaWxJ5Gd6UNNST0Yxsn8LBSAwVh
Rp9Hu24WmpaI79/rJoDDjg8tqA/fN8dXFHmgKlL3xWCZseQwCs7oEqwOtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuZRu28dCXr3iLd8Z6N3oh3BvueMB8GA1UdIwQY
MBaAFGb4IG4zEd85T0g4m4EiuUqh8LBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgt
YmJmZDQ1Yzg0YmVhLzEvQzVsRzdieDBKZXZlSXQzeG5vM2VpSGNHLTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgtYmJmZDQ1Yzg0YmVh
LzEvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUgMA0G
CSqGSIb3DQEBCwUAA4IBAQA3oPOMNm47vpvyGzUPFqOKcQ/f69+6OKw6AorrzEk3
hGC4zgDKTA3B6SqOPlcs7fzS9p1Gk15LzC446Bp86M0++GNWbzwNREHeE6PAa2iF
By21GSoGXFcQinZjIe1C/3UzasskxV0RpaUr6CBQOaMzhRrYtEmplppHAmVvTrcA
vqtnAY/fti7z0It4NSfbvrpj9oVzc4QFGJjf319SAo/8vno2Du7bo+uTzrQH8a2q
AVO1yIo9UaUdfiWzP0R9tr/ZBiI+SM+OOOojHn0cTImedVcULE/B4aHf58PYZezP
hv0UM62SHv2l3zdctq7WgQQk0ZJgku/X0yUbaofBE2yy
-----END CERTIFICATE-----