Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/vX5101xnxHIx1jeLVj591XJ8Ikc.roa
File:                     vX5101xnxHIx1jeLVj591XJ8Ikc.roa (raw, json)
Hash identifier:          4IZEZMSx26KemhJQGF99gigndqt+5CkwjlPeZas5QAQ=
Subject key identifier:   BD:7E:75:D3:5C:67:C4:72:31:D6:37:8B:56:3E:7D:D5:72:7C:22:47
Certificate issuer:       /CN=a0639adf1e0b84b9ff64e4f8ebe638ebbf5d27b9
Certificate serial:       018CC5DC6EFFDB527D465C512F9063B9AD2E
Authority key identifier: A0:63:9A:DF:1E:0B:84:B9:FF:64:E4:F8:EB:E6:38:EB:BF:5D:27:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oGOa3x4LhLn_ZOT46-Y4679dJ7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/vX5101xnxHIx1jeLVj591XJ8Ikc.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47297
IP address blocks:        185.124.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/oGOa3x4LhLn_ZOT46-Y4679dJ7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/oGOa3x4LhLn_ZOT46-Y4679dJ7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oGOa3x4LhLn_ZOT46-Y4679dJ7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6e:ff:db:52:7d:46:5c:51:2f:90:63:b9:ad:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0639adf1e0b84b9ff64e4f8ebe638ebbf5d27b9
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7e75d35c67c47231d6378b563e7dd5727c2247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8d:29:f2:6e:ad:4e:59:31:f0:59:cc:aa:8e:
                    7d:38:f5:81:24:f7:f0:b7:d5:f2:c6:de:29:e1:c8:
                    8d:e3:31:a3:4c:6e:3f:c0:8c:60:ee:da:ee:cb:83:
                    78:94:d2:98:a0:ec:34:af:58:70:3b:38:d8:91:bf:
                    af:44:fb:a3:b2:1b:92:34:93:df:27:cf:e9:6c:57:
                    6a:ad:99:4a:83:4c:63:0f:25:0c:68:39:49:8a:ff:
                    42:76:f8:86:0c:e7:30:71:83:4b:fc:54:3c:3b:0d:
                    b7:89:a5:fd:3b:58:9b:96:3d:b3:bd:73:88:5b:e3:
                    9c:38:08:ef:28:bb:42:4d:1c:1e:ca:e7:45:17:c9:
                    cf:34:24:38:b2:1b:6e:cb:f7:f7:3f:61:8d:a8:6f:
                    5c:c2:79:0d:75:51:42:ad:4f:2c:8f:44:6a:44:c1:
                    99:29:de:be:bd:86:4d:9e:75:6b:99:73:9f:c1:99:
                    c5:ec:57:61:99:91:a4:ce:e3:70:fe:0f:ac:c1:a6:
                    64:f3:c7:2c:5b:b0:e9:6c:1f:b3:94:b2:3f:ed:67:
                    c8:dc:1d:e4:eb:6d:64:e6:d2:cd:67:c1:23:c0:9f:
                    fe:d5:3d:ca:c2:b2:12:91:af:2b:77:bb:e9:87:b4:
                    c5:76:8e:05:c8:f1:02:f6:85:0f:4d:04:8e:d0:21:
                    34:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:7E:75:D3:5C:67:C4:72:31:D6:37:8B:56:3E:7D:D5:72:7C:22:47
            X509v3 Authority Key Identifier:
                keyid:A0:63:9A:DF:1E:0B:84:B9:FF:64:E4:F8:EB:E6:38:EB:BF:5D:27:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oGOa3x4LhLn_ZOT46-Y4679dJ7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/vX5101xnxHIx1jeLVj591XJ8Ikc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/oGOa3x4LhLn_ZOT46-Y4679dJ7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:75:20:ae:9c:7c:06:99:d4:6a:f2:72:b1:82:5c:95:c1:52:
         69:6f:04:94:4c:02:3d:3f:36:0d:c9:e3:2d:6f:ee:ca:81:8c:
         5f:2b:7d:5b:2f:d4:3b:90:d4:01:78:ef:f1:b3:ea:4c:c1:5b:
         28:c1:a9:a4:ab:55:e4:2a:26:23:57:f7:8d:1d:04:5b:32:66:
         e4:17:1f:f0:9f:53:b4:44:12:2f:d0:a9:e4:4f:0a:db:83:f1:
         b7:de:c8:f3:f3:20:f8:4b:97:c7:1d:b2:e2:1a:12:c7:1b:fa:
         c0:21:5d:70:db:87:0b:d3:74:63:0d:e0:2e:9f:6d:79:d2:de:
         26:ca:ef:b4:1e:3f:f9:96:b1:bd:4d:3a:df:0f:2d:eb:cc:bd:
         a4:f9:c1:b2:87:1f:b1:c4:d4:a2:13:bb:50:70:58:38:45:a7:
         43:86:4a:78:e2:d5:22:da:f1:74:d8:0f:73:73:f6:76:22:b6:
         0e:39:0a:fb:7d:7c:6c:7c:ea:2e:80:e9:7f:b0:73:52:08:b6:
         67:12:75:61:7f:3c:f9:2a:ad:50:42:81:37:ad:cf:e1:2e:0b:
         d7:e2:b6:a1:99:63:eb:8f:a1:0f:5e:19:e1:75:cd:b4:09:42:
         f6:b2:74:71:db:13:b3:e9:46:2e:ab:e0:ac:b4:b7:06:50:f5:
         03:05:fd:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3G7/21J9RlxRL5Bjua0uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNjM5YWRmMWUwYjg0YjlmZjY0ZTRmOGViZTYzOGViYmY1
ZDI3YjkwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDdlNzVkMzVjNjdjNDcyMzFkNjM3OGI1NjNlN2RkNTcyN2MyMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkI0p8m6tTlkx8FnMqo59OPWBJPfw
t9Xyxt4p4ciN4zGjTG4/wIxg7truy4N4lNKYoOw0r1hwOzjYkb+vRPujshuSNJPf
J8/pbFdqrZlKg0xjDyUMaDlJiv9CdviGDOcwcYNL/FQ8Ow23iaX9O1iblj2zvXOI
W+OcOAjvKLtCTRweyudFF8nPNCQ4shtuy/f3P2GNqG9cwnkNdVFCrU8sj0RqRMGZ
Kd6+vYZNnnVrmXOfwZnF7FdhmZGkzuNw/g+swaZk88csW7DpbB+zlLI/7WfI3B3k
621k5tLNZ8EjwJ/+1T3KwrISka8rd7vph7TFdo4FyPEC9oUPTQSO0CE0LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1+ddNcZ8RyMdY3i1Y+fdVyfCJHMB8GA1UdIwQY
MBaAFKBjmt8eC4S5/2Tk+OvmOOu/XSe5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0dPYTN4NExoTG5fWk9UNDYtWTQ2NzlkSjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYzM2M2MtMmQwZS00YmNhLWE5ZjIt
ODEzYzVhYWI3ODNlLzEvdlg1MTAxeG54SEl4MWplTFZqNTkxWEo4SWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYzM2M2MtMmQwZS00YmNhLWE5ZjItODEzYzVhYWI3ODNl
LzEvb0dPYTN4NExoTG5fWk9UNDYtWTQ2NzlkSjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXziMA0G
CSqGSIb3DQEBCwUAA4IBAQA8dSCunHwGmdRq8nKxglyVwVJpbwSUTAI9PzYNyeMt
b+7KgYxfK31bL9Q7kNQBeO/xs+pMwVsowamkq1XkKiYjV/eNHQRbMmbkFx/wn1O0
RBIv0KnkTwrbg/G33sjz8yD4S5fHHbLiGhLHG/rAIV1w24cL03RjDeAun2150t4m
yu+0Hj/5lrG9TTrfDy3rzL2k+cGyhx+xxNSiE7tQcFg4RadDhkp44tUi2vF02A9z
c/Z2IrYOOQr7fXxsfOougOl/sHNSCLZnEnVhfzz5Kq1QQoE3rc/hLgvX4rahmWPr
j6EPXhnhdc20CUL2snRx2xOz6UYuq+CstLcGUPUDBf2K
-----END CERTIFICATE-----