Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/bO872QlBv6SrZTvDSvYjZdEv484.roa
File:                     bO872QlBv6SrZTvDSvYjZdEv484.roa (raw, json)
Hash identifier:          HUh7gJKwip6ylqMCh3AI4lYgmyU7X7sfkwGeJcrTtEU=
Subject key identifier:   6C:EF:3B:D9:09:41:BF:A4:AB:65:3B:C3:4A:F6:23:65:D1:2F:E3:CE
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018D466E254B144556F49EB950F68A21FEB6
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/bO872QlBv6SrZTvDSvYjZdEv484.roa
Signing time:             Fri 26 Jan 2024 15:40:40 +0000
ROA not before:           Fri 26 Jan 2024 15:40:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215712
IP address blocks:        85.254.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:6e:25:4b:14:45:56:f4:9e:b9:50:f6:8a:21:fe:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan 26 15:40:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cef3bd90941bfa4ab653bc34af62365d12fe3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a5:92:1b:8f:ce:a0:e9:71:49:7a:4c:6f:34:
                    6f:b5:b2:4c:8f:f3:ac:6b:50:7e:42:3d:79:db:2f:
                    7b:28:88:91:c4:c0:8c:8f:6b:74:68:bd:27:5d:8d:
                    42:2e:a1:c9:eb:f8:da:11:0c:bf:bd:01:81:93:28:
                    ed:74:4e:cd:de:d8:4d:56:48:72:24:72:64:2a:27:
                    15:40:64:0c:3e:4c:19:91:39:6e:96:af:72:b5:65:
                    a8:de:d4:4f:cd:ee:24:8a:0e:f6:ce:f2:5c:cc:7e:
                    15:8c:b9:5d:87:2c:6e:fb:70:fe:7a:84:27:f0:81:
                    b9:3d:c7:00:3e:84:a9:86:de:54:2b:09:a7:fa:19:
                    da:f4:2d:bd:6c:c5:0a:ab:e2:f0:1f:a9:ef:39:11:
                    74:a1:22:89:09:1f:da:ce:78:dd:dd:8d:bf:e4:11:
                    6d:16:f6:bd:4c:ed:b6:0e:4e:f5:7d:18:51:1a:11:
                    3f:d5:ac:e7:ef:97:50:5e:51:ae:2f:79:57:eb:07:
                    ab:d4:63:25:82:67:a5:57:40:f3:34:8d:3c:11:50:
                    d0:9f:07:e0:b7:8e:2d:e1:c1:e5:20:58:65:8a:c4:
                    7e:a7:73:95:83:9d:ad:15:d9:41:1a:5e:90:dc:36:
                    f0:67:33:75:bb:86:ac:52:de:e9:dd:ad:5b:3f:3c:
                    eb:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EF:3B:D9:09:41:BF:A4:AB:65:3B:C3:4A:F6:23:65:D1:2F:E3:CE
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/bO872QlBv6SrZTvDSvYjZdEv484.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ea:ce:ea:49:68:38:27:69:3a:0a:69:27:e1:db:ce:69:96:
         1f:64:3e:ff:df:6e:cc:9e:94:88:64:3c:df:d8:7e:36:17:2f:
         64:f3:5a:6d:76:bb:c1:26:23:24:2a:2b:ba:bd:89:bf:bc:af:
         5f:c9:51:f9:75:e9:28:fe:e1:c0:a5:ea:18:00:d9:36:06:fe:
         91:4e:3c:f4:0a:78:dc:21:ec:38:0c:78:72:59:d6:23:65:ed:
         40:81:a2:db:70:e8:4d:7b:19:be:ef:d6:80:83:dd:82:78:f0:
         14:8a:77:8e:12:b3:91:35:d9:2b:06:91:6b:04:a3:56:40:65:
         ae:59:7c:45:1f:45:06:da:ef:b9:a8:44:0d:83:ae:d7:53:21:
         e8:b7:01:8f:45:c5:f1:a9:b4:99:91:5f:eb:ff:31:18:55:9a:
         73:20:03:5f:1a:18:57:3b:d0:2c:fd:3c:b3:3b:c7:34:c4:9d:
         0d:c4:6d:11:c1:b2:b0:02:1b:fe:44:e5:86:c0:3e:85:91:ed:
         a7:4f:b1:14:d1:2c:a0:10:2b:0e:97:83:83:26:4f:36:db:64:
         56:8d:3a:c0:db:7e:b7:ef:25:80:e7:30:49:c8:e2:7f:79:f5:
         84:75:71:70:2c:0d:67:29:9b:35:b9:ea:e0:7e:d8:45:9c:bb:
         e1:c4:03:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1GbiVLFEVW9J65UPaKIf62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTI2MTU0MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VmM2JkOTA5NDFiZmE0YWI2NTNiYzM0YWY2MjM2NWQxMmZlM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaWSG4/OoOlxSXpMbzRvtbJMj/Os
a1B+Qj152y97KIiRxMCMj2t0aL0nXY1CLqHJ6/jaEQy/vQGBkyjtdE7N3thNVkhy
JHJkKicVQGQMPkwZkTlulq9ytWWo3tRPze4kig72zvJczH4VjLldhyxu+3D+eoQn
8IG5PccAPoSpht5UKwmn+hna9C29bMUKq+LwH6nvORF0oSKJCR/aznjd3Y2/5BFt
Fva9TO22Dk71fRhRGhE/1azn75dQXlGuL3lX6wer1GMlgmelV0DzNI08EVDQnwfg
t44t4cHlIFhlisR+p3OVg52tFdlBGl6Q3DbwZzN1u4asUt7p3a1bPzzr5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzvO9kJQb+kq2U7w0r2I2XRL+POMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvYk84NzJRbEJ2NlNyWlR2RFN2WWpaZEV2NDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVf5/MA0G
CSqGSIb3DQEBCwUAA4IBAQCX6s7qSWg4J2k6Cmkn4dvOaZYfZD7/327MnpSIZDzf
2H42Fy9k81ptdrvBJiMkKiu6vYm/vK9fyVH5deko/uHApeoYANk2Bv6RTjz0Cnjc
Iew4DHhyWdYjZe1AgaLbcOhNexm+79aAg92CePAUineOErORNdkrBpFrBKNWQGWu
WXxFH0UG2u+5qEQNg67XUyHotwGPRcXxqbSZkV/r/zEYVZpzIANfGhhXO9As/Tyz
O8c0xJ0NxG0RwbKwAhv+ROWGwD6Fke2nT7EU0SygECsOl4ODJk8222RWjTrA2363
7yWA5zBJyOJ/efWEdXFwLA1nKZs1uergfthFnLvhxAOj
-----END CERTIFICATE-----