Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/0o1bM1bnalnsnCEwY7EHqA2DYwI.roa
File:                     0o1bM1bnalnsnCEwY7EHqA2DYwI.roa (raw, json)
Hash identifier:          a6Jlm8q4bTHKkL4jo13ydzErm8S6w7SEyDYkJ1x4MuQ=
Subject key identifier:   D2:8D:5B:33:56:E7:6A:59:EC:9C:21:30:63:B1:07:A8:0D:83:63:02
Certificate issuer:       /CN=bc5380d742bef2423fcfd6d303d73a67917aaec0
Certificate serial:       01947AFB0E37A1F85701315F1A79A1E95644
Authority key identifier: BC:53:80:D7:42:BE:F2:42:3F:CF:D6:D3:03:D7:3A:67:91:7A:AE:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFOA10K-8kI_z9bTA9c6Z5F6rsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/0o1bM1bnalnsnCEwY7EHqA2DYwI.roa
Signing time:             Sat 18 Jan 2025 19:54:20 +0000
ROA not before:           Sat 18 Jan 2025 19:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216054
IP address blocks:        185.235.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/vFOA10K-8kI_z9bTA9c6Z5F6rsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/vFOA10K-8kI_z9bTA9c6Z5F6rsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFOA10K-8kI_z9bTA9c6Z5F6rsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7a:fb:0e:37:a1:f8:57:01:31:5f:1a:79:a1:e9:56:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc5380d742bef2423fcfd6d303d73a67917aaec0
        Validity
            Not Before: Jan 18 19:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d28d5b3356e76a59ec9c213063b107a80d836302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:dc:1e:58:f9:49:c7:11:62:b1:0d:44:c6:27:
                    6a:b3:f7:29:1f:11:05:e0:78:69:57:09:28:dd:29:
                    70:4d:78:41:c5:04:eb:7a:64:08:37:ab:b4:e1:b6:
                    0d:5c:7c:32:8d:10:42:8e:df:04:3b:4b:6f:29:15:
                    90:e5:71:4c:3a:43:c2:96:ec:20:9f:b2:1e:f9:57:
                    20:34:69:0f:7c:1c:9a:ad:4e:a2:20:57:e1:23:7b:
                    ad:66:a0:17:df:88:51:8e:f8:c0:e5:9f:d1:ed:8f:
                    7c:2f:fa:af:bd:43:fc:cc:4b:bc:4e:c4:e3:75:e2:
                    7e:7a:e1:6a:f6:3a:3e:42:22:ef:a2:84:90:fc:60:
                    23:e5:5e:6e:5f:64:a9:1a:66:85:d8:a1:1d:be:c9:
                    64:19:eb:a6:03:f9:f5:08:85:8e:3f:df:42:96:88:
                    1f:af:12:72:d8:23:13:01:89:43:8d:83:14:91:26:
                    8d:50:5c:d4:b1:b5:f6:5c:91:ef:d0:67:75:3b:67:
                    4e:09:2e:f5:0f:e1:7f:63:00:02:9b:e6:e4:59:ad:
                    3c:9e:d5:8b:60:81:29:c8:bf:49:6c:ab:34:0e:03:
                    dc:31:32:19:23:65:5e:d0:4c:de:31:09:1e:9b:36:
                    09:04:df:d5:e6:82:95:98:d4:c9:6a:82:cb:a1:45:
                    56:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8D:5B:33:56:E7:6A:59:EC:9C:21:30:63:B1:07:A8:0D:83:63:02
            X509v3 Authority Key Identifier:
                keyid:BC:53:80:D7:42:BE:F2:42:3F:CF:D6:D3:03:D7:3A:67:91:7A:AE:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFOA10K-8kI_z9bTA9c6Z5F6rsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/0o1bM1bnalnsnCEwY7EHqA2DYwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/686de6-b13c-4dac-aaae-d8fe2c085810/1/vFOA10K-8kI_z9bTA9c6Z5F6rsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e3:36:da:a5:58:54:73:c5:44:e7:d1:ce:01:6c:a6:b9:b7:
         64:ef:3a:b9:ca:ba:52:bb:d2:f1:dd:d2:de:cc:90:f2:b2:e9:
         dc:14:f9:8f:d8:76:38:e0:96:3d:93:c3:f8:ec:8d:4c:fd:7e:
         0f:8d:a4:d5:80:f6:9a:ad:fb:a2:a7:51:3c:6c:ed:75:96:28:
         0b:ac:8f:3c:f3:7e:e8:ce:36:3e:b8:2c:bc:f2:d8:f5:d2:ed:
         2a:a6:98:8e:ab:7d:8d:6a:a7:10:2c:8e:d4:f2:47:b0:2a:89:
         aa:42:2c:99:33:af:31:c0:75:5c:7b:0b:f0:49:fa:99:04:25:
         75:da:e9:54:c1:07:de:a3:0f:4d:59:a4:19:79:5e:e2:2c:b3:
         42:29:16:09:cb:13:ab:d7:8e:af:2d:1f:be:7b:52:b5:76:dd:
         e3:c7:79:59:12:d5:e8:e2:48:28:61:35:f3:15:40:1b:91:ea:
         1d:7d:73:66:ee:ae:22:59:a1:b8:9e:52:82:43:d2:e2:ac:ea:
         60:82:30:06:d2:f2:58:43:d3:3b:90:6c:94:3c:5c:d0:1c:98:
         ff:d7:2c:88:e7:ca:04:b8:8b:d9:e0:f2:14:c9:fb:ed:6f:39:
         72:a5:47:96:5e:22:d4:41:34:59:3c:2c:d7:d4:83:42:e1:2d:
         6e:9d:01:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR6+w43ofhXATFfGnmh6VZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTM4MGQ3NDJiZWYyNDIzZmNmZDZkMzAzZDczYTY3OTE3
YWFlYzAwHhcNMjUwMTE4MTk1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhkNWIzMzU2ZTc2YTU5ZWM5YzIxMzA2M2IxMDdhODBkODM2MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNweWPlJxxFisQ1Exidqs/cpHxEF
4HhpVwko3SlwTXhBxQTremQIN6u04bYNXHwyjRBCjt8EO0tvKRWQ5XFMOkPCluwg
n7Ie+VcgNGkPfByarU6iIFfhI3utZqAX34hRjvjA5Z/R7Y98L/qvvUP8zEu8TsTj
deJ+euFq9jo+QiLvooSQ/GAj5V5uX2SpGmaF2KEdvslkGeumA/n1CIWOP99Clogf
rxJy2CMTAYlDjYMUkSaNUFzUsbX2XJHv0Gd1O2dOCS71D+F/YwACm+bkWa08ntWL
YIEpyL9JbKs0DgPcMTIZI2Ve0EzeMQkemzYJBN/V5oKVmNTJaoLLoUVWiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKNWzNW52pZ7JwhMGOxB6gNg2MCMB8GA1UdIwQY
MBaAFLxTgNdCvvJCP8/W0wPXOmeReq7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZPQTEwSy04a0lfejliVEE5YzZaNUY2cnNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy82ODZkZTYtYjEzYy00ZGFjLWFhYWUt
ZDhmZTJjMDg1ODEwLzEvMG8xYk0xYm5hbG5zbkNFd1k3RUhxQTJEWXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy82ODZkZTYtYjEzYy00ZGFjLWFhYWUtZDhmZTJjMDg1ODEw
LzEvdkZPQTEwSy04a0lfejliVEE5YzZaNUY2cnNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuevEMA0G
CSqGSIb3DQEBCwUAA4IBAQAN4zbapVhUc8VE59HOAWymubdk7zq5yrpSu9Lx3dLe
zJDysuncFPmP2HY44JY9k8P47I1M/X4PjaTVgPaarfuip1E8bO11ligLrI88837o
zjY+uCy88tj10u0qppiOq32NaqcQLI7U8kewKomqQiyZM68xwHVcewvwSfqZBCV1
2ulUwQfeow9NWaQZeV7iLLNCKRYJyxOr146vLR++e1K1dt3jx3lZEtXo4kgoYTXz
FUAbkeodfXNm7q4iWaG4nlKCQ9LirOpggjAG0vJYQ9M7kGyUPFzQHJj/1yyI58oE
uIvZ4PIUyfvtbzlypUeWXiLUQTRZPCzX1INC4S1unQEr
-----END CERTIFICATE-----