Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/rpON3Pp6zjdR-HvWBoi84aZ8MDE.roa
File:                     rpON3Pp6zjdR-HvWBoi84aZ8MDE.roa (raw, json)
Hash identifier:          1+PdmQZgdMB/q2FKa/0BG2GddxgShp8xj8GkcWXGN68=
Subject key identifier:   AE:93:8D:DC:FA:7A:CE:37:51:F8:7B:D6:06:88:BC:E1:A6:7C:30:31
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       018CC424D66C2CCDEC504FB868FBBFD9D412
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/rpON3Pp6zjdR-HvWBoi84aZ8MDE.roa
Signing time:             Mon 01 Jan 2024 08:29:57 +0000
ROA not before:           Mon 01 Jan 2024 08:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59799
IP address blocks:        185.71.24.0/22 maxlen: 24
                          2a01:b280::/36 maxlen: 36
                          2a0a:fd80:5000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d6:6c:2c:cd:ec:50:4f:b8:68:fb:bf:d9:d4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  1 08:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae938ddcfa7ace3751f87bd60688bce1a67c3031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e5:89:bb:c2:d2:de:5b:f7:82:82:38:7e:6f:
                    51:58:94:a8:ff:c1:c5:95:44:e1:2a:0d:27:db:d4:
                    46:ed:bd:ba:a0:d9:91:6d:ab:5a:78:86:1e:ff:fe:
                    16:0b:2d:24:fc:9c:e9:ad:e2:3c:c1:98:48:c4:d7:
                    92:84:f0:8b:23:aa:48:de:ab:4d:bb:6a:f3:7c:36:
                    7e:dd:0e:3e:11:68:d9:fb:ae:fd:5f:5a:6a:f6:80:
                    fb:d5:14:1f:c4:3b:51:eb:84:93:3a:a1:db:4e:68:
                    ef:67:7a:6b:96:34:f6:03:2f:fc:fd:b7:04:d9:ce:
                    0c:73:d0:e9:7f:b1:5e:76:45:c1:1a:b5:48:54:fb:
                    e6:b8:73:24:f2:f6:6f:9d:a0:fa:1c:39:e5:06:cb:
                    ff:79:1c:40:75:3c:d0:1c:ea:29:b3:10:77:4e:63:
                    e6:23:de:be:3c:c1:a4:76:36:60:da:8f:e3:fc:fa:
                    27:9f:d5:a7:64:f1:59:0c:01:12:ce:32:3d:7c:63:
                    57:b0:20:f8:5e:32:62:10:93:ce:1e:03:30:84:b2:
                    29:81:ad:04:f7:81:9b:fc:71:8a:9b:4f:33:92:f6:
                    43:08:aa:84:e0:a6:5a:cc:27:0e:ea:a5:c1:76:e7:
                    33:b7:80:c5:8e:50:18:c1:17:f8:ec:12:e5:3d:fb:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:93:8D:DC:FA:7A:CE:37:51:F8:7B:D6:06:88:BC:E1:A6:7C:30:31
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/rpON3Pp6zjdR-HvWBoi84aZ8MDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.24.0/22
                IPv6:
                  2a01:b280::/36
                  2a0a:fd80:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         64:e4:16:65:8a:44:65:82:53:c5:a5:6a:01:67:4f:b4:7f:05:
         49:3f:55:0a:02:f7:0e:0d:93:1b:ac:50:19:91:17:31:2f:45:
         b6:d7:9e:71:83:12:3e:fd:0f:54:a7:bb:85:50:52:e5:4c:fa:
         de:fc:62:bc:a6:7c:55:f0:e5:34:42:b5:3d:b4:63:6b:fe:3c:
         ed:bc:e3:00:21:ce:ab:64:bf:30:3e:a6:d1:27:d4:10:c2:63:
         03:72:49:d0:05:b7:42:cf:63:5b:1a:0b:93:4c:d9:72:e3:f0:
         b2:68:23:ab:e1:29:9e:ea:01:db:f5:c1:13:84:be:a0:43:40:
         47:ba:63:ed:75:bd:61:5c:ec:9e:af:0f:dc:28:a4:a7:16:74:
         4f:e5:79:6c:f8:74:a9:49:59:92:33:25:73:a4:ce:75:20:00:
         95:49:4f:06:42:47:79:0e:b3:1d:cc:50:a6:b1:74:74:23:98:
         81:a3:78:20:15:0f:ce:c6:7d:be:a9:6d:a1:41:e9:b1:89:0a:
         48:e7:a2:fe:42:d2:26:52:5d:b2:d6:89:61:d8:17:95:b1:06:
         6a:6d:59:38:66:f8:50:59:b9:20:70:95:70:6b:6a:ed:c0:69:
         9a:d4:61:08:3c:ba:32:e2:54:88:91:01:0d:de:d0:26:67:55:
         49:72:78:7a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzEJNZsLM3sUE+4aPu/2dQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjQwMTAxMDgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkzOGRkY2ZhN2FjZTM3NTFmODdiZDYwNjg4YmNlMWE2N2MzMDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+WJu8LS3lv3goI4fm9RWJSo/8HF
lUThKg0n29RG7b26oNmRbataeIYe//4WCy0k/JzpreI8wZhIxNeShPCLI6pI3qtN
u2rzfDZ+3Q4+EWjZ+679X1pq9oD71RQfxDtR64STOqHbTmjvZ3prljT2Ay/8/bcE
2c4Mc9Dpf7FedkXBGrVIVPvmuHMk8vZvnaD6HDnlBsv/eRxAdTzQHOopsxB3TmPm
I96+PMGkdjZg2o/j/Ponn9WnZPFZDAESzjI9fGNXsCD4XjJiEJPOHgMwhLIpga0E
94Gb/HGKm08zkvZDCKqE4KZazCcO6qXBduczt4DFjlAYwRf47BLlPfvAQwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK6Tjdz6es43Ufh71gaIvOGmfDAxMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvcnBPTjNQcDZ6amRSLUh2V0JvaTg0YVo4TURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuUcYMBYE
AgACMBADBgQqAbKAAAMGBCoK/YBQMA0GCSqGSIb3DQEBCwUAA4IBAQBk5BZlikRl
glPFpWoBZ0+0fwVJP1UKAvcODZMbrFAZkRcxL0W2155xgxI+/Q9Up7uFUFLlTPre
/GK8pnxV8OU0QrU9tGNr/jztvOMAIc6rZL8wPqbRJ9QQwmMDcknQBbdCz2NbGguT
TNly4/CyaCOr4Sme6gHb9cEThL6gQ0BHumPtdb1hXOyerw/cKKSnFnRP5Xls+HSp
SVmSMyVzpM51IACVSU8GQkd5DrMdzFCmsXR0I5iBo3ggFQ/Oxn2+qW2hQemxiQpI
56L+QtImUl2y1olh2BeVsQZqbVk4ZvhQWbkgcJVwa2rtwGma1GEIPLoy4lSIkQEN
3tAmZ1VJcnh6
-----END CERTIFICATE-----