Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/0QYQvmVhgY8fHxwpDhjjkHqTUsc.roa
File:                     0QYQvmVhgY8fHxwpDhjjkHqTUsc.roa (raw, json)
Hash identifier:          a/Etd4yVGnVihCDZXW5D/KOysk3eFfb2eIjBlzz70hg=
Subject key identifier:   D1:06:10:BE:65:61:81:8F:1F:1F:1C:29:0E:18:E3:90:7A:93:52:C7
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D2957CD5678D566533EBF570351D
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/0QYQvmVhgY8fHxwpDhjjkHqTUsc.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25938
IP address blocks:        213.86.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d2:95:7c:d5:67:8d:56:65:33:eb:f5:70:35:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d10610be6561818f1f1f1c290e18e3907a9352c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:83:d6:d4:c0:b4:d1:99:e7:c9:80:7b:ce:54:
                    a4:d5:63:f2:1d:ff:05:62:b3:92:c3:12:d3:28:87:
                    d2:87:2f:af:62:c9:aa:7b:6c:0f:93:81:68:fe:33:
                    93:d3:2a:0f:03:ec:ed:d5:09:33:1f:f3:25:23:17:
                    16:21:cd:ce:2b:78:dd:f4:3e:5b:9e:df:79:b9:ce:
                    ef:94:dd:67:94:7a:25:6f:a7:b1:02:1a:fe:51:c0:
                    35:6d:d1:b6:ef:c4:2e:5c:8c:2b:b7:c3:b6:88:22:
                    8a:19:cd:97:4d:d0:00:50:e3:68:bc:77:b4:8f:cc:
                    db:5f:8c:ed:89:e0:8d:91:0b:39:d3:e0:76:cf:81:
                    84:2b:d3:37:db:87:38:f1:ae:ca:e6:b4:8d:30:ea:
                    83:75:d2:3b:df:c3:b8:68:69:9d:1e:8e:b2:c1:03:
                    b9:6d:3b:1b:e9:e9:3c:38:9d:12:a7:27:ce:c9:3b:
                    73:52:a3:19:ac:31:1e:39:30:80:c4:2b:d5:2e:b6:
                    1b:54:35:e3:63:bc:0a:96:66:cc:f0:de:ed:13:8c:
                    e1:13:94:2c:76:53:47:77:87:87:e2:a5:04:54:a0:
                    96:dd:32:6f:e5:c9:0e:9d:18:93:a4:f7:4c:a3:7f:
                    4b:99:31:0b:07:17:5b:55:c5:d4:c6:13:3f:d2:a3:
                    f9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:06:10:BE:65:61:81:8F:1F:1F:1C:29:0E:18:E3:90:7A:93:52:C7
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/0QYQvmVhgY8fHxwpDhjjkHqTUsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.86.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:fa:ff:7e:97:87:58:87:07:8f:48:64:d8:8e:f1:e5:98:72:
         57:32:21:2d:49:08:a9:13:b0:24:52:ca:92:38:64:b3:c4:6e:
         c2:58:46:29:36:68:2c:f9:d5:ba:af:22:4e:b3:3f:c8:87:29:
         cf:34:e8:c2:3e:9c:29:2c:ce:cf:f1:7c:94:47:ab:6c:ec:70:
         e0:5b:23:21:99:2d:c2:8c:ab:01:e3:57:91:15:a4:35:48:6b:
         c5:db:a3:3d:ba:a4:49:e1:b6:cb:51:46:f2:a0:0b:20:8b:c7:
         0e:33:09:3b:ab:f3:a8:82:f3:6a:42:89:ed:2f:e0:f7:e8:dc:
         5d:94:3a:ca:2c:e5:a4:c6:21:59:c3:78:ed:84:7c:e4:49:58:
         29:31:9b:69:48:e6:27:8d:56:81:de:fd:c6:4d:b9:c6:66:c7:
         cc:49:b6:38:75:94:a6:ca:62:cc:9c:be:f9:da:16:61:4a:5a:
         ef:90:a2:9f:28:fc:6a:27:26:31:a7:d7:bd:14:8e:a5:b9:f9:
         6c:2b:14:46:a1:ff:df:c7:b3:94:55:9b:e4:ce:74:85:e8:ec:
         32:dd:fc:9a:39:65:b4:89:5c:2a:f2:f1:77:a6:6b:ab:cf:1a:
         fc:71:9e:26:f7:78:15:25:7a:f3:12:08:24:08:99:8d:15:da:
         2a:10:3f:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttKVfNVnjVZlM+v1cDUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTA2MTBiZTY1NjE4MThmMWYxZjFjMjkwZTE4ZTM5MDdhOTM1MmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4PW1MC00ZnnyYB7zlSk1WPyHf8F
YrOSwxLTKIfShy+vYsmqe2wPk4Fo/jOT0yoPA+zt1QkzH/MlIxcWIc3OK3jd9D5b
nt95uc7vlN1nlHolb6exAhr+UcA1bdG278QuXIwrt8O2iCKKGc2XTdAAUONovHe0
j8zbX4ztieCNkQs50+B2z4GEK9M324c48a7K5rSNMOqDddI738O4aGmdHo6ywQO5
bTsb6ek8OJ0SpyfOyTtzUqMZrDEeOTCAxCvVLrYbVDXjY7wKlmbM8N7tE4zhE5Qs
dlNHd4eH4qUEVKCW3TJv5ckOnRiTpPdMo39LmTELBxdbVcXUxhM/0qP5KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEGEL5lYYGPHx8cKQ4Y45B6k1LHMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvMFFZUXZtVmhnWThmSHh3cERoamprSHFUVXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VZVMA0G
CSqGSIb3DQEBCwUAA4IBAQBL+v9+l4dYhwePSGTYjvHlmHJXMiEtSQipE7AkUsqS
OGSzxG7CWEYpNmgs+dW6ryJOsz/IhynPNOjCPpwpLM7P8XyUR6ts7HDgWyMhmS3C
jKsB41eRFaQ1SGvF26M9uqRJ4bbLUUbyoAsgi8cOMwk7q/OogvNqQontL+D36Nxd
lDrKLOWkxiFZw3jthHzkSVgpMZtpSOYnjVaB3v3GTbnGZsfMSbY4dZSmymLMnL75
2hZhSlrvkKKfKPxqJyYxp9e9FI6luflsKxRGof/fx7OUVZvkznSF6Owy3fyaOWW0
iVwq8vF3pmurzxr8cZ4m93gVJXrzEggkCJmNFdoqED81
-----END CERTIFICATE-----