Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/f8rAhnUskT4IrPDU7TIiF8cyzug.roa
File:                     f8rAhnUskT4IrPDU7TIiF8cyzug.roa (raw, json)
Hash identifier:          Dlww2pgNZoys3A40Ac1mOPQVZ+HY/PBRYLbd0tDpHik=
Subject key identifier:   7F:CA:C0:86:75:2C:91:3E:08:AC:F0:D4:ED:32:22:17:C7:32:CE:E8
Certificate issuer:       /CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
Certificate serial:       018CC94D9F40381DA1D3A5F177E656B03413
Authority key identifier: 30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/f8rAhnUskT4IrPDU7TIiF8cyzug.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57724
IP address blocks:        185.231.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9f:40:38:1d:a1:d3:a5:f1:77:e6:56:b0:34:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fcac086752c913e08acf0d4ed322217c732cee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:51:50:bc:67:7a:0d:fc:59:3b:3b:6b:60:c2:
                    da:3d:fa:77:04:cd:9d:cd:fc:a1:b5:b6:80:1e:27:
                    47:53:d0:ae:85:8e:8b:c5:a5:55:06:71:45:89:90:
                    48:73:1d:73:8e:17:79:a7:9b:78:6e:87:f2:22:5d:
                    65:36:17:d4:8b:b9:7e:bc:d2:1c:b0:d0:2b:f5:d4:
                    91:c5:17:65:46:04:df:30:98:0c:d0:11:26:69:bb:
                    1b:98:09:e9:df:40:5b:31:c4:c0:55:8d:e1:96:33:
                    c7:93:10:be:f2:4f:dc:0d:8f:d3:57:71:3c:56:20:
                    f4:cf:ea:21:02:95:ed:95:58:77:77:4c:31:fa:2a:
                    18:98:9c:5b:2a:8c:7d:28:8c:ec:e7:6b:c7:8b:5f:
                    e6:d2:8d:d2:f8:68:41:4b:a9:8a:01:17:3c:78:b3:
                    4e:39:2b:8e:bf:e9:6d:9f:d8:9e:c3:24:d0:b0:7f:
                    58:64:c9:94:88:27:e9:7e:9b:5d:4a:6b:c1:f1:5a:
                    c8:58:12:f3:7d:f1:6b:ce:45:3f:62:fe:99:5a:95:
                    7d:74:53:d3:9f:1c:6d:73:a6:45:a5:1f:a5:78:38:
                    6a:87:64:41:04:e7:69:04:5a:31:f5:d7:ba:2b:fb:
                    6a:3a:0f:8b:7c:28:35:82:94:9e:f0:fb:05:1b:07:
                    18:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CA:C0:86:75:2C:91:3E:08:AC:F0:D4:ED:32:22:17:C7:32:CE:E8
            X509v3 Authority Key Identifier:
                keyid:30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/f8rAhnUskT4IrPDU7TIiF8cyzug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:29:ab:e7:5c:8f:7f:65:d2:d3:fe:3c:01:d4:fb:82:b9:1a:
         52:21:20:d1:9c:27:66:73:f9:b0:cd:e4:52:31:7b:53:fb:a7:
         04:f1:ec:50:c0:1d:3d:0b:a3:dc:69:a5:2f:bb:ab:5b:ca:09:
         c1:84:e6:b5:0b:32:78:24:69:e7:f9:78:7b:68:cb:aa:ad:de:
         fb:59:81:4b:af:9d:82:6a:48:10:56:0c:99:ef:db:2d:9d:a1:
         58:3e:0c:df:18:b4:a9:50:e9:50:9c:8c:96:b0:c8:d8:40:a3:
         b5:f5:a8:e2:b6:2e:e4:26:5e:24:18:09:fa:ae:78:0d:a2:4e:
         8d:80:0e:dd:71:60:00:9d:2d:c3:ae:e6:0a:01:37:32:6c:c5:
         91:f9:ef:4b:21:38:20:52:65:4c:16:c6:e6:c6:f6:95:54:98:
         d5:ad:4a:d8:45:7e:b3:72:80:b1:c2:c4:98:78:5b:b4:b7:de:
         07:fe:7b:30:fb:21:cf:ba:42:90:33:2f:5c:0f:63:9e:d0:b6:
         a3:de:33:90:64:71:1f:3d:32:6a:28:74:ba:c5:24:5d:35:31:
         aa:a0:74:d6:b0:58:bc:8b:a3:77:35:62:ce:1e:3c:87:dc:18:
         f9:bd:f2:24:71:2d:7b:6d:c3:e8:0b:d6:2b:f6:0e:b2:fb:49:
         8c:30:58:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZ9AOB2h06Xxd+ZWsDQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNmMwODY2ZGMyNTIwOGU2YzA3ZDRhMjFkN2Q4MDUwYjUw
OGQ2YTIwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNhYzA4Njc1MmM5MTNlMDhhY2YwZDRlZDMyMjIxN2M3MzJjZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVFQvGd6DfxZOztrYMLaPfp3BM2d
zfyhtbaAHidHU9CuhY6LxaVVBnFFiZBIcx1zjhd5p5t4bofyIl1lNhfUi7l+vNIc
sNAr9dSRxRdlRgTfMJgM0BEmabsbmAnp30BbMcTAVY3hljPHkxC+8k/cDY/TV3E8
ViD0z+ohApXtlVh3d0wx+ioYmJxbKox9KIzs52vHi1/m0o3S+GhBS6mKARc8eLNO
OSuOv+ltn9iewyTQsH9YZMmUiCfpfptdSmvB8VrIWBLzffFrzkU/Yv6ZWpV9dFPT
nxxtc6ZFpR+leDhqh2RBBOdpBFox9de6K/tqOg+LfCg1gpSe8PsFGwcYMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/KwIZ1LJE+CKzw1O0yIhfHMs7oMB8GA1UdIwQY
MBaAFDBsCGbcJSCObAfUoh19gFC1CNaiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUt
MTBlZGI1NDFlNmZmLzEvZjhyQWhuVXNrVDRJclBEVTdUSWlGOGN5enVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUtMTBlZGI1NDFlNmZm
LzEvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuechMA0G
CSqGSIb3DQEBCwUAA4IBAQBcKavnXI9/ZdLT/jwB1PuCuRpSISDRnCdmc/mwzeRS
MXtT+6cE8exQwB09C6PcaaUvu6tbygnBhOa1CzJ4JGnn+Xh7aMuqrd77WYFLr52C
akgQVgyZ79stnaFYPgzfGLSpUOlQnIyWsMjYQKO19ajiti7kJl4kGAn6rngNok6N
gA7dcWAAnS3DruYKATcybMWR+e9LITggUmVMFsbmxvaVVJjVrUrYRX6zcoCxwsSY
eFu0t94H/nsw+yHPukKQMy9cD2Oe0Laj3jOQZHEfPTJqKHS6xSRdNTGqoHTWsFi8
i6N3NWLOHjyH3Bj5vfIkcS17bcPoC9Yr9g6y+0mMMFiV
-----END CERTIFICATE-----