Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/t8ykx25TKUWmrFeCiH3TZwokDCQ.roa
File:                     t8ykx25TKUWmrFeCiH3TZwokDCQ.roa (raw, json)
Hash identifier:          2QZAvzskcWX+Qat5M6L43i4RnJo1H1cuT9jowaNe+Hc=
Subject key identifier:   B7:CC:A4:C7:6E:53:29:45:A6:AC:57:82:88:7D:D3:67:0A:24:0C:24
Certificate issuer:       /CN=84a3cf114be4fa4c4ff76b218fad50e51739160d
Certificate serial:       018CCA2A0D7C24A827B7242A0F5D1211CB5A
Authority key identifier: 84:A3:CF:11:4B:E4:FA:4C:4F:F7:6B:21:8F:AD:50:E5:17:39:16:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKPPEUvk-kxP92shj61Q5Rc5Fg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/t8ykx25TKUWmrFeCiH3TZwokDCQ.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212140
IP address blocks:        185.205.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/hKPPEUvk-kxP92shj61Q5Rc5Fg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/hKPPEUvk-kxP92shj61Q5Rc5Fg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKPPEUvk-kxP92shj61Q5Rc5Fg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0d:7c:24:a8:27:b7:24:2a:0f:5d:12:11:cb:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a3cf114be4fa4c4ff76b218fad50e51739160d
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7cca4c76e532945a6ac5782887dd3670a240c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2b:41:c2:98:69:41:81:e2:47:e6:5f:07:0e:
                    e5:26:62:41:15:4e:19:6b:d0:3a:34:5a:2a:f1:a8:
                    82:58:8e:21:d7:d0:80:61:ca:3f:af:a6:76:2f:4f:
                    ec:82:0d:2e:cb:e6:98:ac:a7:a6:a2:53:ed:a9:fe:
                    c1:0e:94:aa:0f:e0:bb:84:fa:6e:28:49:27:e1:5d:
                    25:cb:e6:3c:02:00:93:e9:34:a4:78:51:a8:8d:f8:
                    9a:73:93:ac:7e:b1:ba:a7:07:47:d6:62:ba:7f:38:
                    1c:86:48:4f:6a:31:ab:b6:84:ed:f4:51:3f:63:c4:
                    85:c2:55:2c:d0:3f:ec:90:d6:e5:44:ee:d4:f0:27:
                    f7:18:33:13:90:83:86:5c:55:fd:c6:85:53:31:09:
                    e7:ba:bb:7c:73:3c:96:ad:b9:b4:90:bc:86:c4:4a:
                    59:a4:c3:59:f5:ba:69:b6:bc:b2:7a:fc:fd:88:09:
                    b0:ad:09:d3:4f:42:68:66:37:5b:8b:63:79:45:c3:
                    6a:db:1e:c8:91:16:65:30:14:4b:6b:0c:82:ee:55:
                    9e:2e:19:3e:1d:aa:ee:b1:3e:79:55:bc:84:e7:72:
                    39:ce:23:3c:46:81:10:16:46:0b:62:32:d8:73:dc:
                    7a:56:08:ec:f4:93:18:43:c0:88:a6:83:39:b8:92:
                    bf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CC:A4:C7:6E:53:29:45:A6:AC:57:82:88:7D:D3:67:0A:24:0C:24
            X509v3 Authority Key Identifier:
                keyid:84:A3:CF:11:4B:E4:FA:4C:4F:F7:6B:21:8F:AD:50:E5:17:39:16:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKPPEUvk-kxP92shj61Q5Rc5Fg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/t8ykx25TKUWmrFeCiH3TZwokDCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/605f46-7d4c-46b8-baa5-539329bed46e/1/hKPPEUvk-kxP92shj61Q5Rc5Fg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:d7:0a:90:37:fb:eb:3a:5d:39:08:5f:8d:08:67:e8:65:be:
         47:52:e1:49:e8:af:52:48:f8:d0:59:a0:72:f2:4f:f7:e0:cb:
         2a:81:18:7b:c0:10:21:d4:b0:df:6f:8a:e9:1f:f9:82:16:38:
         6a:a9:46:52:7e:18:3e:02:ee:ba:e1:f7:10:c2:d4:f6:57:4e:
         04:b8:46:99:9e:29:32:da:45:54:10:a8:a9:15:31:01:8a:03:
         ac:5f:9d:60:3b:85:29:3f:b5:00:67:fa:0a:91:21:dd:d3:bd:
         d6:83:b5:15:53:89:6b:a6:02:7a:62:b4:da:a5:05:68:ea:d8:
         7d:c8:0c:f3:dc:ff:d4:ef:97:70:57:ff:41:e2:36:51:3a:e8:
         73:b1:8b:1f:64:c9:2f:47:77:31:b4:f0:94:5b:77:38:e3:fb:
         b4:1a:f5:18:49:bf:63:89:c7:67:21:ac:d2:a0:db:80:d5:44:
         4a:d0:b5:5b:08:49:b4:d0:d5:06:f8:f8:bb:68:70:0f:37:3b:
         54:03:00:67:6e:8c:44:cf:b7:a1:77:83:65:88:f0:7f:48:a7:
         ca:e4:26:41:b8:3b:9d:3f:d8:4b:81:dc:e3:99:15:e8:f4:c2:
         2f:22:9a:09:26:ed:2f:84:bf:46:01:f3:ae:b1:ae:9e:3a:26:
         36:7e:ce:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKg18JKgntyQqD10SEctaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTNjZjExNGJlNGZhNGM0ZmY3NmIyMThmYWQ1MGU1MTcz
OTE2MGQwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2NjYTRjNzZlNTMyOTQ1YTZhYzU3ODI4ODdkZDM2NzBhMjQwYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkStBwphpQYHiR+ZfBw7lJmJBFU4Z
a9A6NFoq8aiCWI4h19CAYco/r6Z2L0/sgg0uy+aYrKemolPtqf7BDpSqD+C7hPpu
KEkn4V0ly+Y8AgCT6TSkeFGojfiac5OsfrG6pwdH1mK6fzgchkhPajGrtoTt9FE/
Y8SFwlUs0D/skNblRO7U8Cf3GDMTkIOGXFX9xoVTMQnnurt8czyWrbm0kLyGxEpZ
pMNZ9bpptryyevz9iAmwrQnTT0JoZjdbi2N5RcNq2x7IkRZlMBRLawyC7lWeLhk+
HarusT55VbyE53I5ziM8RoEQFkYLYjLYc9x6Vgjs9JMYQ8CIpoM5uJK/cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfMpMduUylFpqxXgoh902cKJAwkMB8GA1UdIwQY
MBaAFISjzxFL5PpMT/drIY+tUOUXORYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtQUEVVdmsta3hQOTJzaGo2MVE1UmM1RmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS82MDVmNDYtN2Q0Yy00NmI4LWJhYTUt
NTM5MzI5YmVkNDZlLzEvdDh5a3gyNVRLVVdtckZlQ2lIM1Rad29rRENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS82MDVmNDYtN2Q0Yy00NmI4LWJhYTUtNTM5MzI5YmVkNDZl
LzEvaEtQUEVVdmsta3hQOTJzaGo2MVE1UmM1RmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc1HMA0G
CSqGSIb3DQEBCwUAA4IBAQCf1wqQN/vrOl05CF+NCGfoZb5HUuFJ6K9SSPjQWaBy
8k/34MsqgRh7wBAh1LDfb4rpH/mCFjhqqUZSfhg+Au664fcQwtT2V04EuEaZniky
2kVUEKipFTEBigOsX51gO4UpP7UAZ/oKkSHd073Wg7UVU4lrpgJ6YrTapQVo6th9
yAzz3P/U75dwV/9B4jZROuhzsYsfZMkvR3cxtPCUW3c44/u0GvUYSb9jicdnIazS
oNuA1URK0LVbCEm00NUG+Pi7aHAPNztUAwBnboxEz7ehd4NliPB/SKfK5CZBuDud
P9hLgdzjmRXo9MIvIpoJJu0vhL9GAfOusa6eOiY2fs61
-----END CERTIFICATE-----