Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/j7LvyzxcAe00QHmEwU_IqQyb_GQ.roa
File:                     j7LvyzxcAe00QHmEwU_IqQyb_GQ.roa (raw, json)
Hash identifier:          NbIHDukFL8rH8ZpuZ7rHBOLcYzhtfiQTltdmZUAPGmU=
Subject key identifier:   8F:B2:EF:CB:3C:5C:01:ED:34:40:79:84:C1:4F:C8:A9:0C:9B:FC:64
Certificate issuer:       /CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
Certificate serial:       018CC72745B79C83A55897638820106F4B35
Authority key identifier: BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/j7LvyzxcAe00QHmEwU_IqQyb_GQ.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48159
IP address blocks:        185.66.229.0/24 maxlen: 24
                          185.66.228.0/24 maxlen: 24
                          185.66.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:45:b7:9c:83:a5:58:97:63:88:20:10:6f:4b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb2efcb3c5c01ed34407984c14fc8a90c9bfc64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2f:d9:72:5f:78:35:3d:01:32:3a:68:33:9b:
                    d7:e1:1d:45:d8:8e:3f:c3:84:7a:de:7e:30:5f:51:
                    70:03:16:91:2b:77:52:35:10:dc:f8:aa:72:41:f8:
                    7c:84:02:c0:ba:14:a5:71:0e:b6:00:58:11:ce:18:
                    52:3a:14:57:d4:9c:41:d6:6b:d3:2d:8f:91:96:1f:
                    00:79:99:5f:cc:01:a8:b8:4e:e4:0f:b6:f9:d5:f1:
                    c6:83:f8:d7:06:53:18:13:c9:68:1b:73:14:68:2f:
                    17:1e:d4:7c:03:4b:c9:a4:e6:75:dd:f1:df:bd:ac:
                    d9:ed:09:72:d6:d0:4e:41:59:dc:27:f0:b8:e8:46:
                    2d:82:35:1f:e8:ec:22:35:51:36:ca:ab:f8:f7:2d:
                    b3:86:ab:32:21:50:60:34:83:20:14:0a:e8:7e:97:
                    3c:89:47:46:d5:40:4e:29:65:34:49:5a:d5:c8:25:
                    fb:eb:b4:29:f7:b6:17:6b:c4:73:5a:14:73:6f:1a:
                    2e:17:67:9c:cd:e0:cb:72:97:23:17:6c:c0:9d:a2:
                    ed:7b:61:7c:0b:25:74:25:4b:e1:c2:cf:6f:db:3b:
                    61:cf:2e:17:ea:39:57:bd:36:21:fd:b2:8f:f2:01:
                    4c:d6:3e:43:8d:69:45:bd:98:4d:8d:c0:9f:28:e3:
                    e7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B2:EF:CB:3C:5C:01:ED:34:40:79:84:C1:4F:C8:A9:0C:9B:FC:64
            X509v3 Authority Key Identifier:
                keyid:BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/j7LvyzxcAe00QHmEwU_IqQyb_GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.228.0/23
                  185.66.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:57:fa:2f:83:39:2d:56:02:7c:14:53:6c:d7:28:e1:4e:2d:
         d6:d5:d8:1b:51:5e:59:55:78:f5:ac:77:f9:bf:ce:a8:53:09:
         e1:41:a0:5c:8c:68:b6:da:d8:57:97:b5:99:58:8a:c8:bb:99:
         b1:c6:a3:73:ef:af:a0:0c:57:09:d6:5a:ed:fd:2d:69:a3:68:
         88:d5:ff:9c:c3:d5:f1:55:42:62:e4:90:6d:08:87:e4:34:e3:
         66:07:f6:ee:42:d1:30:34:6a:8f:32:83:f2:31:c0:15:92:10:
         7c:2e:e0:23:c9:aa:ba:fb:9e:10:e4:e6:52:e2:20:9e:4e:4f:
         ba:5e:c9:eb:25:42:b4:62:65:b4:1c:98:a8:8e:99:54:3d:43:
         49:5a:63:dc:c0:df:ad:66:2c:73:9a:3d:2a:bc:6a:d8:d1:25:
         ef:72:fb:e8:63:61:52:91:b0:83:c2:33:1a:73:14:03:50:7a:
         7d:a3:3e:97:ad:55:90:f3:28:bf:bd:c3:d8:fb:98:0d:98:72:
         25:5a:cc:57:3f:a2:f3:a4:21:80:41:79:e2:43:dc:b5:cf:25:
         68:e1:d5:40:1e:58:e7:82:ac:b2:ef:40:46:25:96:ed:8a:8d:
         a4:88:a8:e3:1d:b4:ac:ed:80:a0:a9:06:89:f7:f1:95:31:61:
         ad:9b:5c:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ0W3nIOlWJdjiCAQb0s1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWRiODExYjVkNWQwNWJlYzM3ZWU5ZDA5YTRlYzUyZWVl
ZDFhZDUwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIyZWZjYjNjNWMwMWVkMzQ0MDc5ODRjMTRmYzhhOTBjOWJmYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0y/Zcl94NT0BMjpoM5vX4R1F2I4/
w4R63n4wX1FwAxaRK3dSNRDc+KpyQfh8hALAuhSlcQ62AFgRzhhSOhRX1JxB1mvT
LY+Rlh8AeZlfzAGouE7kD7b51fHGg/jXBlMYE8loG3MUaC8XHtR8A0vJpOZ13fHf
vazZ7Qly1tBOQVncJ/C46EYtgjUf6OwiNVE2yqv49y2zhqsyIVBgNIMgFArofpc8
iUdG1UBOKWU0SVrVyCX767Qp97YXa8RzWhRzbxouF2eczeDLcpcjF2zAnaLte2F8
CyV0JUvhws9v2zthzy4X6jlXvTYh/bKP8gFM1j5DjWlFvZhNjcCfKOPnpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+y78s8XAHtNEB5hMFPyKkMm/xkMB8GA1UdIwQY
MBaAFL9duBG11dBb7DfunQmk7FLu7RrVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2Mt
NzE1ZjA5ODE3MzQxLzEvajdMdnl6eGNBZTAwUUhtRXdVX0lxUXliX0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zMGY1ZTAtYTA0Zi00OTkzLTk4M2MtNzE1ZjA5ODE3MzQx
LzEvdjEyNEViWFYwRnZzTi02ZENhVHNVdTd0R3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuULkAwQA
uULnMA0GCSqGSIb3DQEBCwUAA4IBAQB0V/ovgzktVgJ8FFNs1yjhTi3W1dgbUV5Z
VXj1rHf5v86oUwnhQaBcjGi22thXl7WZWIrIu5mxxqNz76+gDFcJ1lrt/S1po2iI
1f+cw9XxVUJi5JBtCIfkNONmB/buQtEwNGqPMoPyMcAVkhB8LuAjyaq6+54Q5OZS
4iCeTk+6XsnrJUK0YmW0HJiojplUPUNJWmPcwN+tZixzmj0qvGrY0SXvcvvoY2FS
kbCDwjMacxQDUHp9oz6XrVWQ8yi/vcPY+5gNmHIlWsxXP6LzpCGAQXniQ9y1zyVo
4dVAHljngqyy70BGJZbtio2kiKjjHbSs7YCgqQaJ9/GVMWGtm1zG
-----END CERTIFICATE-----