Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pUU4kzlaIwfqnYhnXkj_rLwcJi0.roa
File:                     pUU4kzlaIwfqnYhnXkj_rLwcJi0.roa (raw, json)
Hash identifier:          mVHpFvDn7NMq2td+nlaiyp+kTnmnVyrftyOW6mFYzhI=
Subject key identifier:   A5:45:38:93:39:5A:23:07:EA:9D:88:67:5E:48:FF:AC:BC:1C:26:2D
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       018CC348990BBDE41DAF0E0C9E9BC6252E87
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pUU4kzlaIwfqnYhnXkj_rLwcJi0.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        185.228.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:0b:bd:e4:1d:af:0e:0c:9e:9b:c6:25:2e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5453893395a2307ea9d88675e48ffacbc1c262d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6a:e2:51:9c:db:98:fb:57:f3:39:7a:dd:83:
                    23:c3:ea:60:9c:7b:bb:47:14:15:bc:51:0a:c6:b6:
                    70:1b:f3:c8:a6:91:e7:32:02:e2:bf:2d:7b:e5:eb:
                    76:d1:53:cb:78:18:b9:8c:34:dc:d0:c9:42:d1:96:
                    0c:26:cb:55:5c:15:cf:e6:84:ea:7f:b7:47:7c:37:
                    af:8c:64:96:0a:50:72:d4:cd:d8:91:21:5b:3b:ea:
                    45:96:cf:93:a3:c7:ed:f6:fc:c2:79:d5:8f:20:67:
                    7a:c4:62:c1:60:16:75:46:70:8c:d1:f7:9e:7a:c3:
                    29:2c:f4:f3:d7:00:23:cf:f7:d7:1e:10:89:37:3c:
                    94:ba:af:12:ef:51:19:24:92:4c:af:c9:1b:21:63:
                    8e:eb:2a:6a:96:02:0e:14:c9:1b:49:5f:9f:a0:72:
                    f3:b1:9a:89:ab:25:09:66:9a:9d:2f:9d:bc:73:4b:
                    83:35:fd:bf:ba:46:64:03:be:3e:3f:f9:92:3a:8e:
                    36:c8:43:e8:e9:f0:36:ef:82:da:85:e0:b1:03:81:
                    9f:31:09:16:1a:1f:76:1e:7a:9a:00:8b:31:de:42:
                    c2:98:5b:a0:81:df:a7:8b:d6:82:34:ea:11:47:c8:
                    ef:22:ca:d6:84:27:50:19:ad:cb:12:99:c5:24:b2:
                    ee:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:45:38:93:39:5A:23:07:EA:9D:88:67:5E:48:FF:AC:BC:1C:26:2D
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pUU4kzlaIwfqnYhnXkj_rLwcJi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:8f:69:b0:9c:50:d7:d5:cd:73:75:98:52:3f:85:f5:c6:09:
         60:ea:e7:9e:d1:67:4d:a6:09:1d:3c:8a:d5:bd:d7:25:95:7f:
         03:fa:5d:e4:09:86:83:b5:b8:d1:ce:2d:8f:42:94:3d:ac:a1:
         47:aa:be:ce:40:d8:15:0c:f7:28:c6:3b:76:61:46:a4:e1:b5:
         b7:cc:d1:f0:ac:c0:55:bf:10:94:3f:38:4c:d0:ff:d0:48:7c:
         6e:55:4f:f9:a9:14:45:82:87:63:af:26:70:c1:75:59:f9:ec:
         d0:af:bf:3c:41:38:40:5c:65:2d:82:b2:1a:94:a9:66:31:ea:
         e7:32:38:dd:8f:e4:e5:e2:84:07:3e:cd:dd:c6:1e:55:2f:ee:
         48:7e:43:aa:fb:38:21:da:33:52:9a:f1:39:21:63:29:43:c3:
         60:35:54:70:96:eb:9c:98:d9:bf:b3:59:b2:cd:da:fc:95:42:
         05:a9:2e:03:f2:1b:ec:a6:4a:9e:c6:27:de:57:76:f3:62:6e:
         81:ab:b0:9e:72:0d:6e:31:41:64:6c:45:af:ab:8b:6b:86:0b:
         8a:2c:ca:54:bf:61:3b:fe:f2:16:6d:ea:09:96:27:66:bd:99:
         4a:d4:1c:e9:f6:8d:39:b2:6a:f1:c1:ac:18:18:23:a5:8c:61:
         20:8e:4b:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJkLveQdrw4MnpvGJS6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQ1Mzg5MzM5NWEyMzA3ZWE5ZDg4Njc1ZTQ4ZmZhY2JjMWMyNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmriUZzbmPtX8zl63YMjw+pgnHu7
RxQVvFEKxrZwG/PIppHnMgLivy175et20VPLeBi5jDTc0MlC0ZYMJstVXBXP5oTq
f7dHfDevjGSWClBy1M3YkSFbO+pFls+To8ft9vzCedWPIGd6xGLBYBZ1RnCM0fee
esMpLPTz1wAjz/fXHhCJNzyUuq8S71EZJJJMr8kbIWOO6ypqlgIOFMkbSV+foHLz
sZqJqyUJZpqdL528c0uDNf2/ukZkA74+P/mSOo42yEPo6fA274LaheCxA4GfMQkW
Gh92HnqaAIsx3kLCmFuggd+ni9aCNOoRR8jvIsrWhCdQGa3LEpnFJLLuMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVFOJM5WiMH6p2IZ15I/6y8HCYtMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvcFVVNGt6bGFJd2Zxblloblhral9yTHdjSmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQBMA0G
CSqGSIb3DQEBCwUAA4IBAQCKj2mwnFDX1c1zdZhSP4X1xglg6uee0WdNpgkdPIrV
vdcllX8D+l3kCYaDtbjRzi2PQpQ9rKFHqr7OQNgVDPcoxjt2YUak4bW3zNHwrMBV
vxCUPzhM0P/QSHxuVU/5qRRFgodjryZwwXVZ+ezQr788QThAXGUtgrIalKlmMern
Mjjdj+Tl4oQHPs3dxh5VL+5IfkOq+zgh2jNSmvE5IWMpQ8NgNVRwluucmNm/s1my
zdr8lUIFqS4D8hvspkqexifeV3bzYm6Bq7Cecg1uMUFkbEWvq4trhguKLMpUv2E7
/vIWbeoJlidmvZlK1Bzp9o05smrxwawYGCOljGEgjktQ
-----END CERTIFICATE-----