Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/skeril8qfxzgrJNqskWPEDGlidc.roa
File:                     skeril8qfxzgrJNqskWPEDGlidc.roa (raw, json)
Hash identifier:          XETfuvMg2YmRCSb2JIbTWEuNe8C1mhJfgJDgeYdVpkA=
Subject key identifier:   B2:47:AB:8A:5F:2A:7F:1C:E0:AC:93:6A:B2:45:8F:10:31:A5:89:D7
Certificate issuer:       /CN=415a412127b514f6455ec8a86e29d38eb0abb5ac
Certificate serial:       018CC6B7CBA6F9177D84C9B010D52BFAA1FB
Authority key identifier: 41:5A:41:21:27:B5:14:F6:45:5E:C8:A8:6E:29:D3:8E:B0:AB:B5:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/skeril8qfxzgrJNqskWPEDGlidc.roa
Signing time:             Mon 01 Jan 2024 20:29:43 +0000
ROA not before:           Mon 01 Jan 2024 20:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20545
IP address blocks:        185.212.252.0/22 maxlen: 22
                          217.147.224.0/20 maxlen: 24
                          109.205.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:cb:a6:f9:17:7d:84:c9:b0:10:d5:2b:fa:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=415a412127b514f6455ec8a86e29d38eb0abb5ac
        Validity
            Not Before: Jan  1 20:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b247ab8a5f2a7f1ce0ac936ab2458f1031a589d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:90:18:aa:ab:0b:b9:12:cc:85:38:b4:93:1b:
                    b7:1f:d2:8a:f2:44:88:f1:b9:bf:ee:bd:2a:6a:f5:
                    7d:60:6e:70:19:9f:4e:d8:cc:e3:2b:1f:f2:18:a4:
                    07:40:bf:42:bb:75:49:25:ee:d5:16:ea:73:a8:23:
                    26:30:9f:fa:23:48:2f:c1:11:8d:66:46:77:dd:cc:
                    a6:ce:32:ed:48:10:1e:74:1f:f7:0b:7d:bc:4b:c2:
                    64:2e:b9:c7:8f:c5:15:8e:24:b6:54:c7:ca:6c:09:
                    8b:a1:e2:2a:01:86:bf:3e:b1:64:27:5e:15:4a:ad:
                    a6:55:8d:76:80:55:8e:a5:b0:85:63:95:08:8f:42:
                    b4:83:c1:30:b3:c7:9f:24:20:fd:5f:0f:48:83:6a:
                    2b:e1:ec:f9:fe:ee:00:d4:e3:81:44:2b:90:0b:51:
                    3d:5c:a0:97:f8:eb:3e:b7:78:bc:2e:04:3d:9d:67:
                    41:c3:74:2c:89:e7:a9:d1:4d:ce:ea:13:43:c7:4d:
                    9f:8f:26:2d:ea:3e:e3:f7:ca:1a:32:d0:37:08:19:
                    8a:dd:c1:d1:84:8f:df:32:53:32:be:47:df:74:f8:
                    05:2c:1e:64:c6:6b:0c:4b:a9:d8:29:ab:88:4c:e6:
                    a1:c6:a5:4e:22:8b:c3:c4:87:c5:9b:9b:8e:11:4b:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:47:AB:8A:5F:2A:7F:1C:E0:AC:93:6A:B2:45:8F:10:31:A5:89:D7
            X509v3 Authority Key Identifier:
                keyid:41:5A:41:21:27:B5:14:F6:45:5E:C8:A8:6E:29:D3:8E:B0:AB:B5:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVpBISe1FPZFXsiobinTjrCrtaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/skeril8qfxzgrJNqskWPEDGlidc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b8c7ba-92fa-4b73-a924-3d33e5414d9b/1/QVpBISe1FPZFXsiobinTjrCrtaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.40.0/21
                  185.212.252.0/22
                  217.147.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0d:44:cb:07:75:80:e2:6a:00:6a:63:9c:8b:d6:76:b7:f0:f3:
         de:a1:dc:e6:5d:f6:e3:dd:8a:9a:ee:65:b6:a7:5e:42:2e:0e:
         03:1c:06:d6:f9:b8:1d:d9:4e:e8:fe:ee:10:b8:fc:cb:d2:af:
         57:e1:4c:c3:cd:db:19:b9:f3:ad:26:e8:00:b3:e3:d8:b9:70:
         20:77:d3:c4:79:f5:38:d8:f4:35:c8:9b:ff:9a:3c:51:24:47:
         e0:b2:7b:01:6b:87:5d:64:4d:71:69:4f:82:7f:3d:84:c8:ac:
         1f:f9:17:5a:b4:b0:1a:46:2e:7c:f4:51:23:be:7d:d2:85:a4:
         23:01:cb:d6:35:9b:cf:21:e6:e8:af:46:4d:6c:ee:0d:39:cf:
         4a:e8:d0:d5:8e:b7:38:4d:0e:cf:96:37:58:0c:4a:69:33:41:
         1c:d7:d4:48:0d:88:25:29:12:b3:ac:d4:3b:f0:d4:0a:35:ae:
         58:1c:12:38:4d:d2:11:07:1d:a7:cf:bd:a6:20:bf:14:36:ab:
         84:f2:cb:69:6b:b5:e7:7e:43:62:79:53:25:57:ff:2d:b3:89:
         08:64:42:fc:42:56:d8:26:d7:a5:9c:47:b5:f7:cb:73:af:c6:
         24:d9:05:b6:d9:4d:8e:f2:6d:4b:5b:14:4e:87:b3:bb:a9:d4:
         72:c8:af:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGt8um+Rd9hMmwENUr+qH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNWE0MTIxMjdiNTE0ZjY0NTVlYzhhODZlMjlkMzhlYjBh
YmI1YWMwHhcNMjQwMTAxMjAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjQ3YWI4YTVmMmE3ZjFjZTBhYzkzNmFiMjQ1OGYxMDMxYTU4OWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5AYqqsLuRLMhTi0kxu3H9KK8kSI
8bm/7r0qavV9YG5wGZ9O2MzjKx/yGKQHQL9Cu3VJJe7VFupzqCMmMJ/6I0gvwRGN
ZkZ33cymzjLtSBAedB/3C328S8JkLrnHj8UVjiS2VMfKbAmLoeIqAYa/PrFkJ14V
Sq2mVY12gFWOpbCFY5UIj0K0g8Ews8efJCD9Xw9Ig2or4ez5/u4A1OOBRCuQC1E9
XKCX+Os+t3i8LgQ9nWdBw3Qsieep0U3O6hNDx02fjyYt6j7j98oaMtA3CBmK3cHR
hI/fMlMyvkffdPgFLB5kxmsMS6nYKauITOahxqVOIovDxIfFm5uOEUthQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLJHq4pfKn8c4KyTarJFjxAxpYnXMB8GA1UdIwQY
MBaAFEFaQSEntRT2RV7IqG4p046wq7WsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZwQklTZTFGUFpGWHNpb2JpblRqckNydGF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iOGM3YmEtOTJmYS00YjczLWE5MjQt
M2QzM2U1NDE0ZDliLzEvc2tlcmlsOHFmeHpnckpOcXNrV1BFREdsaWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iOGM3YmEtOTJmYS00YjczLWE5MjQtM2QzM2U1NDE0ZDli
LzEvUVZwQklTZTFGUFpGWHNpb2JpblRqckNydGF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDbc0oAwQC
udT8AwQE2ZPgMA0GCSqGSIb3DQEBCwUAA4IBAQANRMsHdYDiagBqY5yL1na38PPe
odzmXfbj3Yqa7mW2p15CLg4DHAbW+bgd2U7o/u4QuPzL0q9X4UzDzdsZufOtJugA
s+PYuXAgd9PEefU42PQ1yJv/mjxRJEfgsnsBa4ddZE1xaU+Cfz2EyKwf+RdatLAa
Ri589FEjvn3ShaQjAcvWNZvPIebor0ZNbO4NOc9K6NDVjrc4TQ7PljdYDEppM0Ec
19RIDYglKRKzrNQ78NQKNa5YHBI4TdIRBx2nz72mIL8UNquE8stpa7XnfkNieVMl
V/8ts4kIZEL8QlbYJtelnEe198tzr8Yk2QW22U2O8m1LWxROh7O7qdRyyK/a
-----END CERTIFICATE-----