Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/f2e3pBYArH8MRuEYi3JDqJGGX_I.roa
File:                     f2e3pBYArH8MRuEYi3JDqJGGX_I.roa (raw, json)
Hash identifier:          HDiLeae1WjBqOdkX1l7fFhyS6eC70vWko4BVEbFuf5Y=
Subject key identifier:   7F:67:B7:A4:16:00:AC:7F:0C:46:E1:18:8B:72:43:A8:91:86:5F:F2
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018DFA3141FA3F0C58A46F5DF89B364939EE
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/f2e3pBYArH8MRuEYi3JDqJGGX_I.roa
Signing time:             Fri 01 Mar 2024 13:25:48 +0000
ROA not before:           Fri 01 Mar 2024 13:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        185.104.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:31:41:fa:3f:0c:58:a4:6f:5d:f8:9b:36:49:39:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Mar  1 13:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f67b7a41600ac7f0c46e1188b7243a891865ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d6:0d:fa:46:63:32:5c:eb:bf:3c:51:1b:e6:
                    0f:7a:c5:05:d3:77:c0:1c:f6:25:3f:5b:0f:e1:24:
                    8e:22:dc:3f:fb:97:55:11:9e:6c:92:11:fe:85:de:
                    04:0a:d3:eb:c7:f7:88:a2:88:e2:7d:91:de:a0:0d:
                    d4:fe:91:5e:c4:2a:cf:16:91:ee:83:ae:21:b1:f8:
                    7e:09:6b:9e:7d:a9:56:4b:1e:5b:a9:86:bb:a2:a2:
                    1c:d0:1b:15:57:9c:8e:a4:3c:87:6b:29:3f:88:fb:
                    a2:f8:51:00:60:16:2d:b6:68:ec:5f:95:0d:70:01:
                    5d:a0:70:3a:91:44:cc:68:80:e5:05:90:dd:29:50:
                    28:85:82:55:b1:f4:21:0d:58:29:89:b4:c0:ba:11:
                    b6:59:93:26:cc:94:c7:f9:22:b6:5b:11:0b:5a:8d:
                    47:12:e5:9a:8d:45:04:70:3c:6b:60:19:cf:21:34:
                    6e:2f:23:fe:8c:8f:12:d8:4c:a4:8f:e7:34:50:9d:
                    03:05:da:28:fe:fb:eb:71:ab:d6:cf:c8:2e:ad:2b:
                    fd:f0:b9:c9:3c:2e:88:29:b3:e6:14:d0:a0:49:cb:
                    2d:75:05:3c:bd:4e:00:4d:15:42:7d:5f:c0:6e:33:
                    79:cc:09:27:a8:19:8b:da:43:bd:69:c6:13:ed:0c:
                    d7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:67:B7:A4:16:00:AC:7F:0C:46:E1:18:8B:72:43:A8:91:86:5F:F2
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/f2e3pBYArH8MRuEYi3JDqJGGX_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4c:a7:bf:59:d4:bd:af:b2:3e:38:a3:cc:e5:46:52:de:f9:
         57:18:fc:d2:82:c4:3f:e9:64:26:54:fa:a8:93:33:c4:7b:c7:
         99:ec:06:98:61:c5:7d:69:46:71:2e:29:fe:6c:a3:8b:9a:8e:
         a0:2a:73:a6:66:7d:7b:61:72:e8:1c:0c:06:f1:35:16:70:34:
         a4:e7:d6:31:94:d9:21:68:55:1b:9b:ef:75:9b:82:73:8a:88:
         21:da:32:3e:c6:22:9a:e9:41:fa:5f:3f:8b:6b:0a:a2:38:db:
         97:39:29:4a:66:d9:e2:58:36:f1:8c:78:3d:3f:06:c9:e8:75:
         6d:0a:98:4c:4a:54:3f:57:67:36:df:bf:af:3a:7d:0d:af:ed:
         df:8e:e0:49:4a:d7:11:f3:04:8d:2b:ae:ae:55:e3:18:83:89:
         bb:25:a0:49:0d:64:bc:26:6f:6a:a0:98:bd:6b:f3:84:6c:e6:
         a1:a0:8b:aa:4e:1a:e6:6a:68:9e:cd:5e:98:54:1d:a1:ce:ca:
         e7:55:c4:55:7e:e0:04:d6:b0:4e:c4:2d:21:d8:01:f7:72:07:
         0e:eb:7b:c7:4d:a0:d2:bf:f6:94:4c:ec:5c:f3:66:94:05:ee:
         ce:ba:eb:f6:98:88:9a:de:a2:f8:d9:ae:a1:61:b7:8f:7a:93:
         44:05:63:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY36MUH6PwxYpG9d+Js2STnuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMzAxMTMyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjY3YjdhNDE2MDBhYzdmMGM0NmUxMTg4YjcyNDNhODkxODY1ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNYN+kZjMlzrvzxRG+YPesUF03fA
HPYlP1sP4SSOItw/+5dVEZ5skhH+hd4ECtPrx/eIoojifZHeoA3U/pFexCrPFpHu
g64hsfh+CWuefalWSx5bqYa7oqIc0BsVV5yOpDyHayk/iPui+FEAYBYttmjsX5UN
cAFdoHA6kUTMaIDlBZDdKVAohYJVsfQhDVgpibTAuhG2WZMmzJTH+SK2WxELWo1H
EuWajUUEcDxrYBnPITRuLyP+jI8S2Eykj+c0UJ0DBdoo/vvrcavWz8gurSv98LnJ
PC6IKbPmFNCgScstdQU8vU4ATRVCfV/AbjN5zAknqBmL2kO9acYT7QzXfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9nt6QWAKx/DEbhGItyQ6iRhl/yMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvZjJlM3BCWUFySDhNUnVFWWkzSkRxSkdHWF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWgMMA0G
CSqGSIb3DQEBCwUAA4IBAQBDTKe/WdS9r7I+OKPM5UZS3vlXGPzSgsQ/6WQmVPqo
kzPEe8eZ7AaYYcV9aUZxLin+bKOLmo6gKnOmZn17YXLoHAwG8TUWcDSk59YxlNkh
aFUbm+91m4Jziogh2jI+xiKa6UH6Xz+LawqiONuXOSlKZtniWDbxjHg9PwbJ6HVt
CphMSlQ/V2c237+vOn0Nr+3fjuBJStcR8wSNK66uVeMYg4m7JaBJDWS8Jm9qoJi9
a/OEbOahoIuqThrmamiezV6YVB2hzsrnVcRVfuAE1rBOxC0h2AH3cgcO63vHTaDS
v/aUTOxc82aUBe7Ouuv2mIia3qL42a6hYbePepNEBWNL
-----END CERTIFICATE-----