Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/H5hHGG3h35Gchd4iNE9bC0fNlag.roa
File:                     H5hHGG3h35Gchd4iNE9bC0fNlag.roa (raw, json)
Hash identifier:          t/Tbib9QFi9AjBFjnD9A6MSEi28p6N2KE8gYilIa01M=
Subject key identifier:   1F:98:47:18:6D:E1:DF:91:9C:85:DE:22:34:4F:5B:0B:47:CD:95:A8
Certificate issuer:       /CN=aac53499ff20f035cb8b1c0aa9b77c3d7d28976c
Certificate serial:       018CC8DF7DC04193E8D72799A2290C06E4E5
Authority key identifier: AA:C5:34:99:FF:20:F0:35:CB:8B:1C:0A:A9:B7:7C:3D:7D:28:97:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qsU0mf8g8DXLixwKqbd8PX0ol2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/H5hHGG3h35Gchd4iNE9bC0fNlag.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204965
IP address blocks:        185.231.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/qsU0mf8g8DXLixwKqbd8PX0ol2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/qsU0mf8g8DXLixwKqbd8PX0ol2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qsU0mf8g8DXLixwKqbd8PX0ol2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7d:c0:41:93:e8:d7:27:99:a2:29:0c:06:e4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aac53499ff20f035cb8b1c0aa9b77c3d7d28976c
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f9847186de1df919c85de22344f5b0b47cd95a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:38:16:ce:59:39:b6:81:ba:17:ba:1b:1d:f2:
                    ec:38:f3:02:87:cc:9a:cf:2c:b3:ad:d8:58:fb:38:
                    61:c4:71:e4:bc:b5:69:6c:47:f9:f5:d9:69:7c:ff:
                    0d:0d:26:6b:cb:ba:1b:b8:dc:7c:db:29:6b:67:a7:
                    df:59:45:94:fb:73:d8:b4:90:0b:fc:b5:3b:cd:9d:
                    41:e5:03:90:53:3e:1f:76:fb:22:ae:cf:b6:11:e3:
                    13:ff:ac:24:33:79:1a:67:ee:bf:dd:35:2c:ab:43:
                    72:9e:be:45:32:fe:0d:1e:37:ef:5f:41:47:8f:e5:
                    f1:47:60:05:40:0e:ae:1a:13:6b:49:3d:e7:c3:5c:
                    62:3c:95:da:86:66:a4:0d:31:f2:3b:2c:40:58:e4:
                    6d:f6:18:b5:f4:23:39:a3:76:21:22:69:b6:70:4b:
                    7c:f5:7a:52:7a:07:90:e9:60:5a:00:56:79:92:b5:
                    0d:f8:c8:15:b4:a2:25:f2:46:98:53:ff:62:78:31:
                    b3:19:a7:83:ee:31:84:b5:48:f0:03:36:c3:8f:ed:
                    a4:92:52:39:0e:4c:33:af:cf:a0:56:5e:ca:ab:3d:
                    25:ad:55:6e:e9:bc:72:d2:f5:50:fb:74:34:cf:e5:
                    43:49:4c:11:95:90:2d:61:c2:29:fb:4b:c5:53:0f:
                    4b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:98:47:18:6D:E1:DF:91:9C:85:DE:22:34:4F:5B:0B:47:CD:95:A8
            X509v3 Authority Key Identifier:
                keyid:AA:C5:34:99:FF:20:F0:35:CB:8B:1C:0A:A9:B7:7C:3D:7D:28:97:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsU0mf8g8DXLixwKqbd8PX0ol2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/H5hHGG3h35Gchd4iNE9bC0fNlag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/618ee0-bcc7-4851-bc2c-fab9bf7a26d8/1/qsU0mf8g8DXLixwKqbd8PX0ol2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c9:9f:cd:65:72:7d:c1:69:b8:49:41:9d:5a:de:79:83:33:
         83:ed:a7:6c:e0:81:fe:15:b4:ef:e7:e5:54:fd:15:88:c6:df:
         b5:4d:8c:c2:bc:ae:b8:14:5f:ef:d9:63:81:35:ed:5a:7f:72:
         1a:66:5c:f8:cb:f2:a7:d8:88:78:c0:57:e8:6f:1e:87:8f:20:
         60:55:11:5b:93:ab:23:e2:98:a1:d6:ea:12:21:e0:2b:90:a3:
         33:c4:5a:ec:38:00:69:dd:9c:be:ba:69:88:c9:e7:f0:a4:d6:
         5c:70:67:e8:4c:23:93:c0:d3:ed:77:c3:53:96:6a:94:52:c4:
         7e:e6:b5:b2:5f:7e:3b:13:0f:03:61:c4:0d:f1:89:dd:d4:8b:
         fb:b0:2d:07:3c:71:43:31:aa:af:96:13:7a:f8:aa:3b:0e:a4:
         ca:42:39:cd:5c:01:74:e7:cd:f7:d0:e5:64:df:7b:0b:92:db:
         a2:f4:00:f7:6f:bd:1b:6a:a3:7f:5b:54:13:c9:bb:dd:a5:7b:
         0f:ef:41:bf:d6:d9:55:a6:2a:41:81:08:40:69:5e:71:f9:a6:
         5f:15:0a:65:5f:e0:ab:d6:d5:40:99:74:bc:89:5b:05:ee:b2:
         7e:eb:27:1a:a6:e5:e9:7c:3f:a4:16:79:95:47:57:7e:8f:2a:
         90:c2:27:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI333AQZPo1yeZoikMBuTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzUzNDk5ZmYyMGYwMzVjYjhiMWMwYWE5Yjc3YzNkN2Qy
ODk3NmMwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjk4NDcxODZkZTFkZjkxOWM4NWRlMjIzNDRmNWIwYjQ3Y2Q5NWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzgWzlk5toG6F7obHfLsOPMCh8ya
zyyzrdhY+zhhxHHkvLVpbEf59dlpfP8NDSZry7obuNx82ylrZ6ffWUWU+3PYtJAL
/LU7zZ1B5QOQUz4fdvsirs+2EeMT/6wkM3kaZ+6/3TUsq0Nynr5FMv4NHjfvX0FH
j+XxR2AFQA6uGhNrST3nw1xiPJXahmakDTHyOyxAWORt9hi19CM5o3YhImm2cEt8
9XpSegeQ6WBaAFZ5krUN+MgVtKIl8kaYU/9ieDGzGaeD7jGEtUjwAzbDj+2kklI5
Dkwzr8+gVl7Kqz0lrVVu6bxy0vVQ+3Q0z+VDSUwRlZAtYcIp+0vFUw9LnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+YRxht4d+RnIXeIjRPWwtHzZWoMB8GA1UdIwQY
MBaAFKrFNJn/IPA1y4scCqm3fD19KJdsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNVMG1mOGc4RFhMaXh3S3FiZDhQWDBvbDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi82MThlZTAtYmNjNy00ODUxLWJjMmMt
ZmFiOWJmN2EyNmQ4LzEvSDVoSEdHM2gzNUdjaGQ0aU5FOWJDMGZObGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi82MThlZTAtYmNjNy00ODUxLWJjMmMtZmFiOWJmN2EyNmQ4
LzEvcXNVMG1mOGc4RFhMaXh3S3FiZDhQWDBvbDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuefWMA0G
CSqGSIb3DQEBCwUAA4IBAQACyZ/NZXJ9wWm4SUGdWt55gzOD7ads4IH+FbTv5+VU
/RWIxt+1TYzCvK64FF/v2WOBNe1af3IaZlz4y/Kn2Ih4wFfobx6HjyBgVRFbk6sj
4pih1uoSIeArkKMzxFrsOABp3Zy+ummIyefwpNZccGfoTCOTwNPtd8NTlmqUUsR+
5rWyX347Ew8DYcQN8Ynd1Iv7sC0HPHFDMaqvlhN6+Ko7DqTKQjnNXAF058330OVk
33sLktui9AD3b70baqN/W1QTybvdpXsP70G/1tlVpipBgQhAaV5x+aZfFQplX+Cr
1tVAmXS8iVsF7rJ+6ycapuXpfD+kFnmVR1d+jyqQwieB
-----END CERTIFICATE-----