Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/sfVepUvgtZBpwdDRi6KYPtPbyR8.roa
File:                     sfVepUvgtZBpwdDRi6KYPtPbyR8.roa (raw, json)
Hash identifier:          bsKR/x4JO5u+itMMRiY5+V+Zv5oc1z7hQ3nhwTOabe4=
Subject key identifier:   B1:F5:5E:A5:4B:E0:B5:90:69:C1:D0:D1:8B:A2:98:3E:D3:DB:C9:1F
Certificate issuer:       /CN=ff0ddf3fe5772201aff78c24e97f944c3805ff6b
Certificate serial:       01902A354C8CE053697CAECD629E79D8F654
Authority key identifier: FF:0D:DF:3F:E5:77:22:01:AF:F7:8C:24:E9:7F:94:4C:38:05:FF:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_w3fP-V3IgGv94wk6X-UTDgF_2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/sfVepUvgtZBpwdDRi6KYPtPbyR8.roa
Signing time:             Tue 18 Jun 2024 07:17:34 +0000
ROA not before:           Tue 18 Jun 2024 07:17:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20746
IP address blocks:        185.86.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/_w3fP-V3IgGv94wk6X-UTDgF_2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/_w3fP-V3IgGv94wk6X-UTDgF_2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_w3fP-V3IgGv94wk6X-UTDgF_2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:35:4c:8c:e0:53:69:7c:ae:cd:62:9e:79:d8:f6:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff0ddf3fe5772201aff78c24e97f944c3805ff6b
        Validity
            Not Before: Jun 18 07:17:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f55ea54be0b59069c1d0d18ba2983ed3dbc91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:94:47:33:08:89:8f:87:99:8b:78:2e:07:0b:
                    36:44:8f:ce:e1:7b:ba:d0:fb:a9:3c:f1:9e:7d:69:
                    e3:31:74:4c:a0:d2:d4:31:3c:78:fb:e4:89:19:06:
                    19:9b:c3:a9:74:5c:91:a8:7b:d4:d5:ad:2b:f0:83:
                    16:5b:b8:ea:c9:dd:32:f6:d6:05:e2:3b:02:c9:72:
                    81:c5:fa:c9:e2:85:a7:5d:3d:8d:51:e6:c9:2c:c0:
                    d5:82:6f:67:2d:09:12:a1:66:a9:d7:8f:b6:b5:d4:
                    75:c8:84:ea:4d:67:58:18:b8:1b:e6:67:75:75:76:
                    29:17:6e:39:0c:45:b4:63:66:f7:4b:2b:ff:8a:29:
                    fa:1d:d8:f8:c7:a9:aa:d4:af:99:c5:19:a3:a3:fc:
                    7e:ae:74:bd:88:29:2c:b2:ce:c6:b2:df:5f:8a:1f:
                    65:1f:4c:8d:27:9e:7e:61:da:02:81:30:dd:21:4e:
                    cc:d1:ba:e2:ec:1f:1e:c2:b7:c1:d1:3f:86:df:0b:
                    2a:9e:d6:3b:0e:3f:ed:95:f2:94:4f:14:87:c2:2c:
                    fd:6f:3a:0e:c3:3e:15:bc:f0:97:ac:06:65:3a:8e:
                    37:e7:2d:e8:75:e1:61:90:27:c6:90:76:30:bf:54:
                    45:08:0b:76:2c:af:6d:5d:18:10:6e:10:c1:55:9d:
                    a7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F5:5E:A5:4B:E0:B5:90:69:C1:D0:D1:8B:A2:98:3E:D3:DB:C9:1F
            X509v3 Authority Key Identifier:
                keyid:FF:0D:DF:3F:E5:77:22:01:AF:F7:8C:24:E9:7F:94:4C:38:05:FF:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_w3fP-V3IgGv94wk6X-UTDgF_2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/sfVepUvgtZBpwdDRi6KYPtPbyR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c455bd-b825-4901-8381-04d1247e5d0a/1/_w3fP-V3IgGv94wk6X-UTDgF_2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:55:98:3c:f3:ce:be:84:3a:c5:a7:6a:73:8b:1e:ec:0e:e0:
         d0:aa:59:1f:d8:0c:ce:5a:92:48:85:01:83:e6:e8:0a:5f:eb:
         7f:5c:3b:1f:81:64:09:8e:ee:12:27:fa:4d:1b:f7:67:62:83:
         16:cf:db:7b:26:bb:93:67:b1:47:0e:e3:26:f6:fb:30:7e:d8:
         e6:b2:68:6f:cc:ff:e4:d2:e4:23:00:46:fd:44:70:a2:14:40:
         11:8a:7b:b7:31:1f:43:2c:3a:10:a9:82:2a:e0:26:21:83:4f:
         1e:bd:29:07:93:c1:26:3a:4e:63:50:70:43:79:00:c9:f2:f4:
         d5:c2:2b:19:f8:98:73:51:82:be:41:67:3a:0b:b2:70:69:e9:
         58:84:d0:ff:f8:1b:d6:d6:25:12:d0:79:cd:49:50:ec:b0:6d:
         6c:29:f7:5f:c2:29:24:d5:f1:22:ae:89:bf:87:ec:d6:37:3a:
         a8:db:4e:30:49:ab:b8:66:e7:fb:25:e2:67:30:d3:26:17:d4:
         aa:55:56:16:33:af:5e:ac:60:24:27:5e:c8:48:7a:01:30:a7:
         6f:2c:2c:a1:1f:31:91:02:f3:1d:67:8c:67:db:f9:e9:2a:53:
         e0:6b:bd:60:13:d9:90:6f:34:eb:38:0d:8c:99:66:ee:09:5a:
         58:74:d0:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAqNUyM4FNpfK7NYp552PZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMGRkZjNmZTU3NzIyMDFhZmY3OGMyNGU5N2Y5NDRjMzgw
NWZmNmIwHhcNMjQwNjE4MDcxNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY1NWVhNTRiZTBiNTkwNjljMWQwZDE4YmEyOTgzZWQzZGJjOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pRHMwiJj4eZi3guBws2RI/O4Xu6
0PupPPGefWnjMXRMoNLUMTx4++SJGQYZm8OpdFyRqHvU1a0r8IMWW7jqyd0y9tYF
4jsCyXKBxfrJ4oWnXT2NUebJLMDVgm9nLQkSoWap14+2tdR1yITqTWdYGLgb5md1
dXYpF245DEW0Y2b3Syv/iin6Hdj4x6mq1K+ZxRmjo/x+rnS9iCksss7Gst9fih9l
H0yNJ55+YdoCgTDdIU7M0bri7B8ewrfB0T+G3wsqntY7Dj/tlfKUTxSHwiz9bzoO
wz4VvPCXrAZlOo435y3odeFhkCfGkHYwv1RFCAt2LK9tXRgQbhDBVZ2nTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLH1XqVL4LWQacHQ0YuimD7T28kfMB8GA1UdIwQY
MBaAFP8N3z/ldyIBr/eMJOl/lEw4Bf9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3czZlAtVjNJZ0d2OTR3azZYLVVURGdGXzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9jNDU1YmQtYjgyNS00OTAxLTgzODEt
MDRkMTI0N2U1ZDBhLzEvc2ZWZXBVdmd0WkJwd2REUmk2S1lQdFBieVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9jNDU1YmQtYjgyNS00OTAxLTgzODEtMDRkMTI0N2U1ZDBh
LzEvX3czZlAtVjNJZ0d2OTR3azZYLVVURGdGXzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVY8MA0G
CSqGSIb3DQEBCwUAA4IBAQAdVZg8886+hDrFp2pzix7sDuDQqlkf2AzOWpJIhQGD
5ugKX+t/XDsfgWQJju4SJ/pNG/dnYoMWz9t7JruTZ7FHDuMm9vswftjmsmhvzP/k
0uQjAEb9RHCiFEARinu3MR9DLDoQqYIq4CYhg08evSkHk8EmOk5jUHBDeQDJ8vTV
wisZ+JhzUYK+QWc6C7JwaelYhND/+BvW1iUS0HnNSVDssG1sKfdfwikk1fEirom/
h+zWNzqo204wSau4Zuf7JeJnMNMmF9SqVVYWM69erGAkJ17ISHoBMKdvLCyhHzGR
AvMdZ4xn2/npKlPga71gE9mQbzTrOA2MmWbuCVpYdNCi
-----END CERTIFICATE-----