Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/DnXZnG6dbV8hX1ypgelURh4VOU0.roa
File:                     DnXZnG6dbV8hX1ypgelURh4VOU0.roa (raw, json)
Hash identifier:          q0eVpiT5VIpCxan+ZryeRWbPQ27Kvtez3YL4EVVcKLo=
Subject key identifier:   0E:75:D9:9C:6E:9D:6D:5F:21:5F:5C:A9:81:E9:54:46:1E:15:39:4D
Certificate issuer:       /CN=8afc31f36c97777f906b93e83ae657f00aeb3099
Certificate serial:       018CC492FB4B5FE05D1881FBD9312CB1A934
Authority key identifier: 8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/DnXZnG6dbV8hX1ypgelURh4VOU0.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47232
IP address blocks:        185.214.192.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fb:4b:5f:e0:5d:18:81:fb:d9:31:2c:b1:a9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afc31f36c97777f906b93e83ae657f00aeb3099
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e75d99c6e9d6d5f215f5ca981e954461e15394d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:84:1c:a8:33:1f:0c:ac:17:ad:35:39:d7:95:
                    46:0b:fe:c7:7b:9d:ba:5a:de:f2:b6:57:2f:24:a1:
                    0b:b4:9e:02:7d:72:fe:89:aa:12:52:a6:18:8c:a3:
                    9c:f7:4b:8a:59:98:f8:20:0b:03:eb:d9:fb:a9:08:
                    d7:b7:fc:32:24:28:7a:6c:88:eb:c3:7b:b4:77:e3:
                    7f:09:65:30:95:39:2c:06:dc:e8:21:82:27:fe:df:
                    23:68:b1:61:f6:a4:06:26:74:7a:a5:ca:b2:bc:4d:
                    56:dc:56:82:05:d6:81:54:48:d0:6e:d2:84:c0:00:
                    7e:31:de:da:fa:ec:f1:2e:d7:b4:9b:47:53:ca:70:
                    f3:03:1b:33:11:80:ad:ab:41:e5:68:cb:3e:cc:e9:
                    3f:4b:23:cb:d2:1d:e8:21:03:6f:06:3c:68:cc:9b:
                    44:2c:bb:6a:6f:99:f5:fa:68:a6:32:a2:84:f7:88:
                    dc:76:45:79:7a:ad:43:81:59:68:3c:9d:e3:e4:22:
                    cb:01:8c:93:ed:ce:0b:c7:32:bc:eb:97:ad:a1:a1:
                    86:c9:4e:9e:32:cf:17:12:7b:a3:ed:f8:af:18:b5:
                    44:46:2b:1c:7b:70:fe:69:dc:5e:3a:63:6c:c8:1a:
                    7a:92:3b:a2:4f:dc:dc:18:1d:47:2e:82:93:07:f6:
                    88:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:75:D9:9C:6E:9D:6D:5F:21:5F:5C:A9:81:E9:54:46:1E:15:39:4D
            X509v3 Authority Key Identifier:
                keyid:8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/DnXZnG6dbV8hX1ypgelURh4VOU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:04:91:5a:a6:d1:60:c1:10:c6:b3:db:d3:5f:18:70:08:5b:
         bf:49:a0:35:76:6d:2a:c7:f7:4f:e7:ce:db:26:84:08:1e:42:
         45:fc:d8:0b:b4:d1:cd:81:b4:09:02:a7:24:2b:24:77:5a:27:
         da:d1:04:06:1e:1d:2d:e8:bf:48:73:6f:57:7f:d6:35:e3:e9:
         b2:71:cc:a9:4a:81:25:78:1e:0c:c1:f0:61:a8:37:1f:23:2a:
         5f:c8:b5:6d:eb:51:87:91:a2:b9:6c:74:84:2c:fb:97:e9:47:
         89:19:3c:1a:e8:07:d3:56:39:67:92:6a:fb:f1:98:ff:84:4c:
         2d:5f:39:cd:49:3c:4e:a6:a4:f4:21:20:5d:61:fa:b2:54:2a:
         59:0c:d3:c6:e0:8a:23:0b:9a:ab:c7:73:c8:5c:b4:e7:93:9a:
         18:fe:79:2c:8d:64:23:34:0d:49:fd:40:71:a1:7b:a6:ba:0a:
         17:30:ea:ae:0a:18:b9:26:73:62:79:f6:0e:2a:5b:73:bf:ee:
         51:15:e4:11:a0:9b:5d:8c:f2:82:1b:85:64:a2:da:9b:a2:9e:
         9c:bd:dc:d0:bc:17:c0:53:eb:97:97:e8:77:1a:bd:57:7f:da:
         85:c1:c5:4d:0f:a9:f0:de:9c:1f:0d:2d:1e:c8:ac:4d:3e:99:
         ad:5a:65:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvtLX+BdGIH72TEssak0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmMzMWYzNmM5Nzc3N2Y5MDZiOTNlODNhZTY1N2YwMGFl
YjMwOTkwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTc1ZDk5YzZlOWQ2ZDVmMjE1ZjVjYTk4MWU5NTQ0NjFlMTUzOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24QcqDMfDKwXrTU515VGC/7He526
Wt7ytlcvJKELtJ4CfXL+iaoSUqYYjKOc90uKWZj4IAsD69n7qQjXt/wyJCh6bIjr
w3u0d+N/CWUwlTksBtzoIYIn/t8jaLFh9qQGJnR6pcqyvE1W3FaCBdaBVEjQbtKE
wAB+Md7a+uzxLte0m0dTynDzAxszEYCtq0HlaMs+zOk/SyPL0h3oIQNvBjxozJtE
LLtqb5n1+mimMqKE94jcdkV5eq1DgVloPJ3j5CLLAYyT7c4LxzK865etoaGGyU6e
Ms8XEnuj7fivGLVERisce3D+adxeOmNsyBp6kjuiT9zcGB1HLoKTB/aI0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA512ZxunW1fIV9cqYHpVEYeFTlNMB8GA1UdIwQY
MBaAFIr8MfNsl3d/kGuT6DrmV/AK6zCZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQt
MDcxMTY5NDAwMGEwLzEvRG5YWm5HNmRiVjhoWDF5cGdlbFVSaDRWT1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQtMDcxMTY5NDAwMGEw
LzEvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudbAMA0G
CSqGSIb3DQEBCwUAA4IBAQAlBJFaptFgwRDGs9vTXxhwCFu/SaA1dm0qx/dP587b
JoQIHkJF/NgLtNHNgbQJAqckKyR3Wifa0QQGHh0t6L9Ic29Xf9Y14+myccypSoEl
eB4MwfBhqDcfIypfyLVt61GHkaK5bHSELPuX6UeJGTwa6AfTVjlnkmr78Zj/hEwt
XznNSTxOpqT0ISBdYfqyVCpZDNPG4IojC5qrx3PIXLTnk5oY/nksjWQjNA1J/UBx
oXumugoXMOquChi5JnNiefYOKltzv+5RFeQRoJtdjPKCG4Vkotqbop6cvdzQvBfA
U+uXl+h3Gr1Xf9qFwcVND6nw3pwfDS0eyKxNPpmtWmWV
-----END CERTIFICATE-----