Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/_soj7vmBNOPRBIFGr-eNrEKyyYQ.roa
File:                     _soj7vmBNOPRBIFGr-eNrEKyyYQ.roa (raw, json)
Hash identifier:          qoBvN8sToEkEuN5s+clsiY0tb2yoVkxGZQFO9ejqpVQ=
Subject key identifier:   FE:CA:23:EE:F9:81:34:E3:D1:04:81:46:AF:E7:8D:AC:42:B2:C9:84
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       018CC64ACD48580832C14B57B87DE74CFA1C
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/_soj7vmBNOPRBIFGr-eNrEKyyYQ.roa
Signing time:             Mon 01 Jan 2024 18:30:40 +0000
ROA not before:           Mon 01 Jan 2024 18:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60750
IP address blocks:        185.26.109.0/24 maxlen: 24
                          185.26.108.0/24 maxlen: 24
                          185.26.108.0/22 maxlen: 24
                          2a00:8760::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:cd:48:58:08:32:c1:4b:57:b8:7d:e7:4c:fa:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 18:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=feca23eef98134e3d1048146afe78dac42b2c984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1f:28:31:f2:5a:3a:32:c3:65:dc:1c:a0:c0:
                    75:60:18:4e:ab:89:0c:4b:a5:73:e7:1e:4e:e6:8d:
                    85:48:a8:e2:64:55:97:6b:8d:56:0a:af:f2:e2:6b:
                    14:4a:17:88:c2:27:d8:6c:54:88:51:a0:a6:d4:87:
                    35:6c:07:bc:36:c2:22:88:fb:a5:4f:1f:81:47:05:
                    7c:5a:01:d5:91:e9:1e:58:37:6e:b8:11:2b:0e:5d:
                    a4:bb:90:33:b0:5d:83:97:c3:85:9f:7c:04:36:c6:
                    57:57:42:22:6a:34:b7:d9:c2:5e:23:55:0e:2c:fe:
                    b8:51:7c:16:37:b9:e5:a6:ca:80:35:58:53:91:78:
                    b0:84:94:99:56:9b:06:5b:d4:7a:1d:b2:d6:f3:6f:
                    3f:32:a0:9e:d9:1e:36:ed:7a:64:17:26:1b:5c:9d:
                    7c:9d:a6:85:4c:c5:95:a0:66:6b:31:e0:10:83:30:
                    c5:04:1a:6e:80:a4:01:51:0e:32:46:e4:ee:c2:38:
                    d4:07:be:cd:4d:55:de:0a:9f:8c:9b:11:73:93:45:
                    51:df:40:f7:a3:6f:ee:09:f4:e3:0c:f8:e0:62:1b:
                    2e:cb:8a:71:68:65:75:ef:65:0c:2c:88:66:81:07:
                    ce:32:94:bf:93:a8:b7:3a:ac:5a:61:ca:03:09:54:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:CA:23:EE:F9:81:34:E3:D1:04:81:46:AF:E7:8D:AC:42:B2:C9:84
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/_soj7vmBNOPRBIFGr-eNrEKyyYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.108.0/22
                IPv6:
                  2a00:8760::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:0e:90:72:58:f7:bb:09:a1:5d:b6:65:82:fa:ee:71:52:18:
         df:9b:f4:0f:d9:ba:5e:ac:59:7d:0b:61:e5:e5:d4:61:d6:c4:
         79:a5:cf:4b:b6:78:04:fb:d3:ea:cc:44:c0:71:68:17:d5:d3:
         da:16:a5:04:61:3d:f1:42:51:a0:90:d3:b3:46:61:f3:12:19:
         1f:39:79:05:21:66:7a:2b:87:93:04:21:c3:77:d9:6e:1b:9f:
         a6:9e:2b:40:38:24:18:de:15:d4:c3:c2:49:d6:f4:2e:44:30:
         fe:8b:29:94:ea:83:6a:62:3a:ad:3f:97:b4:88:ed:80:9e:38:
         51:cb:28:25:63:87:12:9d:ce:b2:4e:60:c1:3f:37:87:e2:db:
         f3:ce:62:f2:b1:20:7d:4f:33:db:d5:35:4e:2a:87:94:9c:72:
         d3:4f:8a:ea:e9:15:fe:40:7f:ed:f5:a5:be:9b:3d:43:ba:ec:
         54:b6:a8:19:80:c2:80:f1:6c:2e:ca:bd:c2:97:11:4f:c1:d7:
         a6:cb:9f:c7:82:3a:f2:18:89:e9:78:af:08:c0:50:74:f2:d6:
         ab:d0:f6:21:dc:9b:8c:6d:83:c3:f4:fc:e9:2d:9e:ef:ec:ee:
         fc:06:cc:cb:c2:ce:17:f1:0e:1a:84:a4:49:45:94:29:18:14:
         88:33:51:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSs1IWAgywUtXuH3nTPocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjQwMTAxMTgzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWNhMjNlZWY5ODEzNGUzZDEwNDgxNDZhZmU3OGRhYzQyYjJjOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR8oMfJaOjLDZdwcoMB1YBhOq4kM
S6Vz5x5O5o2FSKjiZFWXa41WCq/y4msUSheIwifYbFSIUaCm1Ic1bAe8NsIiiPul
Tx+BRwV8WgHVkekeWDduuBErDl2ku5AzsF2Dl8OFn3wENsZXV0IiajS32cJeI1UO
LP64UXwWN7nlpsqANVhTkXiwhJSZVpsGW9R6HbLW828/MqCe2R427XpkFyYbXJ18
naaFTMWVoGZrMeAQgzDFBBpugKQBUQ4yRuTuwjjUB77NTVXeCp+MmxFzk0VR30D3
o2/uCfTjDPjgYhsuy4pxaGV172UMLIhmgQfOMpS/k6i3OqxaYcoDCVSMPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP7KI+75gTTj0QSBRq/njaxCssmEMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvX3Nvajd2bUJOT1BSQklGR3ItZU5yRUt5eVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRpsMA0E
AgACMAcDBQAqAIdgMA0GCSqGSIb3DQEBCwUAA4IBAQAaDpByWPe7CaFdtmWC+u5x
Uhjfm/QP2bperFl9C2Hl5dRh1sR5pc9LtngE+9PqzETAcWgX1dPaFqUEYT3xQlGg
kNOzRmHzEhkfOXkFIWZ6K4eTBCHDd9luG5+mnitAOCQY3hXUw8JJ1vQuRDD+iymU
6oNqYjqtP5e0iO2AnjhRyyglY4cSnc6yTmDBPzeH4tvzzmLysSB9TzPb1TVOKoeU
nHLTT4rq6RX+QH/t9aW+mz1DuuxUtqgZgMKA8Wwuyr3ClxFPwdemy5/HgjryGInp
eK8IwFB08tar0PYh3JuMbYPD9PzpLZ7v7O78BszLws4X8Q4ahKRJRZQpGBSIM1E7
-----END CERTIFICATE-----