Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/in1yhgF-cCERXcu2NtwiBt_jW4s.roa
File:                     in1yhgF-cCERXcu2NtwiBt_jW4s.roa (raw, json)
Hash identifier:          GMjBFvLWdmCaksTRyAmJKx/Zh0CbDg/GYjnYc/8Tcbs=
Subject key identifier:   8A:7D:72:86:01:7E:70:21:11:5D:CB:B6:36:DC:22:06:DF:E3:5B:8B
Certificate issuer:       /CN=d8300936fb500a7456440aba8b3b8ad53c9f0140
Certificate serial:       018CCA991472D4393F3482F541999C506239
Authority key identifier: D8:30:09:36:FB:50:0A:74:56:44:0A:BA:8B:3B:8A:D5:3C:9F:01:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2DAJNvtQCnRWRAq6izuK1TyfAUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/in1yhgF-cCERXcu2NtwiBt_jW4s.roa
Signing time:             Tue 02 Jan 2024 14:34:38 +0000
ROA not before:           Tue 02 Jan 2024 14:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206922
IP address blocks:        185.171.246.0/24 maxlen: 24
                          185.171.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/2DAJNvtQCnRWRAq6izuK1TyfAUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/2DAJNvtQCnRWRAq6izuK1TyfAUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2DAJNvtQCnRWRAq6izuK1TyfAUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:14:72:d4:39:3f:34:82:f5:41:99:9c:50:62:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8300936fb500a7456440aba8b3b8ad53c9f0140
        Validity
            Not Before: Jan  2 14:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a7d7286017e7021115dcbb636dc2206dfe35b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:93:2d:5c:ea:9b:f7:c4:58:e3:5f:ab:9a:ed:
                    99:5e:97:dd:ba:aa:bb:cd:27:ef:bc:b9:82:8b:0b:
                    76:b4:11:16:01:b9:45:2c:8c:43:9c:03:03:89:20:
                    e1:56:8b:fb:8c:29:08:8a:3f:b9:9c:fe:c1:7d:a4:
                    3d:b5:5e:84:38:24:58:6f:db:66:23:5e:8b:d0:b0:
                    fe:ad:92:73:e6:2e:db:cf:43:1b:b0:97:59:08:70:
                    00:a4:04:9d:78:ab:c8:66:11:9b:9a:28:59:bf:79:
                    42:ed:cb:bb:a0:b8:51:df:d5:c9:4e:93:a9:da:c7:
                    87:34:94:8d:ef:4c:64:8f:86:1f:8b:29:89:ab:c5:
                    16:10:f0:58:38:89:28:61:aa:a3:67:ef:da:1c:19:
                    2b:c0:bd:5d:53:26:80:fa:11:0b:37:8e:1b:05:a5:
                    45:ee:82:a1:6b:36:40:ad:33:50:48:1a:42:ca:12:
                    cb:1c:31:08:a3:19:c1:73:c3:da:37:3a:f5:3b:05:
                    3f:f1:36:b7:e9:0c:1d:07:e4:ba:d1:1a:58:07:be:
                    96:42:5d:9e:c5:15:60:74:96:7c:87:95:5d:7b:be:
                    40:e4:c1:17:87:c5:9c:fd:e6:b6:ec:3a:0d:91:49:
                    70:1a:52:b9:e8:26:c2:d9:3f:ae:17:93:dc:27:93:
                    ff:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:7D:72:86:01:7E:70:21:11:5D:CB:B6:36:DC:22:06:DF:E3:5B:8B
            X509v3 Authority Key Identifier:
                keyid:D8:30:09:36:FB:50:0A:74:56:44:0A:BA:8B:3B:8A:D5:3C:9F:01:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2DAJNvtQCnRWRAq6izuK1TyfAUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/in1yhgF-cCERXcu2NtwiBt_jW4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/77f2aa-cc0c-4f15-8b39-addcd8552026/1/2DAJNvtQCnRWRAq6izuK1TyfAUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:da:7d:19:df:84:03:71:08:cc:7c:92:01:a1:3e:ce:15:d7:
         00:d5:51:92:8e:40:1d:80:0d:99:ec:b9:f6:07:08:89:f3:98:
         36:e9:6f:0d:44:77:5f:11:22:94:3a:6d:83:5a:f5:b1:a9:be:
         22:26:82:dc:72:60:91:fb:0b:6c:ad:99:9d:50:24:5e:f1:e8:
         75:61:ee:04:79:0f:e8:95:3c:97:58:98:6e:83:ce:ea:f4:1f:
         f0:22:b0:f8:04:50:b0:30:23:8c:dc:3a:0c:1d:e7:7e:a2:e5:
         e9:fd:38:80:ca:12:20:52:1b:01:b8:2a:10:ea:65:49:70:f8:
         b6:a5:22:44:00:14:c1:47:8f:e5:65:c9:dd:40:b8:c9:f5:ac:
         8e:e7:5b:7d:40:ed:07:9f:64:13:93:02:41:08:ce:77:1b:17:
         81:db:cc:4e:86:81:1f:2c:b4:d9:35:04:20:70:2d:e2:ac:fe:
         04:43:8c:98:91:17:3b:db:72:04:38:45:01:21:75:b6:a0:dc:
         fd:ee:10:c8:18:02:87:16:58:9f:3c:d0:e9:aa:fc:80:3f:a7:
         18:f8:95:ab:6b:91:b8:d5:51:97:9d:24:54:8c:45:d6:56:3e:
         16:af:db:1a:04:82:59:f0:ba:1e:80:55:b7:09:f4:ca:3e:f0:
         d6:f6:00:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmRRy1Dk/NIL1QZmcUGI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MzAwOTM2ZmI1MDBhNzQ1NjQ0MGFiYThiM2I4YWQ1M2M5
ZjAxNDAwHhcNMjQwMTAyMTQzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTdkNzI4NjAxN2U3MDIxMTE1ZGNiYjYzNmRjMjIwNmRmZTM1YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZMtXOqb98RY41+rmu2ZXpfduqq7
zSfvvLmCiwt2tBEWAblFLIxDnAMDiSDhVov7jCkIij+5nP7BfaQ9tV6EOCRYb9tm
I16L0LD+rZJz5i7bz0MbsJdZCHAApASdeKvIZhGbmihZv3lC7cu7oLhR39XJTpOp
2seHNJSN70xkj4YfiymJq8UWEPBYOIkoYaqjZ+/aHBkrwL1dUyaA+hELN44bBaVF
7oKhazZArTNQSBpCyhLLHDEIoxnBc8PaNzr1OwU/8Ta36QwdB+S60RpYB76WQl2e
xRVgdJZ8h5Vde75A5MEXh8Wc/ea27DoNkUlwGlK56CbC2T+uF5PcJ5P/AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIp9coYBfnAhEV3LtjbcIgbf41uLMB8GA1UdIwQY
MBaAFNgwCTb7UAp0VkQKuos7itU8nwFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkRBSk52dFFDblJXUkFxNml6dUsxVHlmQVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83N2YyYWEtY2MwYy00ZjE1LThiMzkt
YWRkY2Q4NTUyMDI2LzEvaW4xeWhnRi1jQ0VSWGN1Mk50d2lCdF9qVzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83N2YyYWEtY2MwYy00ZjE1LThiMzktYWRkY2Q4NTUyMDI2
LzEvMkRBSk52dFFDblJXUkFxNml6dUsxVHlmQVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuav2MA0G
CSqGSIb3DQEBCwUAA4IBAQA12n0Z34QDcQjMfJIBoT7OFdcA1VGSjkAdgA2Z7Ln2
BwiJ85g26W8NRHdfESKUOm2DWvWxqb4iJoLccmCR+wtsrZmdUCRe8eh1Ye4EeQ/o
lTyXWJhug87q9B/wIrD4BFCwMCOM3DoMHed+ouXp/TiAyhIgUhsBuCoQ6mVJcPi2
pSJEABTBR4/lZcndQLjJ9ayO51t9QO0Hn2QTkwJBCM53GxeB28xOhoEfLLTZNQQg
cC3irP4EQ4yYkRc723IEOEUBIXW2oNz97hDIGAKHFlifPNDpqvyAP6cY+JWra5G4
1VGXnSRUjEXWVj4Wr9saBIJZ8LoegFW3CfTKPvDW9gAf
-----END CERTIFICATE-----