Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/Y8tHCvNiiDFe60vV3blETgG4RXE.roa
File:                     Y8tHCvNiiDFe60vV3blETgG4RXE.roa (raw, json)
Hash identifier:          a2c9CtDbpErT8gxP8WOoTQY/5TnUcVVblW1QWLfXPWI=
Subject key identifier:   63:CB:47:0A:F3:62:88:31:5E:EB:4B:D5:DD:B9:44:4E:01:B8:45:71
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC7277242763314E305BE377204AEE8C6
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/Y8tHCvNiiDFe60vV3blETgG4RXE.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43298
IP address blocks:        185.113.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:72:42:76:33:14:e3:05:be:37:72:04:ae:e8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63cb470af36288315eeb4bd5ddb9444e01b84571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d5:80:8f:ea:3e:4b:51:c2:8f:af:77:62:14:
                    60:3e:e0:11:01:ef:e4:98:53:ca:be:2d:d3:e5:b5:
                    7f:a3:e5:3f:9a:4d:d7:e1:fa:60:67:9e:2b:94:a8:
                    6e:2d:aa:2f:a9:20:be:85:43:74:9e:22:19:b4:d9:
                    9e:a2:7e:c6:11:08:c3:09:d8:63:60:ff:75:25:6d:
                    be:04:df:f7:63:62:14:46:0b:e7:4c:13:e5:23:23:
                    1d:f0:a3:05:9f:a8:96:7e:7b:49:91:57:ff:8c:67:
                    a6:b0:16:f9:4e:49:99:98:2d:d5:1d:bc:d6:e6:72:
                    a0:30:d3:4c:98:f1:4f:fc:27:0d:47:a5:b6:dd:40:
                    ec:91:ec:46:d7:9d:74:cc:29:53:10:47:6d:d7:77:
                    94:01:e0:e9:5c:fc:7f:1a:2a:8f:75:b5:82:03:46:
                    04:1c:b2:4e:6e:d7:9f:13:ac:87:e4:d3:da:6c:d8:
                    4c:79:ab:0a:aa:ee:83:0d:b3:ee:5c:38:2f:ef:e0:
                    ff:72:d0:f5:fc:4e:a1:82:0a:e2:2d:7a:94:bb:1b:
                    18:51:dd:c7:a4:3f:7a:c4:e5:fd:fd:7a:f2:33:a5:
                    31:e5:fc:df:e6:5e:aa:ce:c2:52:f1:88:b6:98:e2:
                    10:ce:56:8e:d9:d5:c6:e8:5b:0f:b4:03:d6:a3:4d:
                    ee:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CB:47:0A:F3:62:88:31:5E:EB:4B:D5:DD:B9:44:4E:01:B8:45:71
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/Y8tHCvNiiDFe60vV3blETgG4RXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e7:7b:40:78:0a:fc:d4:b5:f5:ca:3c:c6:2a:4b:62:d3:d6:
         2d:3d:a3:28:dc:e4:83:c2:73:4a:c7:be:39:2c:e1:a9:af:db:
         bf:37:2e:06:63:1b:fa:10:eb:bb:c1:8d:9f:80:71:75:12:8d:
         6b:9e:a9:33:65:9e:06:42:ec:af:28:dd:fb:f1:65:e3:3b:3e:
         ed:4a:d3:99:e4:5c:8d:b0:70:91:3c:ba:b7:e0:d2:68:f2:a2:
         25:a1:51:e7:b8:c8:f1:4d:62:cc:64:3f:c3:1d:30:8b:d4:f2:
         3f:e7:aa:d3:f8:38:65:05:74:22:08:b6:51:ff:95:71:cf:68:
         a8:5f:a7:e8:ee:67:26:9e:22:23:c7:a9:1b:10:c9:fb:28:7b:
         d9:69:4f:9e:72:45:9a:de:25:af:ca:15:aa:87:d3:4b:93:f0:
         9a:19:02:9d:0f:94:25:fa:94:ad:e4:b1:27:0c:ba:a4:ff:b7:
         d0:9a:15:23:83:9f:35:0e:f3:f9:f4:73:05:a7:f0:86:91:01:
         f4:f0:6f:49:4f:76:a8:a2:80:9a:e2:9d:22:45:e2:a8:61:38:
         33:0a:72:81:5a:b8:39:90:0f:f3:d7:6c:7c:ae:a8:cd:f6:18:
         5e:11:09:ad:06:b7:16:62:a9:9b:6a:ca:d4:31:7b:75:49:41:
         c2:0e:36:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3JCdjMU4wW+N3IErujGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2NiNDcwYWYzNjI4ODMxNWVlYjRiZDVkZGI5NDQ0ZTAxYjg0NTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNWAj+o+S1HCj693YhRgPuARAe/k
mFPKvi3T5bV/o+U/mk3X4fpgZ54rlKhuLaovqSC+hUN0niIZtNmeon7GEQjDCdhj
YP91JW2+BN/3Y2IURgvnTBPlIyMd8KMFn6iWfntJkVf/jGemsBb5TkmZmC3VHbzW
5nKgMNNMmPFP/CcNR6W23UDskexG1510zClTEEdt13eUAeDpXPx/GiqPdbWCA0YE
HLJObtefE6yH5NPabNhMeasKqu6DDbPuXDgv7+D/ctD1/E6hggriLXqUuxsYUd3H
pD96xOX9/XryM6Ux5fzf5l6qzsJS8Yi2mOIQzlaO2dXG6FsPtAPWo03uiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPLRwrzYogxXutL1d25RE4BuEVxMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvWTh0SEN2TmlpREZlNjB2VjNibEVUZ0c0UlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXGHMA0G
CSqGSIb3DQEBCwUAA4IBAQAe53tAeAr81LX1yjzGKkti09YtPaMo3OSDwnNKx745
LOGpr9u/Ny4GYxv6EOu7wY2fgHF1Eo1rnqkzZZ4GQuyvKN378WXjOz7tStOZ5FyN
sHCRPLq34NJo8qIloVHnuMjxTWLMZD/DHTCL1PI/56rT+DhlBXQiCLZR/5Vxz2io
X6fo7mcmniIjx6kbEMn7KHvZaU+eckWa3iWvyhWqh9NLk/CaGQKdD5Ql+pSt5LEn
DLqk/7fQmhUjg581DvP59HMFp/CGkQH08G9JT3aoooCa4p0iReKoYTgzCnKBWrg5
kA/z12x8rqjN9hheEQmtBrcWYqmbasrUMXt1SUHCDjYP
-----END CERTIFICATE-----