Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa
File:                     2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa (raw, json)
Hash identifier:          SaiDLWnPftuTeOADZD8dNrQlJ1FqL+O6VgxBP9Pmnng=
Subject key identifier:   D8:1D:C7:1A:37:15:93:55:E1:A3:DC:D3:52:0D:31:BD:85:08:F9:F9
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       018CC726232B01687EE6A9B6D329264FAA70
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa
Signing time:             Mon 01 Jan 2024 22:30:14 +0000
ROA not before:           Mon 01 Jan 2024 22:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        85.208.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:23:2b:01:68:7e:e6:a9:b6:d3:29:26:4f:aa:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Jan  1 22:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d81dc71a37159355e1a3dcd3520d31bd8508f9f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4f:ff:ca:10:83:e5:74:81:f8:25:3d:ac:1a:
                    6d:9a:b9:8e:89:55:bf:f4:b6:6f:b0:3c:b1:3b:55:
                    7f:e4:4b:a0:04:da:05:02:12:43:3f:fb:e3:eb:0e:
                    62:a3:ae:ad:2c:0c:04:27:ea:26:10:87:6e:fc:1e:
                    f7:47:d7:46:2a:01:60:ae:09:94:40:22:37:95:8a:
                    14:88:05:ad:21:e8:32:51:18:63:93:17:a1:36:be:
                    99:7b:e8:de:b2:c4:36:79:76:d1:24:19:73:12:63:
                    f2:ba:01:75:cd:81:ac:af:da:35:ef:0d:37:b0:ac:
                    f0:68:b2:ef:c0:81:55:5a:b4:6d:b8:1d:58:cc:59:
                    19:76:35:2e:e7:d9:27:c4:03:88:7f:8e:63:49:84:
                    01:f5:57:6b:ac:c8:f3:52:fd:39:8c:0f:0a:c7:a4:
                    7b:47:89:c1:42:75:ee:08:9b:78:22:5c:6c:c7:d9:
                    23:b6:e1:a8:8f:2f:23:09:3c:73:59:ad:eb:50:96:
                    3a:8f:1a:2d:a2:5e:55:b8:76:48:36:ea:6c:35:14:
                    8c:1e:c5:a1:21:e5:71:45:78:9d:00:82:0a:99:56:
                    a3:40:e9:15:1d:36:c2:63:f4:0d:54:d2:0c:97:6f:
                    4c:b4:ce:d8:b6:12:86:3f:5c:b5:a6:03:db:8b:fd:
                    6f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1D:C7:1A:37:15:93:55:E1:A3:DC:D3:52:0D:31:BD:85:08:F9:F9
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f2:64:b2:37:28:83:7a:a4:71:e9:48:7f:17:e4:16:b6:2f:
         12:94:3b:b9:ac:93:c9:d7:7e:4f:f6:cb:a9:22:88:0b:fa:1f:
         29:a8:62:5f:bc:46:68:05:db:68:f4:cb:c0:62:16:26:ba:f6:
         9c:f9:60:ac:65:61:67:0e:84:21:4d:30:6d:d8:fe:7c:9d:dd:
         65:53:49:f6:75:c6:6b:fd:2d:46:71:c4:2b:cb:3c:30:5d:90:
         ba:6e:d5:15:67:5d:90:0c:10:78:8b:8a:07:85:be:67:b6:35:
         5e:38:72:ad:18:e1:67:83:24:ae:ca:83:fc:72:b3:a5:6b:92:
         a9:4c:e5:57:fe:81:18:c1:e0:12:41:de:47:c3:dd:41:b6:05:
         76:71:78:a3:51:7c:f7:74:64:ff:aa:1e:60:c8:a1:ea:51:49:
         cb:80:c2:c3:72:a8:0e:61:85:8f:e5:8d:bc:f2:e7:ca:18:1a:
         02:ba:c7:cf:99:c2:66:89:9c:e9:5f:ae:92:4c:05:b6:c4:a2:
         6f:a5:5c:cf:de:c9:8e:17:a5:4a:20:2f:43:db:c9:96:c1:e8:
         86:36:40:cd:f2:c3:d0:d1:22:a8:bb:74:fb:e6:ff:ee:c5:ef:
         37:59:65:36:36:f1:25:ee:58:77:ad:0b:df:23:11:89:5a:d8:
         2f:a5:45:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJiMrAWh+5qm20ykmT6pwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTAxMjIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFkYzcxYTM3MTU5MzU1ZTFhM2RjZDM1MjBkMzFiZDg1MDhmOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0//yhCD5XSB+CU9rBptmrmOiVW/
9LZvsDyxO1V/5EugBNoFAhJDP/vj6w5io66tLAwEJ+omEIdu/B73R9dGKgFgrgmU
QCI3lYoUiAWtIegyURhjkxehNr6Ze+jessQ2eXbRJBlzEmPyugF1zYGsr9o17w03
sKzwaLLvwIFVWrRtuB1YzFkZdjUu59knxAOIf45jSYQB9VdrrMjzUv05jA8Kx6R7
R4nBQnXuCJt4Ilxsx9kjtuGojy8jCTxzWa3rUJY6jxotol5VuHZINupsNRSMHsWh
IeVxRXidAIIKmVajQOkVHTbCY/QNVNIMl29MtM7YthKGP1y1pgPbi/1vrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgdxxo3FZNV4aPc01INMb2FCPn5MB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvMkIzSEdqY1ZrMVhobzl6VFVnMHh2WVVJLWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBUMA0G
CSqGSIb3DQEBCwUAA4IBAQBx8mSyNyiDeqRx6Uh/F+QWti8SlDu5rJPJ135P9sup
IogL+h8pqGJfvEZoBdto9MvAYhYmuvac+WCsZWFnDoQhTTBt2P58nd1lU0n2dcZr
/S1GccQryzwwXZC6btUVZ12QDBB4i4oHhb5ntjVeOHKtGOFngySuyoP8crOla5Kp
TOVX/oEYweASQd5Hw91BtgV2cXijUXz3dGT/qh5gyKHqUUnLgMLDcqgOYYWP5Y28
8ufKGBoCusfPmcJmiZzpX66STAW2xKJvpVzP3smOF6VKIC9D28mWweiGNkDN8sPQ
0SKou3T75v/uxe83WWU2NvEl7lh3rQvfIxGJWtgvpUWt
-----END CERTIFICATE-----