Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/dGBoyQtHg5U6B0fmteqFr3Gbupc.roa
File:                     dGBoyQtHg5U6B0fmteqFr3Gbupc.roa (raw, json)
Hash identifier:          07QU+G6o36qvdMYihMRHQXcW8FKT0wIU9hm+NQQyxto=
Subject key identifier:   74:60:68:C9:0B:47:83:95:3A:07:47:E6:B5:EA:85:AF:71:9B:BA:97
Certificate issuer:       /CN=fd4d1cbaa900c9dabd2a1f768198a1e55bcfb50f
Certificate serial:       018CFD1C03D4D63BE66C5CF1704B6CC15845
Authority key identifier: FD:4D:1C:BA:A9:00:C9:DA:BD:2A:1F:76:81:98:A1:E5:5B:CF:B5:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/dGBoyQtHg5U6B0fmteqFr3Gbupc.roa
Signing time:             Fri 12 Jan 2024 09:58:40 +0000
ROA not before:           Fri 12 Jan 2024 09:58:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28917
IP address blocks:        185.214.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:1c:03:d4:d6:3b:e6:6c:5c:f1:70:4b:6c:c1:58:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd4d1cbaa900c9dabd2a1f768198a1e55bcfb50f
        Validity
            Not Before: Jan 12 09:58:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=746068c90b4783953a0747e6b5ea85af719bba97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e6:69:29:8e:fc:e8:d2:a2:28:51:f1:50:60:
                    50:63:43:e5:0c:7a:ea:92:6d:98:76:1e:3f:58:c4:
                    b6:af:6e:5a:bf:3d:fd:f5:18:a7:13:ff:7e:89:5f:
                    92:da:af:61:c2:74:ae:23:37:ea:17:38:55:60:ac:
                    ed:18:52:0d:da:8b:ba:dd:20:56:76:22:f5:a9:32:
                    de:8b:c7:1a:91:86:7f:b4:fa:10:3b:f7:53:c0:17:
                    c6:c4:b2:f7:c2:77:96:c7:3f:de:cd:dd:55:62:e6:
                    93:14:68:c8:a9:c1:9a:a5:57:f0:f7:db:df:63:06:
                    98:28:6c:11:a4:f7:98:eb:ab:35:f3:c8:55:50:8b:
                    85:39:8e:b5:8b:3b:ae:0a:bd:0c:32:f3:39:98:ee:
                    db:4a:bc:b1:9f:dc:0a:ad:58:d5:a7:7b:f0:24:a9:
                    43:85:76:ac:73:f7:ed:92:51:5a:f7:fa:3d:01:81:
                    0d:8f:50:f6:33:f2:88:f7:05:54:0a:4b:37:fd:b0:
                    70:a2:31:be:74:56:d1:98:af:fd:1b:90:7f:98:a9:
                    8c:88:43:99:86:10:5d:bd:fc:f6:57:9a:79:00:28:
                    39:fc:27:d2:0f:81:cc:10:a6:46:62:d4:35:32:56:
                    be:05:7c:09:f9:ab:9b:3b:44:73:49:47:2d:68:35:
                    63:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:60:68:C9:0B:47:83:95:3A:07:47:E6:B5:EA:85:AF:71:9B:BA:97
            X509v3 Authority Key Identifier:
                keyid:FD:4D:1C:BA:A9:00:C9:DA:BD:2A:1F:76:81:98:A1:E5:5B:CF:B5:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/dGBoyQtHg5U6B0fmteqFr3Gbupc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:58:8d:e2:e1:4c:13:c3:a2:50:f4:c0:0d:05:a7:f2:e6:b2:
         b3:c2:fc:a9:b7:88:10:68:6f:4e:cf:f2:26:85:f5:3f:75:8f:
         ac:81:44:ac:fe:a9:d8:46:45:d1:1d:41:d8:4a:ce:9d:e3:02:
         4b:77:b1:13:26:e4:86:34:87:ac:b7:34:a0:84:82:2e:9b:0c:
         6b:d9:a7:98:26:8a:8e:b4:c1:d3:18:a5:e7:eb:2c:30:6d:aa:
         0b:c9:8a:4a:cf:6f:ca:3f:d9:61:2a:73:c9:29:e5:2c:b4:44:
         bc:0c:d1:bc:4a:9a:4f:94:ee:d6:50:c4:8f:b4:bf:d2:65:7a:
         6f:cd:db:6f:93:ee:d2:e6:88:33:b7:56:3d:06:4e:ff:3d:6b:
         94:2c:08:f9:9c:cb:51:67:c5:ad:5f:67:5c:d5:ed:53:a5:60:
         a7:c1:c9:41:20:73:8c:33:82:d8:f1:62:db:bd:58:1b:88:dc:
         4d:47:96:c3:2b:36:19:1a:47:7e:3c:ea:8c:2c:d3:49:af:27:
         a7:ee:4f:6b:19:c1:dd:5e:27:f3:db:16:3a:e3:32:c6:62:4d:
         fe:bb:86:17:bc:f3:ff:a5:80:de:4a:43:94:af:ed:e3:82:fd:
         81:e2:76:fa:62:1e:c0:53:a0:73:ea:9b:10:c1:86:fd:8d:3d:
         f4:2a:cf:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz9HAPU1jvmbFzxcEtswVhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNGQxY2JhYTkwMGM5ZGFiZDJhMWY3NjgxOThhMWU1NWJj
ZmI1MGYwHhcNMjQwMTEyMDk1ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDYwNjhjOTBiNDc4Mzk1M2EwNzQ3ZTZiNWVhODVhZjcxOWJiYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+ZpKY786NKiKFHxUGBQY0PlDHrq
km2Ydh4/WMS2r25avz399RinE/9+iV+S2q9hwnSuIzfqFzhVYKztGFIN2ou63SBW
diL1qTLei8cakYZ/tPoQO/dTwBfGxLL3wneWxz/ezd1VYuaTFGjIqcGapVfw99vf
YwaYKGwRpPeY66s188hVUIuFOY61izuuCr0MMvM5mO7bSryxn9wKrVjVp3vwJKlD
hXasc/ftklFa9/o9AYENj1D2M/KI9wVUCks3/bBwojG+dFbRmK/9G5B/mKmMiEOZ
hhBdvfz2V5p5ACg5/CfSD4HMEKZGYtQ1Mla+BXwJ+aubO0RzSUctaDVjAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRgaMkLR4OVOgdH5rXqha9xm7qXMB8GA1UdIwQY
MBaAFP1NHLqpAMnavSofdoGYoeVbz7UPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1UwY3Vxa0F5ZHE5S2g5MmdaaWg1VnZQdFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84OTAzY2EtZmI2Ny00ZWU3LWEyM2Et
ZGI3NjkwZTQ1NzY1LzEvZEdCb3lRdEhnNVU2QjBmbXRlcUZyM0didXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84OTAzY2EtZmI2Ny00ZWU3LWEyM2EtZGI3NjkwZTQ1NzY1
LzEvX1UwY3Vxa0F5ZHE5S2g5MmdaaWg1VnZQdFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudb3MA0G
CSqGSIb3DQEBCwUAA4IBAQAMWI3i4UwTw6JQ9MANBafy5rKzwvypt4gQaG9Oz/Im
hfU/dY+sgUSs/qnYRkXRHUHYSs6d4wJLd7ETJuSGNIestzSghIIumwxr2aeYJoqO
tMHTGKXn6ywwbaoLyYpKz2/KP9lhKnPJKeUstES8DNG8SppPlO7WUMSPtL/SZXpv
zdtvk+7S5ogzt1Y9Bk7/PWuULAj5nMtRZ8WtX2dc1e1TpWCnwclBIHOMM4LY8WLb
vVgbiNxNR5bDKzYZGkd+POqMLNNJryen7k9rGcHdXifz2xY64zLGYk3+u4YXvPP/
pYDeSkOUr+3jgv2B4nb6Yh7AU6Bz6psQwYb9jT30Ks/2
-----END CERTIFICATE-----