Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/fSrMTla0YP_I16M2TFYqhj6aqKk.roa
File:                     fSrMTla0YP_I16M2TFYqhj6aqKk.roa (raw, json)
Hash identifier:          Vxg+v+7WTNY2pucnVWIab+OcZaOnJA8dKIsyr/9zPbk=
Subject key identifier:   7D:2A:CC:4E:56:B4:60:FF:C8:D7:A3:36:4C:56:2A:86:3E:9A:A8:A9
Certificate issuer:       /CN=d1bd64cc94a4a8518a71f96ef8b77625afa527d1
Certificate serial:       018CC726CE9844AD3DF6E0FD76EBEC76725B
Authority key identifier: D1:BD:64:CC:94:A4:A8:51:8A:71:F9:6E:F8:B7:76:25:AF:A5:27:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/fSrMTla0YP_I16M2TFYqhj6aqKk.roa
Signing time:             Mon 01 Jan 2024 22:30:58 +0000
ROA not before:           Mon 01 Jan 2024 22:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61386
IP address blocks:        185.167.124.0/22 maxlen: 22
                          185.167.124.0/24 maxlen: 24
                          185.167.125.0/24 maxlen: 24
                          185.167.126.0/24 maxlen: 24
                          185.167.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ce:98:44:ad:3d:f6:e0:fd:76:eb:ec:76:72:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1bd64cc94a4a8518a71f96ef8b77625afa527d1
        Validity
            Not Before: Jan  1 22:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d2acc4e56b460ffc8d7a3364c562a863e9aa8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:cf:ac:b3:ec:98:78:b0:d3:c8:53:e2:93:db:
                    d2:b0:cb:b9:2d:bb:ec:0b:d1:f9:bf:85:b7:c8:9e:
                    0b:1d:68:7a:25:0d:4d:3c:f6:a9:b0:10:86:cf:e8:
                    1e:06:17:74:df:a1:73:2c:ec:43:4a:9a:00:f4:ee:
                    88:04:54:6e:ed:33:cf:b3:8b:f9:8e:f1:b6:bc:63:
                    81:75:a2:4f:de:21:3e:64:81:6d:71:78:91:d6:25:
                    1d:9b:9e:15:42:85:00:70:f7:95:64:71:dc:f0:a6:
                    ed:8e:b9:ee:e9:f5:90:34:44:dd:10:af:31:51:d0:
                    04:7c:9c:29:c0:e8:5f:be:03:73:5a:e4:28:02:d0:
                    4b:12:57:78:4e:28:90:c9:84:62:6e:55:1d:1d:1d:
                    07:5c:f4:48:22:8c:23:9e:c0:94:31:ab:44:85:6e:
                    81:46:40:15:19:8b:17:bd:67:34:4f:fd:64:99:05:
                    52:f9:41:b0:37:67:ad:a7:41:63:75:7a:ba:32:41:
                    92:14:7a:55:1e:72:6c:ed:0d:a0:72:2a:95:98:fa:
                    4c:1b:4a:d4:e7:05:59:34:c2:37:08:f8:8a:01:2c:
                    33:99:e0:a0:9b:05:9f:c9:f1:4e:92:72:87:79:a7:
                    b5:ca:72:b4:78:ec:aa:62:32:85:3b:be:b3:57:cf:
                    bc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2A:CC:4E:56:B4:60:FF:C8:D7:A3:36:4C:56:2A:86:3E:9A:A8:A9
            X509v3 Authority Key Identifier:
                keyid:D1:BD:64:CC:94:A4:A8:51:8A:71:F9:6E:F8:B7:76:25:AF:A5:27:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/fSrMTla0YP_I16M2TFYqhj6aqKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2efa50-f483-4b53-b1e7-0826f36ff28f/1/0b1kzJSkqFGKcflu-Ld2Ja-lJ9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:19:06:23:3a:98:e9:3a:fb:fe:94:1c:17:c9:a1:35:b2:df:
         cd:0a:33:9b:72:87:88:9d:f3:c4:10:e8:98:50:ab:67:2b:34:
         2e:de:2c:cd:04:1a:a6:6c:3c:d4:2e:c6:f4:d4:a5:39:2f:e9:
         15:9c:20:07:f7:c9:46:90:00:06:e7:de:67:a1:6b:7d:66:ea:
         30:f1:53:d6:36:fe:f7:71:e0:3d:b9:08:d6:21:77:1a:b9:0c:
         81:eb:47:a7:2c:88:d3:cb:9a:b4:5b:d0:c7:90:ff:43:bb:1f:
         72:af:74:0f:47:7d:e7:b8:f3:a7:57:79:1c:4f:74:07:df:58:
         fe:2d:05:3c:1b:19:26:cb:25:49:07:64:5a:42:76:67:7a:5b:
         c9:b2:cd:a7:81:dc:40:8b:b6:e0:ad:fd:95:be:7c:34:1a:f5:
         11:17:d3:b2:27:eb:87:92:eb:93:08:05:d5:65:bf:36:44:bd:
         1f:09:ae:9a:e3:09:92:b5:97:17:ae:01:eb:01:d8:2a:5b:c8:
         5a:dd:b4:28:a2:03:dc:ca:60:cd:c5:66:29:f7:22:ec:95:a8:
         62:f9:b6:cb:29:0b:f5:dc:64:7f:b8:5c:94:2e:ac:31:fd:0b:
         9b:30:b7:13:26:23:d2:53:5c:5e:f3:85:7c:47:4f:7d:62:d7:
         32:60:66:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJs6YRK099uD9duvsdnJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYmQ2NGNjOTRhNGE4NTE4YTcxZjk2ZWY4Yjc3NjI1YWZh
NTI3ZDEwHhcNMjQwMTAxMjIzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDJhY2M0ZTU2YjQ2MGZmYzhkN2EzMzY0YzU2MmE4NjNlOWFhOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgs+ss+yYeLDTyFPik9vSsMu5Lbvs
C9H5v4W3yJ4LHWh6JQ1NPPapsBCGz+geBhd036FzLOxDSpoA9O6IBFRu7TPPs4v5
jvG2vGOBdaJP3iE+ZIFtcXiR1iUdm54VQoUAcPeVZHHc8Kbtjrnu6fWQNETdEK8x
UdAEfJwpwOhfvgNzWuQoAtBLEld4TiiQyYRiblUdHR0HXPRIIowjnsCUMatEhW6B
RkAVGYsXvWc0T/1kmQVS+UGwN2etp0FjdXq6MkGSFHpVHnJs7Q2gciqVmPpMG0rU
5wVZNMI3CPiKASwzmeCgmwWfyfFOknKHeae1ynK0eOyqYjKFO76zV8+8GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0qzE5WtGD/yNejNkxWKoY+mqipMB8GA1UdIwQY
MBaAFNG9ZMyUpKhRinH5bvi3diWvpSfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGIxa3pKU2txRkdLY2ZsdS1MZDJKYS1sSjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yZWZhNTAtZjQ4My00YjUzLWIxZTct
MDgyNmYzNmZmMjhmLzEvZlNyTVRsYTBZUF9JMTZNMlRGWXFoajZhcUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yZWZhNTAtZjQ4My00YjUzLWIxZTctMDgyNmYzNmZmMjhm
LzEvMGIxa3pKU2txRkdLY2ZsdS1MZDJKYS1sSjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuad8MA0G
CSqGSIb3DQEBCwUAA4IBAQAZGQYjOpjpOvv+lBwXyaE1st/NCjObcoeInfPEEOiY
UKtnKzQu3izNBBqmbDzULsb01KU5L+kVnCAH98lGkAAG595noWt9Zuow8VPWNv73
ceA9uQjWIXcauQyB60enLIjTy5q0W9DHkP9Dux9yr3QPR33nuPOnV3kcT3QH31j+
LQU8GxkmyyVJB2RaQnZnelvJss2ngdxAi7bgrf2Vvnw0GvURF9OyJ+uHkuuTCAXV
Zb82RL0fCa6a4wmStZcXrgHrAdgqW8ha3bQoogPcymDNxWYp9yLslahi+bbLKQv1
3GR/uFyULqwx/QubMLcTJiPSU1xe84V8R099YtcyYGZg
-----END CERTIFICATE-----