Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/VFk9TuHxsZS2OGnHCNtHEjoBMsg.roa
File:                     VFk9TuHxsZS2OGnHCNtHEjoBMsg.roa (raw, json)
Hash identifier:          WjrHaiu8zgTSQkyQGNXMQKrBXwTrrOST7UoJAT25avI=
Subject key identifier:   54:59:3D:4E:E1:F1:B1:94:B6:38:69:C7:08:DB:47:12:3A:01:32:C8
Certificate issuer:       /CN=5b9c145403203444959bc2619aa6819a1c5d01d9
Certificate serial:       018CC5DC12979DF9CB472FE45B7881F24A3D
Authority key identifier: 5B:9C:14:54:03:20:34:44:95:9B:C2:61:9A:A6:81:9A:1C:5D:01:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5wUVAMgNESVm8JhmqaBmhxdAdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/VFk9TuHxsZS2OGnHCNtHEjoBMsg.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        185.225.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/W5wUVAMgNESVm8JhmqaBmhxdAdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/W5wUVAMgNESVm8JhmqaBmhxdAdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5wUVAMgNESVm8JhmqaBmhxdAdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:12:97:9d:f9:cb:47:2f:e4:5b:78:81:f2:4a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b9c145403203444959bc2619aa6819a1c5d01d9
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54593d4ee1f1b194b63869c708db47123a0132c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ae:7e:40:8e:c1:b8:60:b3:23:90:f9:d3:5d:
                    19:f7:c6:3e:6a:e2:c6:34:2d:0a:59:7a:c8:15:61:
                    88:90:9c:de:49:87:f0:ec:0d:f2:77:9e:b8:da:79:
                    93:fa:07:94:64:20:94:5b:5e:5d:bc:9e:81:01:df:
                    1d:02:57:23:7b:94:f7:69:d2:19:b8:24:5e:6f:09:
                    8c:23:c0:31:45:81:03:5b:43:3e:8c:37:ce:c7:1e:
                    05:fe:63:2a:7e:6c:27:77:56:d2:79:33:b4:08:63:
                    6f:6b:eb:52:44:14:fc:be:44:c2:05:15:e0:ba:95:
                    ab:0e:84:2c:74:20:78:6d:21:fc:59:36:8a:1b:83:
                    42:a8:93:1a:ed:2b:2d:14:5c:a7:42:21:35:08:cc:
                    aa:7e:9e:06:29:fb:a7:72:37:c2:87:ea:58:6a:03:
                    6b:de:94:27:61:22:7d:4a:37:40:df:0a:67:2d:b2:
                    c9:e5:26:4e:8d:a5:5f:4e:f7:61:ba:bc:a2:8a:d0:
                    52:2c:f8:99:e2:3c:81:12:a4:ae:a6:43:8d:9c:37:
                    2a:c8:44:20:09:96:51:d0:a6:fb:8c:ab:4b:a7:00:
                    44:c5:a2:f5:3a:0e:8c:5f:e4:5d:2c:3b:04:31:0a:
                    93:52:3c:98:b7:e5:a1:d9:c2:10:a5:45:42:b7:e8:
                    ea:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:59:3D:4E:E1:F1:B1:94:B6:38:69:C7:08:DB:47:12:3A:01:32:C8
            X509v3 Authority Key Identifier:
                keyid:5B:9C:14:54:03:20:34:44:95:9B:C2:61:9A:A6:81:9A:1C:5D:01:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5wUVAMgNESVm8JhmqaBmhxdAdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/VFk9TuHxsZS2OGnHCNtHEjoBMsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7609a0-af3a-4d7d-bb21-7fbde58c4429/1/W5wUVAMgNESVm8JhmqaBmhxdAdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:6e:74:65:4a:f6:a2:30:0c:6e:5a:86:5c:c6:00:84:3f:b3:
         44:83:87:33:1a:7d:7d:60:f7:4a:19:a2:55:2e:a2:38:1a:d2:
         a8:43:8f:4b:e8:e2:eb:98:51:80:fe:ac:ed:dc:1a:25:ec:e9:
         4e:21:56:c2:a1:df:fc:8c:3f:51:c8:74:0d:9e:3b:8c:88:c9:
         43:56:20:13:54:8f:89:d7:39:d8:25:93:fe:25:cf:d8:40:16:
         6a:a6:05:ac:f3:a8:a3:8a:03:ec:f4:52:bd:b6:15:33:4d:97:
         43:50:eb:80:ee:60:6c:52:8d:fa:70:82:ba:a3:fd:e5:bd:90:
         4f:47:63:39:42:37:d9:c4:37:0e:c6:01:b8:f8:70:c6:ff:f1:
         5d:40:87:72:77:3e:6a:a5:2b:01:5e:57:44:8e:85:43:cc:1d:
         26:62:84:20:c9:70:92:16:34:b3:2e:df:ef:ab:a5:2c:26:b3:
         ec:cb:33:da:f5:79:a7:28:a0:e1:51:7a:31:cc:c1:bb:7c:98:
         f0:a0:a5:05:28:4e:5c:13:47:ad:f7:f8:49:3e:72:40:08:09:
         9d:06:99:6a:be:46:07:80:fc:f7:38:d1:80:56:d3:c0:12:94:
         d4:bd:6b:91:a7:22:84:80:5e:c9:cb:b6:4b:82:49:45:0a:f9:
         ea:0e:a4:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BKXnfnLRy/kW3iB8ko9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOWMxNDU0MDMyMDM0NDQ5NTliYzI2MTlhYTY4MTlhMWM1
ZDAxZDkwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU5M2Q0ZWUxZjFiMTk0YjYzODY5YzcwOGRiNDcxMjNhMDEzMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh65+QI7BuGCzI5D5010Z98Y+auLG
NC0KWXrIFWGIkJzeSYfw7A3yd5642nmT+geUZCCUW15dvJ6BAd8dAlcje5T3adIZ
uCRebwmMI8AxRYEDW0M+jDfOxx4F/mMqfmwnd1bSeTO0CGNva+tSRBT8vkTCBRXg
upWrDoQsdCB4bSH8WTaKG4NCqJMa7SstFFynQiE1CMyqfp4GKfuncjfCh+pYagNr
3pQnYSJ9SjdA3wpnLbLJ5SZOjaVfTvdhuryiitBSLPiZ4jyBEqSupkONnDcqyEQg
CZZR0Kb7jKtLpwBExaL1Og6MX+RdLDsEMQqTUjyYt+Wh2cIQpUVCt+jqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRZPU7h8bGUtjhpxwjbRxI6ATLIMB8GA1UdIwQY
MBaAFFucFFQDIDRElZvCYZqmgZocXQHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzV3VVZBTWdORVNWbThKaG1xYUJtaHhkQWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83NjA5YTAtYWYzYS00ZDdkLWJiMjEt
N2ZiZGU1OGM0NDI5LzEvVkZrOVR1SHhzWlMyT0duSENOdEhFam9CTXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83NjA5YTAtYWYzYS00ZDdkLWJiMjEtN2ZiZGU1OGM0NDI5
LzEvVzV3VVZBTWdORVNWbThKaG1xYUJtaHhkQWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueG8MA0G
CSqGSIb3DQEBCwUAA4IBAQAPbnRlSvaiMAxuWoZcxgCEP7NEg4czGn19YPdKGaJV
LqI4GtKoQ49L6OLrmFGA/qzt3Bol7OlOIVbCod/8jD9RyHQNnjuMiMlDViATVI+J
1znYJZP+Jc/YQBZqpgWs86ijigPs9FK9thUzTZdDUOuA7mBsUo36cIK6o/3lvZBP
R2M5QjfZxDcOxgG4+HDG//FdQIdydz5qpSsBXldEjoVDzB0mYoQgyXCSFjSzLt/v
q6UsJrPsyzPa9XmnKKDhUXoxzMG7fJjwoKUFKE5cE0et9/hJPnJACAmdBplqvkYH
gPz3ONGAVtPAEpTUvWuRpyKEgF7Jy7ZLgklFCvnqDqR5
-----END CERTIFICATE-----