Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/AfHNEBx1MY6TLVP_yNCkTro8g-U.roa
File:                     AfHNEBx1MY6TLVP_yNCkTro8g-U.roa (raw, json)
Hash identifier:          ZmFTxBVEtUUYFA9Va9x6+Z1k4626SYNqzetcBzhrWUg=
Subject key identifier:   01:F1:CD:10:1C:75:31:8E:93:2D:53:FF:C8:D0:A4:4E:BA:3C:83:E5
Certificate issuer:       /CN=427b5406ecdab8e5b40ddc54bc615ca2a70922f1
Certificate serial:       018CC8DECF31ED94923ADDBD7F9C2B71E0F5
Authority key identifier: 42:7B:54:06:EC:DA:B8:E5:B4:0D:DC:54:BC:61:5C:A2:A7:09:22:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/AfHNEBx1MY6TLVP_yNCkTro8g-U.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47864
IP address blocks:        185.217.60.0/24 maxlen: 24
                          2a10:bb00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cf:31:ed:94:92:3a:dd:bd:7f:9c:2b:71:e0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427b5406ecdab8e5b40ddc54bc615ca2a70922f1
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f1cd101c75318e932d53ffc8d0a44eba3c83e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6f:27:ea:ac:34:d4:a3:be:d6:b5:1c:3f:34:
                    8b:2e:f6:dd:58:b0:44:41:ac:98:b9:63:c3:be:c2:
                    40:cd:e1:be:6f:c1:8f:35:d4:66:0f:a1:e1:9f:86:
                    3f:8d:87:9b:01:88:f5:90:27:f5:b1:e1:2e:4c:c4:
                    c7:3b:06:a8:19:cb:bd:e1:19:80:5b:53:57:97:34:
                    84:2d:e0:49:b3:17:75:24:5d:61:70:60:0f:cc:39:
                    15:45:98:6d:4b:0e:3b:47:7e:57:73:fd:65:b4:43:
                    9c:90:20:60:35:a9:a6:5d:f4:7e:d9:e7:0f:60:b8:
                    b6:b1:7d:81:d0:e3:e7:30:48:3f:09:f8:5d:38:42:
                    0e:ec:31:a0:30:50:d8:71:d1:a9:e8:c4:df:e9:c2:
                    10:66:d5:25:60:46:ee:d2:d6:57:dc:16:d8:cb:36:
                    5d:61:ec:53:f4:a5:6a:dc:66:b0:4c:7f:5e:8b:8b:
                    74:f9:d0:24:c1:ce:55:33:0f:08:80:cb:56:d7:80:
                    87:4c:94:cb:fa:10:60:63:af:e2:c9:f4:75:28:6f:
                    22:f6:71:a6:2d:4f:fd:29:0c:04:19:5e:dd:7a:6f:
                    45:4e:37:00:25:71:dc:eb:b3:dd:2d:1f:0a:73:7b:
                    a2:72:a7:e7:50:43:0f:18:9f:57:2e:1f:5d:5d:b9:
                    fb:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F1:CD:10:1C:75:31:8E:93:2D:53:FF:C8:D0:A4:4E:BA:3C:83:E5
            X509v3 Authority Key Identifier:
                keyid:42:7B:54:06:EC:DA:B8:E5:B4:0D:DC:54:BC:61:5C:A2:A7:09:22:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QntUBuzauOW0DdxUvGFcoqcJIvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/AfHNEBx1MY6TLVP_yNCkTro8g-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/278b7d-cf43-4ac2-ad6b-7bc12a62a0d3/1/QntUBuzauOW0DdxUvGFcoqcJIvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.60.0/24
                IPv6:
                  2a10:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:aa:3c:0d:9e:7f:75:1a:3f:50:3a:d2:c2:99:65:53:63:f2:
         61:b6:80:c2:b0:1f:6b:c7:50:a8:93:34:a9:12:f8:76:46:fc:
         fb:0f:b0:7c:5c:a8:8d:93:de:51:d1:ac:a2:88:3f:ce:3c:74:
         a0:45:b3:e0:89:e4:36:b9:4b:57:f5:b9:0f:de:33:eb:e7:3b:
         ba:fc:84:8f:17:ed:05:a5:1c:af:b8:0a:fd:ad:aa:75:f4:a3:
         1c:86:a1:c0:1b:f7:86:e3:2b:fd:92:7c:14:04:d0:6b:03:a5:
         0a:49:39:59:22:0c:78:ad:c1:7d:6e:ab:bb:b4:a1:24:19:d5:
         e6:80:e2:ac:81:76:78:b7:b7:68:7f:90:ad:cb:fa:93:e7:fb:
         77:8c:70:70:f4:03:d4:7d:2e:1d:b8:c0:fb:63:6c:3f:a7:4c:
         c0:91:93:3b:df:98:64:0e:c4:3d:9c:61:26:b7:ad:22:07:59:
         93:8a:70:ef:98:54:3f:dc:16:ae:d2:40:92:f8:62:44:c2:b4:
         70:43:39:b8:5d:90:db:9c:cd:7f:49:8f:c8:76:a5:67:c0:97:
         80:da:87:21:b8:4b:e6:70:2a:e7:51:39:97:d1:17:ee:9d:f2:
         b2:92:4f:ff:b8:1d:18:b2:02:ae:56:33:c9:95:85:8d:72:8e:
         89:2c:3c:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3s8x7ZSSOt29f5wrceD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2I1NDA2ZWNkYWI4ZTViNDBkZGM1NGJjNjE1Y2EyYTcw
OTIyZjEwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWYxY2QxMDFjNzUzMThlOTMyZDUzZmZjOGQwYTQ0ZWJhM2M4M2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG8n6qw01KO+1rUcPzSLLvbdWLBE
QayYuWPDvsJAzeG+b8GPNdRmD6Hhn4Y/jYebAYj1kCf1seEuTMTHOwaoGcu94RmA
W1NXlzSELeBJsxd1JF1hcGAPzDkVRZhtSw47R35Xc/1ltEOckCBgNammXfR+2ecP
YLi2sX2B0OPnMEg/CfhdOEIO7DGgMFDYcdGp6MTf6cIQZtUlYEbu0tZX3BbYyzZd
YexT9KVq3GawTH9ei4t0+dAkwc5VMw8IgMtW14CHTJTL+hBgY6/iyfR1KG8i9nGm
LU/9KQwEGV7dem9FTjcAJXHc67PdLR8Kc3uicqfnUEMPGJ9XLh9dXbn7iQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHxzRAcdTGOky1T/8jQpE66PIPlMB8GA1UdIwQY
MBaAFEJ7VAbs2rjltA3cVLxhXKKnCSLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW50VUJ1emF1T1cwRGR4VXZHRmNvcWNKSXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8yNzhiN2QtY2Y0My00YWMyLWFkNmIt
N2JjMTJhNjJhMGQzLzEvQWZITkVCeDFNWTZUTFZQX3lOQ2tUcm84Zy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8yNzhiN2QtY2Y0My00YWMyLWFkNmItN2JjMTJhNjJhMGQz
LzEvUW50VUJ1emF1T1cwRGR4VXZHRmNvcWNKSXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudk8MA0E
AgACMAcDBQMqELsAMA0GCSqGSIb3DQEBCwUAA4IBAQAPqjwNnn91Gj9QOtLCmWVT
Y/JhtoDCsB9rx1CokzSpEvh2Rvz7D7B8XKiNk95R0ayiiD/OPHSgRbPgieQ2uUtX
9bkP3jPr5zu6/ISPF+0FpRyvuAr9rap19KMchqHAG/eG4yv9knwUBNBrA6UKSTlZ
Igx4rcF9bqu7tKEkGdXmgOKsgXZ4t7dof5Cty/qT5/t3jHBw9APUfS4duMD7Y2w/
p0zAkZM735hkDsQ9nGEmt60iB1mTinDvmFQ/3Bau0kCS+GJEwrRwQzm4XZDbnM1/
SY/IdqVnwJeA2ochuEvmcCrnUTmX0RfunfKykk//uB0YsgKuVjPJlYWNco6JLDxe
-----END CERTIFICATE-----