Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/CF5Fuf6p40faduRYrW7BHg02paY.roa
File:                     CF5Fuf6p40faduRYrW7BHg02paY.roa (raw, json)
Hash identifier:          vedr0ZZjAkfj4LM3mj0KEObKJahmBve4gZjYff1C94s=
Subject key identifier:   08:5E:45:B9:FE:A9:E3:47:DA:76:E4:58:AD:6E:C1:1E:0D:36:A5:A6
Certificate issuer:       /CN=de2b5cbf967a0349d889704bb4d61fa526a31d6f
Certificate serial:       018CC64AD2A29B96CAEFF06577F4CE2FAA7C
Authority key identifier: DE:2B:5C:BF:96:7A:03:49:D8:89:70:4B:B4:D6:1F:A5:26:A3:1D:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3itcv5Z6A0nYiXBLtNYfpSajHW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/CF5Fuf6p40faduRYrW7BHg02paY.roa
Signing time:             Mon 01 Jan 2024 18:30:41 +0000
ROA not before:           Mon 01 Jan 2024 18:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47396
IP address blocks:        195.216.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/3itcv5Z6A0nYiXBLtNYfpSajHW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/3itcv5Z6A0nYiXBLtNYfpSajHW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3itcv5Z6A0nYiXBLtNYfpSajHW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d2:a2:9b:96:ca:ef:f0:65:77:f4:ce:2f:aa:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de2b5cbf967a0349d889704bb4d61fa526a31d6f
        Validity
            Not Before: Jan  1 18:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=085e45b9fea9e347da76e458ad6ec11e0d36a5a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:39:cf:ba:1d:0f:51:52:41:48:2a:e1:80:0f:
                    34:80:09:58:ca:bd:6a:34:62:ac:0d:34:6a:ec:72:
                    8b:fc:a1:79:f4:fa:29:9d:d2:42:fc:27:70:c9:84:
                    0f:bd:66:86:4e:1a:68:96:a1:a8:11:ba:34:44:80:
                    67:42:3e:fc:5e:5d:01:f3:c1:94:d2:80:b3:48:68:
                    78:c0:a3:be:46:0f:0f:d0:7d:87:30:99:96:ac:aa:
                    27:d3:54:b4:0c:aa:64:9f:ea:94:6a:3f:60:7d:fd:
                    92:69:09:b9:c8:3b:45:6b:55:1e:e8:59:7e:0e:ac:
                    61:1a:00:19:f4:29:24:dc:64:1c:24:a7:34:92:42:
                    2f:fd:00:93:7e:3a:3c:94:fd:07:64:31:28:12:c7:
                    77:fc:19:70:e7:63:82:d7:e1:c9:c1:cc:d3:ba:95:
                    ad:ba:8a:4f:35:e3:75:17:76:ea:e6:69:f5:93:22:
                    ff:d9:e0:f1:7e:48:45:43:af:0f:a3:64:b2:25:d8:
                    a3:d8:03:3e:79:5d:20:17:f7:b7:c7:1a:11:2f:73:
                    70:92:a5:75:2d:39:e9:46:0b:c9:26:5c:52:57:66:
                    04:22:ea:fd:ca:db:2b:ad:fa:82:d3:57:f3:5e:26:
                    65:5f:0f:4f:36:cb:42:23:8b:0a:ee:00:49:9e:80:
                    47:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5E:45:B9:FE:A9:E3:47:DA:76:E4:58:AD:6E:C1:1E:0D:36:A5:A6
            X509v3 Authority Key Identifier:
                keyid:DE:2B:5C:BF:96:7A:03:49:D8:89:70:4B:B4:D6:1F:A5:26:A3:1D:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3itcv5Z6A0nYiXBLtNYfpSajHW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/CF5Fuf6p40faduRYrW7BHg02paY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/646e7d-4f46-407c-bdd0-fd72d962df27/1/3itcv5Z6A0nYiXBLtNYfpSajHW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:80:89:ac:50:65:ed:b3:4d:40:52:1a:8f:93:a1:db:e0:6a:
         ed:f4:86:a9:e9:fd:10:77:70:e5:74:c0:07:be:15:f0:3f:a3:
         78:4f:27:9f:f4:50:fa:e9:f1:cb:b3:4d:6e:58:8d:c7:04:89:
         4e:b7:6f:fc:fe:47:c3:47:32:72:44:2b:54:03:ae:dc:4f:ae:
         17:ef:67:d4:5c:e1:a3:26:66:71:1f:39:41:47:65:38:77:5a:
         dd:ac:5a:f7:be:c7:d0:9c:7c:0b:ea:b1:3d:c7:44:6b:e4:fe:
         12:fa:fb:15:5e:1e:0b:43:02:47:3d:5b:07:e0:b1:be:90:aa:
         8c:32:5c:2f:06:c3:0f:15:35:32:06:94:75:6d:9a:31:6a:d3:
         a2:3b:11:36:b6:df:5c:8f:ce:e7:5c:d7:98:3c:12:6a:49:10:
         b9:49:e9:b8:83:0b:46:be:1b:3c:94:b7:66:2c:5a:bd:3e:f7:
         15:8c:25:2e:7e:ca:35:d9:c8:09:ea:38:d8:c1:a8:92:44:db:
         ed:7b:52:f9:2f:dd:7a:59:38:22:50:b2:09:fb:2a:80:a1:75:
         3f:1a:7d:4f:95:07:d4:65:61:4e:68:bf:9b:c7:bc:b6:7f:5d:
         57:b7:52:6d:11:fd:bb:ae:c5:d7:4f:82:01:51:9f:6d:37:7d:
         f4:f9:b2:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStKim5bK7/Bld/TOL6p8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMmI1Y2JmOTY3YTAzNDlkODg5NzA0YmI0ZDYxZmE1MjZh
MzFkNmYwHhcNMjQwMTAxMTgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVlNDViOWZlYTllMzQ3ZGE3NmU0NThhZDZlYzExZTBkMzZhNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTnPuh0PUVJBSCrhgA80gAlYyr1q
NGKsDTRq7HKL/KF59PopndJC/CdwyYQPvWaGThpolqGoEbo0RIBnQj78Xl0B88GU
0oCzSGh4wKO+Rg8P0H2HMJmWrKon01S0DKpkn+qUaj9gff2SaQm5yDtFa1Ue6Fl+
DqxhGgAZ9Ckk3GQcJKc0kkIv/QCTfjo8lP0HZDEoEsd3/Blw52OC1+HJwczTupWt
uopPNeN1F3bq5mn1kyL/2eDxfkhFQ68Po2SyJdij2AM+eV0gF/e3xxoRL3NwkqV1
LTnpRgvJJlxSV2YEIur9ytsrrfqC01fzXiZlXw9PNstCI4sK7gBJnoBHQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAheRbn+qeNH2nbkWK1uwR4NNqWmMB8GA1UdIwQY
MBaAFN4rXL+WegNJ2IlwS7TWH6Umox1vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2l0Y3Y1WjZBMG5ZaVhCTHROWWZwU2FqSFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi82NDZlN2QtNGY0Ni00MDdjLWJkZDAt
ZmQ3MmQ5NjJkZjI3LzEvQ0Y1RnVmNnA0MGZhZHVSWXJXN0JIZzAycGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi82NDZlN2QtNGY0Ni00MDdjLWJkZDAtZmQ3MmQ5NjJkZjI3
LzEvM2l0Y3Y1WjZBMG5ZaVhCTHROWWZwU2FqSFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j6MA0G
CSqGSIb3DQEBCwUAA4IBAQCHgImsUGXts01AUhqPk6Hb4Grt9Iap6f0Qd3DldMAH
vhXwP6N4Tyef9FD66fHLs01uWI3HBIlOt2/8/kfDRzJyRCtUA67cT64X72fUXOGj
JmZxHzlBR2U4d1rdrFr3vsfQnHwL6rE9x0Rr5P4S+vsVXh4LQwJHPVsH4LG+kKqM
MlwvBsMPFTUyBpR1bZoxatOiOxE2tt9cj87nXNeYPBJqSRC5Sem4gwtGvhs8lLdm
LFq9PvcVjCUufso12cgJ6jjYwaiSRNvte1L5L916WTgiULIJ+yqAoXU/Gn1PlQfU
ZWFOaL+bx7y2f11Xt1JtEf27rsXXT4IBUZ9tN330+bK3
-----END CERTIFICATE-----