Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/sSScfpXmOaLt3HkZvAcAEoK97Eg.roa
File:                     sSScfpXmOaLt3HkZvAcAEoK97Eg.roa (raw, json)
Hash identifier:          7ihshxAi9Rom+Fc63SleKwfyCGAsG0u8mQCiywY+V+E=
Subject key identifier:   B1:24:9C:7E:95:E6:39:A2:ED:DC:79:19:BC:07:00:12:82:BD:EC:48
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADE39D198B9760AD29D06290F920A
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/sSScfpXmOaLt3HkZvAcAEoK97Eg.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212994
IP address blocks:        185.39.28.0/24 maxlen: 24
                          185.39.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:de:39:d1:98:b9:76:0a:d2:9d:06:29:0f:92:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1249c7e95e639a2eddc7919bc07001282bdec48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:63:f6:a7:47:6b:25:fc:17:8e:1f:fe:74:af:
                    26:3d:75:3d:fe:7e:f5:68:b0:d0:53:87:3f:41:51:
                    ed:85:60:9b:5f:f4:57:ab:c5:3f:ed:a0:28:ef:c3:
                    5b:43:5f:43:90:9d:27:46:77:aa:7d:bc:80:e8:40:
                    7d:93:ae:05:fc:08:83:d9:2b:14:7b:7e:5d:47:65:
                    9b:d2:d3:b7:ed:fa:26:74:ef:dc:a5:c4:b4:72:46:
                    8f:d8:79:7b:a1:36:51:8d:9d:d1:72:52:46:ee:73:
                    a6:60:49:85:50:4b:fa:40:5e:7f:5c:54:a4:09:54:
                    30:68:1e:35:2d:5f:91:d6:08:a4:88:0d:db:81:55:
                    4f:58:fd:56:ce:3e:46:4b:aa:68:95:26:dc:65:f0:
                    62:7f:16:6b:2c:0b:ce:bb:37:3a:c8:90:b1:10:22:
                    05:bb:3a:80:fc:49:50:d0:bf:be:31:46:e2:08:0d:
                    7c:ac:1b:b1:27:e7:86:b4:01:a5:f8:7c:bf:c4:3f:
                    58:4c:a5:53:8c:30:79:5c:0f:84:f4:bb:98:d0:1e:
                    62:7e:fc:8c:d4:dc:55:3d:26:c8:0d:ce:5d:34:6f:
                    5c:09:70:b4:6a:70:aa:31:2c:63:49:18:92:a9:4d:
                    f3:6f:a8:9f:bf:c1:65:32:7f:75:f8:71:e7:06:5c:
                    21:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:24:9C:7E:95:E6:39:A2:ED:DC:79:19:BC:07:00:12:82:BD:EC:48
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/sSScfpXmOaLt3HkZvAcAEoK97Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:c0:61:3c:e1:39:8a:b2:f5:40:e1:07:ea:e6:35:9c:3d:7e:
         22:12:e5:fe:bb:23:f4:69:bb:fa:f7:e7:85:77:4a:aa:a2:18:
         b5:97:e7:d0:bc:7f:02:58:b3:b3:fe:b1:7a:1e:32:4c:46:c0:
         1b:81:24:ab:c7:3a:12:5d:85:fd:59:04:2e:a8:fd:7d:c6:b1:
         e7:00:95:f9:06:8b:e8:c9:d3:3e:74:98:3c:4d:e0:b2:71:6b:
         98:42:f3:b8:45:b7:b7:63:4c:f1:4e:d6:8b:2e:ef:af:1d:00:
         6a:7c:2c:1d:e7:e2:13:45:9e:98:92:35:a5:fc:8a:32:49:4e:
         3c:e2:43:b8:78:2f:23:13:29:b9:e8:f3:f5:ce:6d:9a:4d:a5:
         6b:de:6b:33:90:2a:89:be:8d:16:5b:5a:d1:83:3a:d8:69:d8:
         f6:6c:f2:6c:65:c3:85:2b:37:0f:09:06:40:f1:dc:c3:bb:cf:
         30:ab:8d:07:b1:88:9c:16:b5:bf:7a:fa:47:92:e9:c7:d9:1b:
         14:5e:24:8a:38:0b:06:51:21:14:08:13:1c:7e:38:c9:40:4b:
         2d:31:b5:93:ac:63:39:b4:dd:78:6d:bf:de:b0:12:6e:6b:76:
         e8:7a:ad:ab:13:1c:cd:fe:27:3a:39:2a:b2:c9:f9:e1:48:bc:
         90:9a:d4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt450Zi5dgrSnQYpD5IKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTI0OWM3ZTk1ZTYzOWEyZWRkYzc5MTliYzA3MDAxMjgyYmRlYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2P2p0drJfwXjh/+dK8mPXU9/n71
aLDQU4c/QVHthWCbX/RXq8U/7aAo78NbQ19DkJ0nRneqfbyA6EB9k64F/AiD2SsU
e35dR2Wb0tO37fomdO/cpcS0ckaP2Hl7oTZRjZ3RclJG7nOmYEmFUEv6QF5/XFSk
CVQwaB41LV+R1gikiA3bgVVPWP1Wzj5GS6polSbcZfBifxZrLAvOuzc6yJCxECIF
uzqA/ElQ0L++MUbiCA18rBuxJ+eGtAGl+Hy/xD9YTKVTjDB5XA+E9LuY0B5ifvyM
1NxVPSbIDc5dNG9cCXC0anCqMSxjSRiSqU3zb6ifv8FlMn91+HHnBlwh1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEknH6V5jmi7dx5GbwHABKCvexIMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvc1NTY2ZwWG1PYUx0M0hrWnZBY0FFb0s5N0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSccMA0G
CSqGSIb3DQEBCwUAA4IBAQBDwGE84TmKsvVA4Qfq5jWcPX4iEuX+uyP0abv69+eF
d0qqohi1l+fQvH8CWLOz/rF6HjJMRsAbgSSrxzoSXYX9WQQuqP19xrHnAJX5Bovo
ydM+dJg8TeCycWuYQvO4Rbe3Y0zxTtaLLu+vHQBqfCwd5+ITRZ6YkjWl/IoySU48
4kO4eC8jEym56PP1zm2aTaVr3mszkCqJvo0WW1rRgzrYadj2bPJsZcOFKzcPCQZA
8dzDu88wq40HsYicFrW/evpHkunH2RsUXiSKOAsGUSEUCBMcfjjJQEstMbWTrGM5
tN14bb/esBJua3boeq2rExzN/ic6OSqyyfnhSLyQmtQo
-----END CERTIFICATE-----