Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/oYeFQ0GuYqdPUSqr42-Z5zuz5YI.roa
File:                     oYeFQ0GuYqdPUSqr42-Z5zuz5YI.roa (raw, json)
Hash identifier:          +DrOZc/1tXsngjYE8F6kEAu7UiuP3yQxBf7x24R//ec=
Subject key identifier:   A1:87:85:43:41:AE:62:A7:4F:51:2A:AB:E3:6F:99:E7:3B:B3:E5:82
Certificate issuer:       /CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
Certificate serial:       018D784666FE739CD47C6F5560F1455344E3
Authority key identifier: C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/oYeFQ0GuYqdPUSqr42-Z5zuz5YI.roa
Signing time:             Mon 05 Feb 2024 07:58:16 +0000
ROA not before:           Mon 05 Feb 2024 07:58:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        82.117.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:46:66:fe:73:9c:d4:7c:6f:55:60:f1:45:53:44:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
        Validity
            Not Before: Feb  5 07:58:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a187854341ae62a74f512aabe36f99e73bb3e582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a5:bf:3f:19:e0:c1:94:b7:7b:43:a3:8a:e0:
                    77:90:f5:e5:c8:44:b5:a5:0f:63:92:aa:9a:a9:a9:
                    cc:41:b6:1e:88:be:35:9e:6b:5c:93:53:37:44:8c:
                    b3:e1:76:2e:c8:00:38:0f:65:ab:52:6a:2b:88:c8:
                    79:8e:2e:b6:48:5f:e0:db:f7:66:20:cd:e3:30:63:
                    fe:f2:f2:9e:bd:76:86:63:f0:8b:22:c9:ea:78:fa:
                    3d:a2:0f:de:a5:21:5e:3b:c6:c0:8a:52:9a:c6:f4:
                    3e:0c:69:0f:28:40:74:ed:6d:6f:6e:fa:0e:7e:ee:
                    83:5d:10:44:7c:50:95:75:5d:d0:74:58:44:ae:67:
                    df:5d:70:6b:64:a8:6e:3f:f5:e8:82:56:74:6c:c6:
                    82:c0:60:3d:28:0f:23:a4:13:25:1b:ad:50:58:2e:
                    4b:60:e8:29:ef:1f:59:19:95:a5:85:01:50:51:e9:
                    21:fa:87:0b:51:72:38:91:67:17:b2:bf:fa:9a:47:
                    25:eb:b2:36:32:90:45:3e:89:df:0b:e7:6d:8a:1c:
                    b8:ae:e0:f6:73:d4:f3:68:03:39:2c:7c:30:b7:bd:
                    7c:12:45:54:de:9f:75:71:86:df:7d:9f:6c:21:de:
                    2e:f4:dc:45:63:78:d9:cc:b6:25:ed:7a:81:95:7a:
                    55:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:87:85:43:41:AE:62:A7:4F:51:2A:AB:E3:6F:99:E7:3B:B3:E5:82
            X509v3 Authority Key Identifier:
                keyid:C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/oYeFQ0GuYqdPUSqr42-Z5zuz5YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:32:a0:c7:53:1a:e9:d9:54:21:50:ef:06:41:39:2b:b3:51:
         e0:e6:4e:02:c5:ae:b0:17:6f:b7:90:db:1c:7e:80:19:8b:82:
         9c:42:e2:7a:59:6c:00:0c:f5:da:6b:95:5d:70:fa:0d:39:0d:
         83:0b:7f:79:d1:72:77:8f:74:04:90:65:ff:35:6b:fd:2c:df:
         28:3c:36:3e:2a:41:fa:61:e0:98:e0:15:83:80:44:7f:8f:77:
         ed:64:d9:18:9e:13:96:6f:96:97:25:91:7a:18:40:2c:d3:08:
         4f:f5:5b:6a:6f:78:04:c0:fd:bd:30:1f:bf:89:24:ce:9f:bb:
         4d:3c:74:df:c0:35:6d:e7:48:1b:61:5b:50:56:df:22:a0:0b:
         8b:20:0c:ad:56:9c:ed:ca:18:9d:27:2f:a2:5b:ea:15:9d:ce:
         53:e8:5f:e1:d8:64:4b:ea:58:a7:d4:73:9b:1a:0c:8c:4a:62:
         35:7e:40:ea:c4:86:fe:1f:b4:e2:7e:02:b6:90:d2:6f:08:f2:
         dc:b5:cd:74:37:d4:24:31:b8:b6:09:51:80:53:1b:bd:bd:5c:
         84:0f:1e:34:eb:c6:b9:ba:7a:f2:2a:07:c8:f3:f1:03:2d:e9:
         d5:46:d8:a5:7e:36:41:da:e6:2e:46:c5:31:4e:1c:28:a9:57:
         79:68:8f:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14Rmb+c5zUfG9VYPFFU0TjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDZjNGJlZmUwZmJiZTM2MjRiZDc0ODI5NmI1ZmUyZTdl
YzJkNjgwHhcNMjQwMjA1MDc1ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg3ODU0MzQxYWU2MmE3NGY1MTJhYWJlMzZmOTllNzNiYjNlNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KW/PxngwZS3e0OjiuB3kPXlyES1
pQ9jkqqaqanMQbYeiL41nmtck1M3RIyz4XYuyAA4D2WrUmoriMh5ji62SF/g2/dm
IM3jMGP+8vKevXaGY/CLIsnqePo9og/epSFeO8bAilKaxvQ+DGkPKEB07W1vbvoO
fu6DXRBEfFCVdV3QdFhErmffXXBrZKhuP/XoglZ0bMaCwGA9KA8jpBMlG61QWC5L
YOgp7x9ZGZWlhQFQUekh+ocLUXI4kWcXsr/6mkcl67I2MpBFPonfC+dtihy4ruD2
c9TzaAM5LHwwt718EkVU3p91cYbffZ9sId4u9NxFY3jZzLYl7XqBlXpV8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGHhUNBrmKnT1Eqq+Nvmec7s+WCMB8GA1UdIwQY
MBaAFMlGxL7+D7vjYkvXSClrX+Ln7C1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODkt
NmJiYjI3MDgxZGUyLzEvb1llRlEwR3VZcWRQVVNxcjQyLVo1enV6NVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODktNmJiYjI3MDgxZGUy
LzEveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnX1MA0G
CSqGSIb3DQEBCwUAA4IBAQCcMqDHUxrp2VQhUO8GQTkrs1Hg5k4Cxa6wF2+3kNsc
foAZi4KcQuJ6WWwADPXaa5VdcPoNOQ2DC3950XJ3j3QEkGX/NWv9LN8oPDY+KkH6
YeCY4BWDgER/j3ftZNkYnhOWb5aXJZF6GEAs0whP9Vtqb3gEwP29MB+/iSTOn7tN
PHTfwDVt50gbYVtQVt8ioAuLIAytVpztyhidJy+iW+oVnc5T6F/h2GRL6lin1HOb
GgyMSmI1fkDqxIb+H7TifgK2kNJvCPLctc10N9QkMbi2CVGAUxu9vVyEDx4068a5
unryKgfI8/EDLenVRtilfjZB2uYuRsUxThwoqVd5aI8P
-----END CERTIFICATE-----