Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/osRUB45JbTMfhYKQMu1exiuWnx8.roa
File:                     osRUB45JbTMfhYKQMu1exiuWnx8.roa (raw, json)
Hash identifier:          M+dFyVClrN7BwUJlTezUeHLasSfCs+hm1SRBZ5i3m44=
Subject key identifier:   A2:C4:54:07:8E:49:6D:33:1F:85:82:90:32:ED:5E:C6:2B:96:9F:1F
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018D4781B6A1E519BB96C63025A7CAF2AE71
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/osRUB45JbTMfhYKQMu1exiuWnx8.roa
Signing time:             Fri 26 Jan 2024 20:41:39 +0000
ROA not before:           Fri 26 Jan 2024 20:41:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200080
IP address blocks:        185.186.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:47:81:b6:a1:e5:19:bb:96:c6:30:25:a7:ca:f2:ae:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan 26 20:41:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2c454078e496d331f85829032ed5ec62b969f1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:22:7b:7a:98:68:4d:86:a3:01:86:41:41:0d:
                    35:da:9f:ff:c9:cc:c7:5e:83:91:c5:05:5b:29:fc:
                    80:65:c8:e5:c8:31:c0:a6:d6:10:6c:88:c2:58:2f:
                    d6:3f:4d:6a:99:75:66:33:aa:60:e8:71:6a:44:d5:
                    5d:7c:9f:63:f7:72:a4:cc:93:8b:27:2f:00:58:55:
                    15:8a:e9:b7:5f:48:cc:6d:7e:95:30:92:86:d5:3b:
                    e9:a9:17:a6:c2:26:73:ad:ae:59:c7:2a:3e:98:64:
                    06:01:f9:49:e9:c9:55:54:79:2e:39:e5:b3:71:62:
                    8e:ad:63:dc:e2:16:bb:27:2d:a6:c1:65:a4:9e:33:
                    20:f6:28:ea:30:dd:10:e4:0f:20:12:42:c6:9e:bd:
                    77:43:53:65:9a:1c:ab:dc:a1:be:0e:b3:08:7f:40:
                    f7:f3:4b:4f:9b:8d:62:ce:8b:24:42:a9:86:77:8f:
                    8d:07:f0:fa:70:23:fa:60:71:11:a3:50:1f:ba:88:
                    b4:fd:4f:ac:73:85:e2:89:da:f8:d5:8e:c0:fe:9d:
                    13:62:27:47:8c:5c:9d:d6:70:9a:c5:5a:ac:6c:8e:
                    fa:91:74:df:34:c6:b0:0c:79:b6:89:78:d2:34:02:
                    3d:fc:63:7c:c6:14:6b:21:9c:8c:67:ba:70:4e:e0:
                    0f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C4:54:07:8E:49:6D:33:1F:85:82:90:32:ED:5E:C6:2B:96:9F:1F
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/osRUB45JbTMfhYKQMu1exiuWnx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e9:cb:d6:88:e4:72:3f:ae:ac:78:62:47:ad:ef:5b:d7:f2:
         b4:53:cb:ef:06:fb:4c:4c:66:a2:f5:5b:21:57:ea:21:0e:cd:
         8f:ff:53:b0:77:76:b1:0d:c2:45:9f:38:b3:24:8a:2a:7d:f6:
         ef:05:99:98:77:b9:a9:27:e0:5a:e4:6c:a7:73:2c:49:99:ad:
         3d:84:ea:0f:1b:a5:45:d6:73:e4:52:13:e8:0f:17:ac:d6:0b:
         54:66:c1:74:7b:1e:c7:86:15:a1:5c:e4:b1:ec:28:b5:44:2c:
         78:38:ad:7f:25:13:d2:a3:5d:1e:31:44:ee:42:be:32:90:f0:
         a5:0d:23:80:83:06:de:75:ee:89:11:fb:aa:d4:38:1e:63:b8:
         aa:f2:76:96:6f:e6:fc:9f:cb:45:43:73:89:e0:5d:0a:89:7e:
         07:ee:e6:be:89:e3:6c:e4:3f:d9:5b:d2:fa:f3:95:29:d5:07:
         69:66:48:d3:33:bd:07:db:30:d2:f3:3d:d1:06:e1:6f:15:b8:
         59:75:fb:3e:81:81:c5:f1:46:74:a8:4a:67:50:e7:f4:a4:17:
         fc:52:4e:61:2a:14:47:77:d0:4f:76:07:1d:16:b4:54:d8:b6:
         c0:e3:d8:d0:da:1a:95:9e:88:fa:9f:b2:f3:cd:0e:4f:56:72:
         d5:9e:3f:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Hgbah5Rm7lsYwJafK8q5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTI2MjA0MTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM0NTQwNzhlNDk2ZDMzMWY4NTgyOTAzMmVkNWVjNjJiOTY5ZjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCJ7ephoTYajAYZBQQ012p//yczH
XoORxQVbKfyAZcjlyDHAptYQbIjCWC/WP01qmXVmM6pg6HFqRNVdfJ9j93KkzJOL
Jy8AWFUVium3X0jMbX6VMJKG1TvpqRemwiZzra5Zxyo+mGQGAflJ6clVVHkuOeWz
cWKOrWPc4ha7Jy2mwWWknjMg9ijqMN0Q5A8gEkLGnr13Q1Nlmhyr3KG+DrMIf0D3
80tPm41izoskQqmGd4+NB/D6cCP6YHERo1Afuoi0/U+sc4Xiidr41Y7A/p0TYidH
jFyd1nCaxVqsbI76kXTfNMawDHm2iXjSNAI9/GN8xhRrIZyMZ7pwTuAPrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLEVAeOSW0zH4WCkDLtXsYrlp8fMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvb3NSVUI0NUpiVE1maFlLUU11MWV4aXVXbng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpDMA0G
CSqGSIb3DQEBCwUAA4IBAQCF6cvWiORyP66seGJHre9b1/K0U8vvBvtMTGai9Vsh
V+ohDs2P/1Owd3axDcJFnzizJIoqffbvBZmYd7mpJ+Ba5GyncyxJma09hOoPG6VF
1nPkUhPoDxes1gtUZsF0ex7HhhWhXOSx7Ci1RCx4OK1/JRPSo10eMUTuQr4ykPCl
DSOAgwbede6JEfuq1DgeY7iq8naWb+b8n8tFQ3OJ4F0KiX4H7ua+ieNs5D/ZW9L6
85Up1QdpZkjTM70H2zDS8z3RBuFvFbhZdfs+gYHF8UZ0qEpnUOf0pBf8Uk5hKhRH
d9BPdgcdFrRU2LbA49jQ2hqVnoj6n7LzzQ5PVnLVnj9x
-----END CERTIFICATE-----