Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/1-hCsELGTPhIOYXe-h8aaadcnQJs.roa
File:                     1-hCsELGTPhIOYXe-h8aaadcnQJs.roa (raw, json)
Hash identifier:          LHOr094XHMaHqDlni+k6P0YmcbpeRQwEoX9siJfGWmI=
Subject key identifier:   FA:10:AC:10:B1:93:3E:12:0E:61:77:BE:87:C6:9A:69:D7:27:40:9B
Certificate issuer:       /CN=cb8e6c5a928ba48ca72f707bb794de49d70a0e77
Certificate serial:       018CC49383F9988046BBD2FABC63D3B19E68
Authority key identifier: CB:8E:6C:5A:92:8B:A4:8C:A7:2F:70:7B:B7:94:DE:49:D7:0A:0E:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y45sWpKLpIynL3B7t5TeSdcKDnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/1-hCsELGTPhIOYXe-h8aaadcnQJs.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        85.118.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/y45sWpKLpIynL3B7t5TeSdcKDnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/y45sWpKLpIynL3B7t5TeSdcKDnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y45sWpKLpIynL3B7t5TeSdcKDnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:83:f9:98:80:46:bb:d2:fa:bc:63:d3:b1:9e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb8e6c5a928ba48ca72f707bb794de49d70a0e77
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa10ac10b1933e120e6177be87c69a69d727409b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d6:02:0f:7d:6d:a4:70:8e:ab:00:91:3f:d6:
                    a4:69:21:6a:af:db:bd:48:b4:e0:30:d8:75:82:11:
                    cd:33:8c:bb:58:b8:d9:e3:62:75:42:9b:e3:c6:7d:
                    e3:32:79:53:95:6a:97:6e:31:02:b2:a2:9b:55:48:
                    de:32:5c:76:11:3a:f5:b5:db:db:a4:4b:88:bd:21:
                    6b:c4:24:76:2c:73:a6:54:e4:cd:8e:b8:66:48:7c:
                    80:78:20:88:27:40:30:31:fa:04:95:7e:cd:79:11:
                    f4:e1:eb:39:f0:f0:21:73:23:d0:01:1c:a6:4b:50:
                    d3:06:3c:2c:54:e3:59:3f:d6:eb:73:38:cc:bc:ca:
                    3f:99:65:45:1d:a9:d4:1b:be:75:20:fa:53:2d:1c:
                    95:11:98:31:2e:04:e8:18:55:54:ec:d3:27:3a:61:
                    d6:01:ea:50:83:c8:3d:76:51:79:04:de:96:55:98:
                    a0:13:22:22:55:f0:3b:d4:cf:d3:4d:c8:65:fe:df:
                    99:c8:10:a1:a4:39:3c:cb:92:17:30:d3:10:f7:55:
                    5e:dc:41:f7:5e:c3:2d:6a:a0:a9:20:9d:16:b6:7a:
                    74:71:20:23:68:71:20:f2:6f:57:46:6d:4a:92:7f:
                    8f:6f:c6:ff:ca:0d:bf:3e:6e:0e:fa:e6:b4:86:fe:
                    5f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:10:AC:10:B1:93:3E:12:0E:61:77:BE:87:C6:9A:69:D7:27:40:9B
            X509v3 Authority Key Identifier:
                keyid:CB:8E:6C:5A:92:8B:A4:8C:A7:2F:70:7B:B7:94:DE:49:D7:0A:0E:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y45sWpKLpIynL3B7t5TeSdcKDnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/1-hCsELGTPhIOYXe-h8aaadcnQJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0c6181-218f-400a-bb70-8c523a5bba78/1/y45sWpKLpIynL3B7t5TeSdcKDnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:c9:77:28:2c:37:5c:76:1b:ed:3e:36:d1:f8:32:a4:cd:fb:
         f4:fd:18:ac:eb:92:d6:99:b2:5f:ac:35:20:a5:33:cd:4b:44:
         a8:8e:e2:e4:97:fa:7f:54:81:b7:0e:da:9a:33:05:0a:2e:e0:
         14:73:f0:1c:f9:7d:c8:e9:a1:da:cf:6a:06:e1:a8:e6:ec:f6:
         49:aa:23:f3:e2:d2:ab:3c:b5:48:79:cb:03:54:15:a7:63:a5:
         c0:c2:a9:bc:5e:f8:c9:41:8e:23:0b:26:5e:c1:a2:ae:a6:da:
         c2:5d:98:ff:5f:24:d8:86:a4:7c:79:0b:aa:9b:72:8a:3c:58:
         2e:f4:24:93:78:a4:58:b2:a9:5a:91:7c:77:91:6c:a5:41:b9:
         b6:a6:d7:aa:6a:16:66:18:25:f5:e8:89:ac:4c:02:26:23:79:
         c1:f9:1c:db:eb:d9:ef:ba:96:19:44:91:38:f6:56:b9:f8:ae:
         a3:10:cd:a7:ee:8f:26:a2:d3:f7:51:1d:f7:ba:fc:3d:b8:fa:
         c4:52:0b:c3:25:ad:e4:f6:39:93:d9:2a:b5:b6:a8:7b:8f:3d:
         3c:34:1a:f4:18:93:29:e8:d1:58:02:07:20:6a:4f:59:3e:a3:
         20:33:48:e5:54:5e:0b:e5:d9:a4:6d:43:58:19:f5:09:b2:0e:
         8e:0a:21:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk4P5mIBGu9L6vGPTsZ5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOGU2YzVhOTI4YmE0OGNhNzJmNzA3YmI3OTRkZTQ5ZDcw
YTBlNzcwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTEwYWMxMGIxOTMzZTEyMGU2MTc3YmU4N2M2OWE2OWQ3Mjc0MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtYCD31tpHCOqwCRP9akaSFqr9u9
SLTgMNh1ghHNM4y7WLjZ42J1Qpvjxn3jMnlTlWqXbjECsqKbVUjeMlx2ETr1tdvb
pEuIvSFrxCR2LHOmVOTNjrhmSHyAeCCIJ0AwMfoElX7NeRH04es58PAhcyPQARym
S1DTBjwsVONZP9brczjMvMo/mWVFHanUG751IPpTLRyVEZgxLgToGFVU7NMnOmHW
AepQg8g9dlF5BN6WVZigEyIiVfA71M/TTchl/t+ZyBChpDk8y5IXMNMQ91Ve3EH3
XsMtaqCpIJ0Wtnp0cSAjaHEg8m9XRm1Kkn+Pb8b/yg2/Pm4O+ua0hv5f2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoQrBCxkz4SDmF3vofGmmnXJ0CbMB8GA1UdIwQY
MBaAFMuObFqSi6SMpy9we7eU3knXCg53MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTQ1c1dwS0xwSXluTDNCN3Q1VGVTZGNLRG5jLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wYzYxODEtMjE4Zi00MDBhLWJiNzAt
OGM1MjNhNWJiYTc4LzEvMS1oQ3NFTEdUUGhJT1lYZS1oOGFhYWRjblFKcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvMGM2MTgxLTIxOGYtNDAwYS1iYjcwLThjNTIzYTViYmE3
OC8xL3k0NXNXcEtMcEl5bkwzQjd0NVRlU2RjS0RuYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1V22DAN
BgkqhkiG9w0BAQsFAAOCAQEAYcl3KCw3XHYb7T420fgypM379P0YrOuS1pmyX6w1
IKUzzUtEqI7i5Jf6f1SBtw7amjMFCi7gFHPwHPl9yOmh2s9qBuGo5uz2Saoj8+LS
qzy1SHnLA1QVp2OlwMKpvF74yUGOIwsmXsGirqbawl2Y/18k2IakfHkLqptyijxY
LvQkk3ikWLKpWpF8d5FspUG5tqbXqmoWZhgl9eiJrEwCJiN5wfkc2+vZ77qWGUSR
OPZWufiuoxDNp+6PJqLT91Ed97r8Pbj6xFILwyWt5PY5k9kqtbaoe489PDQa9BiT
KejRWAIHIGpPWT6jIDNI5VReC+XZpG1DWBn1CbIOjgohhg==
-----END CERTIFICATE-----