Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/PK0SiIWgo6NdE4wX9YWDsnC4pEI.roa
File:                     PK0SiIWgo6NdE4wX9YWDsnC4pEI.roa (raw, json)
Hash identifier:          sGjFWGkpvRoDzhW2nZuOQS/SvCdR9gCi5vG7QqDhtmA=
Subject key identifier:   3C:AD:12:88:85:A0:A3:A3:5D:13:8C:17:F5:85:83:B2:70:B8:A4:42
Certificate issuer:       /CN=53787cd7946e10d88646ac79de57cc6ec59e4132
Certificate serial:       018CC500977ABD62F12E68D046C309147273
Authority key identifier: 53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/PK0SiIWgo6NdE4wX9YWDsnC4pEI.roa
Signing time:             Mon 01 Jan 2024 12:29:59 +0000
ROA not before:           Mon 01 Jan 2024 12:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.54.124.0/24 maxlen: 24
                          185.54.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:97:7a:bd:62:f1:2e:68:d0:46:c3:09:14:72:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53787cd7946e10d88646ac79de57cc6ec59e4132
        Validity
            Not Before: Jan  1 12:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cad128885a0a3a35d138c17f58583b270b8a442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:3f:bb:de:05:05:32:63:de:c5:30:89:d3:
                    52:1c:ff:64:cb:85:b2:1c:68:26:e1:6f:d4:d5:dc:
                    76:60:29:76:4b:7a:d6:60:7b:d5:d7:45:1c:cd:19:
                    a7:ed:09:bd:9c:25:f5:a5:e3:81:a8:17:e3:db:72:
                    1b:b1:30:3c:24:f0:7f:c7:34:13:4d:c9:c9:72:d9:
                    78:83:c6:ee:b9:e4:4f:e8:7b:7f:a1:1c:7f:ef:d8:
                    d8:9e:ac:2c:7f:66:42:e6:c6:3e:e7:f0:2d:27:8a:
                    4d:8f:79:7e:36:66:53:dd:d5:2f:6a:94:d9:7a:2b:
                    14:bc:99:a7:68:73:4b:ef:a4:46:53:9b:e0:6c:56:
                    3f:c0:a3:e6:64:7e:e7:09:1a:07:db:53:2b:24:0e:
                    76:e9:c0:51:80:a4:d1:cd:55:7e:f7:b2:03:37:83:
                    82:79:1e:cd:0a:5d:a9:4e:02:52:1e:42:36:c8:d8:
                    90:65:65:08:0e:3a:4e:cd:e3:66:1a:ed:8b:af:18:
                    29:e0:27:4c:d7:8b:b0:9e:4a:9c:21:1a:11:49:3b:
                    a8:eb:99:c0:e6:ff:37:cb:1c:9f:1b:93:29:59:3e:
                    e2:4a:38:63:df:d8:a3:5a:fc:80:82:1a:c8:e1:e0:
                    2a:e8:31:07:ae:b5:e2:4c:a5:98:0f:07:e9:0d:01:
                    a1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:AD:12:88:85:A0:A3:A3:5D:13:8C:17:F5:85:83:B2:70:B8:A4:42
            X509v3 Authority Key Identifier:
                keyid:53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/PK0SiIWgo6NdE4wX9YWDsnC4pEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.124.0/24
                  185.54.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:ef:0f:0e:d0:fb:5b:4f:75:6b:b4:f6:8d:f1:50:99:d9:21:
         6c:91:57:0b:de:41:51:c1:c2:0e:c2:76:75:12:8d:ad:f1:56:
         ca:d7:42:b2:4d:ed:ef:5f:0a:55:dd:54:8b:1a:12:41:db:77:
         3f:55:73:a7:7a:41:9c:d4:7e:e7:4e:36:f9:c1:7d:81:62:4c:
         c2:26:8b:36:9f:ea:28:bc:92:ec:a8:30:7d:ee:ec:af:27:cf:
         ee:94:fb:5c:7a:c1:18:85:e7:3e:3c:ea:37:85:91:42:92:ff:
         37:eb:cd:53:07:7e:22:d6:60:f5:c3:39:d4:03:cb:dd:0c:69:
         c3:20:a8:8c:b8:bf:e3:59:bd:cf:a7:96:81:d9:ee:21:a8:f0:
         d8:cc:91:49:80:83:b4:2d:ce:4d:02:37:09:ac:ba:d7:10:e5:
         5b:c5:23:2b:08:ac:3b:46:35:db:fe:3a:39:00:8f:79:3f:19:
         55:a4:49:6e:28:68:b4:3c:fd:03:ee:4d:83:8e:9b:18:1b:3a:
         71:b0:9c:87:20:aa:3c:5c:25:43:3f:a0:ff:22:26:67:81:65:
         c4:a2:14:ae:38:e0:83:80:e2:99:56:60:0e:2d:7b:31:0b:04:
         08:36:6a:65:0f:78:73:c4:c9:22:b4:cb:3d:29:8d:13:25:93:
         50:ee:ee:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAJd6vWLxLmjQRsMJFHJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzg3Y2Q3OTQ2ZTEwZDg4NjQ2YWM3OWRlNTdjYzZlYzU5
ZTQxMzIwHhcNMjQwMTAxMTIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FkMTI4ODg1YTBhM2EzNWQxMzhjMTdmNTg1ODNiMjcwYjhhNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjw/u94FBTJj3sUwidNSHP9ky4Wy
HGgm4W/U1dx2YCl2S3rWYHvV10UczRmn7Qm9nCX1peOBqBfj23IbsTA8JPB/xzQT
TcnJctl4g8buueRP6Ht/oRx/79jYnqwsf2ZC5sY+5/AtJ4pNj3l+NmZT3dUvapTZ
eisUvJmnaHNL76RGU5vgbFY/wKPmZH7nCRoH21MrJA526cBRgKTRzVV+97IDN4OC
eR7NCl2pTgJSHkI2yNiQZWUIDjpOzeNmGu2Lrxgp4CdM14uwnkqcIRoRSTuo65nA
5v83yxyfG5MpWT7iSjhj39ijWvyAghrI4eAq6DEHrrXiTKWYDwfpDQGhNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDytEoiFoKOjXROMF/WFg7JwuKRCMB8GA1UdIwQY
MBaAFFN4fNeUbhDYhkased5XzG7FnkEyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAt
NTIzZmQ4NmEwN2M3LzEvUEswU2lJV2dvNk5kRTR3WDlZV0RzbkM0cEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAtNTIzZmQ4NmEwN2M3
LzEvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTZ8AwQA
uTZ+MA0GCSqGSIb3DQEBCwUAA4IBAQDU7w8O0PtbT3VrtPaN8VCZ2SFskVcL3kFR
wcIOwnZ1Eo2t8VbK10KyTe3vXwpV3VSLGhJB23c/VXOnekGc1H7nTjb5wX2BYkzC
Jos2n+oovJLsqDB97uyvJ8/ulPtcesEYhec+POo3hZFCkv83681TB34i1mD1wznU
A8vdDGnDIKiMuL/jWb3Pp5aB2e4hqPDYzJFJgIO0Lc5NAjcJrLrXEOVbxSMrCKw7
RjXb/jo5AI95PxlVpEluKGi0PP0D7k2DjpsYGzpxsJyHIKo8XCVDP6D/IiZngWXE
ohSuOOCDgOKZVmAOLXsxCwQINmplD3hzxMkitMs9KY0TJZNQ7u4H
-----END CERTIFICATE-----