Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/AURfUP6FTf594sA_LY5fAdWU6mg.roa
File:                     AURfUP6FTf594sA_LY5fAdWU6mg.roa (raw, json)
Hash identifier:          +0Ju5ixO1NinWN8aR1DsCdAThvo7crvF0abypXQ9lQ0=
Subject key identifier:   01:44:5F:50:FE:85:4D:FE:7D:E2:C0:3F:2D:8E:5F:01:D5:94:EA:68
Certificate issuer:       /CN=93db7a342cd9392efa5cd33894741ca8a5b4f42b
Certificate serial:       018CC8DE9FA8BE3B3B7A3EDAEB242B63480E
Authority key identifier: 93:DB:7A:34:2C:D9:39:2E:FA:5C:D3:38:94:74:1C:A8:A5:B4:F4:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9t6NCzZOS76XNM4lHQcqKW09Cs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/AURfUP6FTf594sA_LY5fAdWU6mg.roa
Signing time:             Tue 02 Jan 2024 06:31:22 +0000
ROA not before:           Tue 02 Jan 2024 06:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210321
IP address blocks:        185.242.248.0/22 maxlen: 24
                          2a0c:f780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/k9t6NCzZOS76XNM4lHQcqKW09Cs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/k9t6NCzZOS76XNM4lHQcqKW09Cs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9t6NCzZOS76XNM4lHQcqKW09Cs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9f:a8:be:3b:3b:7a:3e:da:eb:24:2b:63:48:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93db7a342cd9392efa5cd33894741ca8a5b4f42b
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01445f50fe854dfe7de2c03f2d8e5f01d594ea68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:3f:8d:54:64:04:59:f6:3d:b2:73:d1:e6:
                    e4:e1:de:73:17:d1:94:ff:47:7a:bb:63:b6:fd:00:
                    ef:92:2f:c7:07:a5:97:f3:ba:c1:a4:96:f4:b2:b2:
                    00:e2:8a:03:f6:0e:d7:1c:a3:f9:4a:dd:5a:6a:3d:
                    e8:ab:17:30:e3:0e:c4:c1:95:ed:82:ed:c2:bd:dc:
                    34:be:2b:ea:4c:17:52:41:d5:6d:4e:b1:27:4a:c5:
                    06:e6:69:6d:56:c8:66:da:1d:fd:b7:c6:25:7a:fa:
                    41:c9:33:f6:3c:cb:aa:3e:d8:bc:81:8a:81:20:85:
                    39:7b:21:c0:e0:95:66:71:46:0a:0f:ac:a0:6f:e7:
                    c5:f4:13:e5:32:11:56:2e:e3:7d:b1:88:af:fd:54:
                    50:15:40:b5:86:8e:0d:5c:0f:ac:da:d0:2c:ea:c2:
                    74:93:48:0c:3c:45:e7:56:fa:56:0a:08:05:ba:ad:
                    22:ce:92:05:b4:6c:0a:c2:ea:0f:74:66:f2:67:e8:
                    fc:55:5e:ab:0e:35:1a:0c:0d:51:1b:b7:f0:79:86:
                    34:0d:c1:f5:08:d5:e0:b4:59:64:52:08:cc:0d:00:
                    a1:1c:82:e1:d1:3b:5a:a5:e1:4b:4c:69:dd:b2:3e:
                    f7:3e:a2:ec:ba:4c:a6:19:6d:0b:e3:93:3f:94:56:
                    4c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:44:5F:50:FE:85:4D:FE:7D:E2:C0:3F:2D:8E:5F:01:D5:94:EA:68
            X509v3 Authority Key Identifier:
                keyid:93:DB:7A:34:2C:D9:39:2E:FA:5C:D3:38:94:74:1C:A8:A5:B4:F4:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9t6NCzZOS76XNM4lHQcqKW09Cs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/AURfUP6FTf594sA_LY5fAdWU6mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/308f53-8bff-4990-8d7b-e7185cdeccd3/1/k9t6NCzZOS76XNM4lHQcqKW09Cs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.248.0/22
                IPv6:
                  2a0c:f780::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:9b:94:20:e9:4c:91:3d:dc:44:68:a4:f0:bc:10:d8:bb:a9:
         34:b5:64:aa:d4:26:b4:11:0b:fb:e8:cf:59:25:e2:c9:ae:2b:
         85:bf:c2:3f:73:4d:f4:b8:74:52:48:c9:07:f8:ca:8e:61:0c:
         03:a3:c3:9e:6b:d7:a6:8c:4d:55:63:db:59:07:5f:d4:5a:69:
         76:c4:4e:e4:4f:65:8f:13:ad:0a:88:21:ed:98:62:22:26:f6:
         4d:7b:03:40:fd:97:32:21:1a:7d:a8:4d:28:62:2f:7d:ff:b7:
         b5:bb:6d:e4:72:8f:ec:92:2a:7d:b0:f1:83:3b:d0:fe:71:ff:
         d7:86:ae:d1:ff:17:59:e6:41:c1:a1:d9:95:2e:73:74:4c:d6:
         8d:c7:59:23:67:4d:49:ff:0e:00:92:54:eb:38:56:90:5f:f1:
         f5:a8:2e:74:05:59:27:ea:c8:4d:0c:d7:0e:24:14:36:3f:bc:
         3d:5b:66:ac:7c:16:0b:76:10:52:1a:6d:80:b7:08:c1:61:c9:
         74:c3:a6:49:2a:29:c8:91:6d:22:bc:ac:a0:4a:79:fb:4b:75:
         53:44:f8:5d:55:d2:73:47:c9:3a:0c:3f:20:a5:98:75:5a:47:
         e7:04:a3:56:1c:65:c5:0e:9b:48:b7:f7:4f:e4:f1:b9:65:33:
         75:64:a6:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3p+ovjs7ej7a6yQrY0gOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGI3YTM0MmNkOTM5MmVmYTVjZDMzODk0NzQxY2E4YTVi
NGY0MmIwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTQ0NWY1MGZlODU0ZGZlN2RlMmMwM2YyZDhlNWYwMWQ1OTRlYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPU/jVRkBFn2PbJz0ebk4d5zF9GU
/0d6u2O2/QDvki/HB6WX87rBpJb0srIA4ooD9g7XHKP5St1aaj3oqxcw4w7EwZXt
gu3Cvdw0vivqTBdSQdVtTrEnSsUG5mltVshm2h39t8YlevpByTP2PMuqPti8gYqB
IIU5eyHA4JVmcUYKD6ygb+fF9BPlMhFWLuN9sYiv/VRQFUC1ho4NXA+s2tAs6sJ0
k0gMPEXnVvpWCggFuq0izpIFtGwKwuoPdGbyZ+j8VV6rDjUaDA1RG7fweYY0DcH1
CNXgtFlkUgjMDQChHILh0TtapeFLTGndsj73PqLsukymGW0L45M/lFZMiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAFEX1D+hU3+feLAPy2OXwHVlOpoMB8GA1UdIwQY
MBaAFJPbejQs2Tku+lzTOJR0HKiltPQrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl0Nk5DelpPUzc2WE5NNGxIUWNxS1cwOUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zMDhmNTMtOGJmZi00OTkwLThkN2It
ZTcxODVjZGVjY2QzLzEvQVVSZlVQNkZUZjU5NHNBX0xZNWZBZFdVNm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zMDhmNTMtOGJmZi00OTkwLThkN2ItZTcxODVjZGVjY2Qz
LzEvazl0Nk5DelpPUzc2WE5NNGxIUWNxS1cwOUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufL4MA0E
AgACMAcDBQMqDPeAMA0GCSqGSIb3DQEBCwUAA4IBAQBGm5Qg6UyRPdxEaKTwvBDY
u6k0tWSq1Ca0EQv76M9ZJeLJriuFv8I/c030uHRSSMkH+MqOYQwDo8Oea9emjE1V
Y9tZB1/UWml2xE7kT2WPE60KiCHtmGIiJvZNewNA/ZcyIRp9qE0oYi99/7e1u23k
co/skip9sPGDO9D+cf/Xhq7R/xdZ5kHBodmVLnN0TNaNx1kjZ01J/w4AklTrOFaQ
X/H1qC50BVkn6shNDNcOJBQ2P7w9W2asfBYLdhBSGm2AtwjBYcl0w6ZJKinIkW0i
vKygSnn7S3VTRPhdVdJzR8k6DD8gpZh1WkfnBKNWHGXFDptIt/dP5PG5ZTN1ZKaC
-----END CERTIFICATE-----