Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1vnTKHqU7AYEN1PflYKwjmpJbO8.roa
File:                     1vnTKHqU7AYEN1PflYKwjmpJbO8.roa (raw, json)
Hash identifier:          vqA28yP5joj8hHI9ay+XY7LpL7laDt0EGVa5Rim+GEM=
Subject key identifier:   D6:F9:D3:28:7A:94:EC:06:04:37:53:DF:95:82:B0:8E:6A:49:6C:EF
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80134B2808EEB97C54D3E27360F2521
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1vnTKHqU7AYEN1PflYKwjmpJbO8.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202589
IP address blocks:        85.254.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:b2:80:8e:eb:97:c5:4d:3e:27:36:0f:25:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6f9d3287a94ec06043753df9582b08e6a496cef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1f:11:74:4e:40:56:8d:1c:d0:bd:54:4d:38:
                    c3:40:45:5e:69:a6:8a:b2:ea:da:d4:b2:a0:b9:28:
                    a7:d8:b1:39:05:e9:2f:7e:fe:cc:d0:51:a1:40:c4:
                    f3:f2:2d:1e:2c:e2:13:8a:7b:af:30:b3:58:da:88:
                    20:f0:5e:b4:56:0e:1e:fa:f2:f7:0c:18:70:27:1a:
                    32:52:b4:e6:59:27:a4:13:c7:88:39:42:d1:c4:9a:
                    fe:ca:19:83:dc:65:77:4d:b0:aa:e7:33:33:59:37:
                    b8:e3:4d:33:bf:d1:73:35:06:59:aa:97:00:75:37:
                    89:75:42:ca:56:0e:98:7b:73:d5:ca:12:19:bc:3a:
                    b8:a8:a4:b0:83:ee:78:81:00:c2:8f:d8:a9:17:4b:
                    a8:63:ce:bf:d5:99:de:e3:80:6a:1b:9c:2b:07:78:
                    93:f8:38:72:69:80:70:29:bc:23:5b:88:c7:7e:71:
                    cb:7f:31:aa:99:b9:f0:c1:f7:2d:88:a6:21:35:b4:
                    cb:79:f9:4d:40:b9:0f:e3:98:0d:97:de:74:5b:a7:
                    af:9e:70:d7:65:02:2f:13:1e:e5:1f:60:b7:db:d1:
                    b3:26:0d:43:79:b7:49:f4:98:7f:cb:68:9c:10:db:
                    ec:6c:fa:a3:fa:f0:0a:5c:f1:53:ae:57:44:0b:a9:
                    8d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:F9:D3:28:7A:94:EC:06:04:37:53:DF:95:82:B0:8E:6A:49:6C:EF
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1vnTKHqU7AYEN1PflYKwjmpJbO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:2f:db:60:50:5a:1c:5c:fa:ce:f8:1e:2b:41:eb:77:54:1c:
         6b:b6:2a:df:21:57:2e:b8:45:77:3b:24:2e:2a:cb:f7:39:9a:
         c4:b3:49:42:97:b7:be:f0:6f:21:63:d1:f6:67:0b:34:39:09:
         1d:b0:a8:23:6a:65:11:fb:f9:49:5b:59:ad:64:68:0b:17:70:
         86:99:dd:3b:d3:fe:b4:78:b2:89:b5:9b:dc:bd:9d:1f:8e:5d:
         e9:1e:62:61:b6:76:c8:4d:9d:53:92:83:a4:0e:93:42:1b:eb:
         75:f3:22:57:76:66:2a:aa:91:5a:81:a5:05:7e:e4:a0:88:62:
         cf:fc:ea:16:8a:48:3b:28:19:64:7d:9a:d9:6b:fe:81:01:9a:
         37:78:c6:31:dc:6f:9f:8e:5b:78:bf:bb:1e:a3:9a:e8:61:5a:
         7a:21:99:f0:19:6c:2e:28:30:07:9b:cf:a0:a7:56:57:ef:d7:
         18:81:36:01:97:54:fd:45:f5:1b:2f:ae:f3:e6:4c:b3:03:74:
         09:86:b1:c0:07:ef:d8:d6:12:30:33:c6:6c:04:71:1f:e4:d4:
         49:d9:f1:d4:9c:53:9a:7c:40:4b:81:3f:3a:e9:20:76:17:59:
         4b:ff:dd:01:b3:b7:6d:61:eb:aa:2a:c1:74:e0:a6:81:5c:5e:
         8d:04:81:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATSygI7rl8VNPic2DyUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmY5ZDMyODdhOTRlYzA2MDQzNzUzZGY5NTgyYjA4ZTZhNDk2Y2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhR8RdE5AVo0c0L1UTTjDQEVeaaaK
sura1LKguSin2LE5Bekvfv7M0FGhQMTz8i0eLOITinuvMLNY2ogg8F60Vg4e+vL3
DBhwJxoyUrTmWSekE8eIOULRxJr+yhmD3GV3TbCq5zMzWTe4400zv9FzNQZZqpcA
dTeJdULKVg6Ye3PVyhIZvDq4qKSwg+54gQDCj9ipF0uoY86/1Zne44BqG5wrB3iT
+DhyaYBwKbwjW4jHfnHLfzGqmbnwwfctiKYhNbTLeflNQLkP45gNl950W6evnnDX
ZQIvEx7lH2C329GzJg1DebdJ9Jh/y2icENvsbPqj+vAKXPFTrldEC6mNmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNb50yh6lOwGBDdT35WCsI5qSWzvMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvMXZuVEtIcVU3QVlFTjFQZmxZS3dqbXBKYk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVf46MA0G
CSqGSIb3DQEBCwUAA4IBAQCYL9tgUFocXPrO+B4rQet3VBxrtirfIVcuuEV3OyQu
Ksv3OZrEs0lCl7e+8G8hY9H2Zws0OQkdsKgjamUR+/lJW1mtZGgLF3CGmd070/60
eLKJtZvcvZ0fjl3pHmJhtnbITZ1TkoOkDpNCG+t18yJXdmYqqpFagaUFfuSgiGLP
/OoWikg7KBlkfZrZa/6BAZo3eMYx3G+fjlt4v7seo5roYVp6IZnwGWwuKDAHm8+g
p1ZX79cYgTYBl1T9RfUbL67z5kyzA3QJhrHAB+/Y1hIwM8ZsBHEf5NRJ2fHUnFOa
fEBLgT866SB2F1lL/90Bs7dtYeuqKsF04KaBXF6NBIH7
-----END CERTIFICATE-----