Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/V-egEL-e5Qt2X3uLrylhIt81zcU.roa
File:                     V-egEL-e5Qt2X3uLrylhIt81zcU.roa (raw, json)
Hash identifier:          2cUJGNWl9y3cpo/6ZPOX4gBqR17NLjq0JYIRqG94PYQ=
Subject key identifier:   57:E7:A0:10:BF:9E:E5:0B:76:5F:7B:8B:AF:29:61:22:DF:35:CD:C5
Certificate issuer:       /CN=1f0c8d80c3a34275f03e28ed79864cee26948dc7
Certificate serial:       018CC6B846F3E9C8CCB8B906D3B66616B475
Authority key identifier: 1F:0C:8D:80:C3:A3:42:75:F0:3E:28:ED:79:86:4C:EE:26:94:8D:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HwyNgMOjQnXwPijteYZM7iaUjcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/V-egEL-e5Qt2X3uLrylhIt81zcU.roa
Signing time:             Mon 01 Jan 2024 20:30:14 +0000
ROA not before:           Mon 01 Jan 2024 20:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207367
IP address blocks:        185.65.142.0/24 maxlen: 24
                          2a10:300::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/HwyNgMOjQnXwPijteYZM7iaUjcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/HwyNgMOjQnXwPijteYZM7iaUjcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HwyNgMOjQnXwPijteYZM7iaUjcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:46:f3:e9:c8:cc:b8:b9:06:d3:b6:66:16:b4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f0c8d80c3a34275f03e28ed79864cee26948dc7
        Validity
            Not Before: Jan  1 20:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e7a010bf9ee50b765f7b8baf296122df35cdc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:41:c8:a1:d6:09:f9:44:cc:f5:de:21:fa:69:
                    1f:be:7e:67:b7:6c:4e:2a:9b:6a:21:b6:13:d9:b3:
                    0d:bd:9d:65:1c:41:2e:51:c2:e8:99:8f:46:b2:72:
                    df:39:d6:54:1a:c1:2b:ef:b3:52:b2:b3:8a:a3:4d:
                    5a:c9:eb:5a:f9:b5:2a:48:20:bd:f4:ff:b5:5a:55:
                    4f:74:a4:5b:34:9c:e3:95:bf:00:43:88:17:18:65:
                    8f:70:b5:dc:66:3b:88:20:89:35:21:86:aa:74:1b:
                    36:b1:e7:db:42:08:8d:78:c2:0a:f0:f8:1a:c1:66:
                    58:27:18:c0:5c:04:c0:dd:92:45:ff:4a:13:a3:86:
                    b6:50:74:04:c0:ae:e1:83:fc:e1:52:2b:34:ce:5b:
                    6c:b4:a6:e5:12:d8:d7:e9:a1:81:3d:38:a6:4d:1b:
                    b0:4a:87:54:1c:40:28:63:07:8c:fe:8b:f3:c7:d8:
                    9f:6a:16:50:87:9d:c1:d3:8e:31:ef:18:61:9a:04:
                    b4:02:a7:94:a1:77:00:be:6e:df:10:c1:50:a9:60:
                    93:bc:9e:f6:1b:19:8b:44:3d:d2:b0:bb:b2:69:0d:
                    be:ff:c6:83:c8:3c:98:5d:e1:6d:05:01:d9:8f:11:
                    a6:64:a6:77:aa:38:16:05:b0:21:06:03:3c:43:3a:
                    f3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E7:A0:10:BF:9E:E5:0B:76:5F:7B:8B:AF:29:61:22:DF:35:CD:C5
            X509v3 Authority Key Identifier:
                keyid:1F:0C:8D:80:C3:A3:42:75:F0:3E:28:ED:79:86:4C:EE:26:94:8D:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwyNgMOjQnXwPijteYZM7iaUjcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/V-egEL-e5Qt2X3uLrylhIt81zcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7d8a42-7e82-4d18-8a3c-f543b9185932/1/HwyNgMOjQnXwPijteYZM7iaUjcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.142.0/24
                IPv6:
                  2a10:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:d4:d1:c7:d1:ec:73:a7:ea:bc:04:20:70:a2:50:7c:1c:28:
         7f:3c:1c:52:52:99:5e:03:7b:ff:f5:f9:c0:05:76:2b:6e:04:
         e5:5a:30:e3:39:fc:f6:2d:8c:ec:f9:17:31:1a:4f:da:5a:83:
         13:94:dd:3f:7c:08:61:2a:4f:f8:5c:6d:70:a4:33:13:3f:1f:
         9c:76:9c:4a:87:8c:dc:77:12:bb:87:2b:2f:92:ea:3f:23:af:
         7f:48:0f:9b:de:a4:2d:52:bf:c1:8e:8c:94:e7:bb:cc:3e:5c:
         18:80:26:61:e8:ad:d2:8f:e2:02:ff:55:90:d9:f1:8d:a5:3f:
         f4:34:9d:06:09:bd:ee:59:ab:5f:43:12:72:6d:06:24:49:49:
         3b:17:4f:5a:3b:ed:63:1d:23:60:ef:bd:db:dc:80:35:88:96:
         53:12:0a:5f:27:ff:ed:ed:bf:b3:04:95:7e:0f:4f:33:c3:1e:
         b7:5a:ca:91:bc:b9:c6:86:9b:7c:15:e6:fa:41:20:1a:09:a6:
         5c:28:99:a1:f3:7e:33:88:4b:b5:b7:de:2e:47:c1:17:7e:c4:
         69:df:63:94:11:63:9d:37:70:b6:4b:15:d2:36:e9:a7:47:20:
         3b:61:e5:8e:db:c0:48:09:3c:97:00:35:d4:24:85:22:59:d3:
         20:ba:fb:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuEbz6cjMuLkG07ZmFrR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMGM4ZDgwYzNhMzQyNzVmMDNlMjhlZDc5ODY0Y2VlMjY5
NDhkYzcwHhcNMjQwMTAxMjAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2U3YTAxMGJmOWVlNTBiNzY1ZjdiOGJhZjI5NjEyMmRmMzVjZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEHIodYJ+UTM9d4h+mkfvn5nt2xO
KptqIbYT2bMNvZ1lHEEuUcLomY9GsnLfOdZUGsEr77NSsrOKo01ayeta+bUqSCC9
9P+1WlVPdKRbNJzjlb8AQ4gXGGWPcLXcZjuIIIk1IYaqdBs2sefbQgiNeMIK8Pga
wWZYJxjAXATA3ZJF/0oTo4a2UHQEwK7hg/zhUis0zltstKblEtjX6aGBPTimTRuw
SodUHEAoYweM/ovzx9ifahZQh53B044x7xhhmgS0AqeUoXcAvm7fEMFQqWCTvJ72
GxmLRD3SsLuyaQ2+/8aDyDyYXeFtBQHZjxGmZKZ3qjgWBbAhBgM8Qzrz5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFfnoBC/nuULdl97i68pYSLfNc3FMB8GA1UdIwQY
MBaAFB8MjYDDo0J18D4o7XmGTO4mlI3HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHd5TmdNT2pRblh3UGlqdGVZWk03aWFVamNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC83ZDhhNDItN2U4Mi00ZDE4LThhM2Mt
ZjU0M2I5MTg1OTMyLzEvVi1lZ0VMLWU1UXQyWDN1THJ5bGhJdDgxemNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC83ZDhhNDItN2U4Mi00ZDE4LThhM2MtZjU0M2I5MTg1OTMy
LzEvSHd5TmdNT2pRblh3UGlqdGVZWk03aWFVamNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUGOMA0E
AgACMAcDBQMqEAMAMA0GCSqGSIb3DQEBCwUAA4IBAQBg1NHH0exzp+q8BCBwolB8
HCh/PBxSUpleA3v/9fnABXYrbgTlWjDjOfz2LYzs+RcxGk/aWoMTlN0/fAhhKk/4
XG1wpDMTPx+cdpxKh4zcdxK7hysvkuo/I69/SA+b3qQtUr/BjoyU57vMPlwYgCZh
6K3Sj+IC/1WQ2fGNpT/0NJ0GCb3uWatfQxJybQYkSUk7F09aO+1jHSNg773b3IA1
iJZTEgpfJ//t7b+zBJV+D08zwx63WsqRvLnGhpt8Feb6QSAaCaZcKJmh834ziEu1
t94uR8EXfsRp32OUEWOdN3C2SxXSNumnRyA7YeWO28BICTyXADXUJIUiWdMguvsK
-----END CERTIFICATE-----