Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/nS2FuSQT3z67he_dnkSiPIE7jK8.roa
File:                     nS2FuSQT3z67he_dnkSiPIE7jK8.roa (raw, json)
Hash identifier:          JCw8rI/CWQ6mJ5WHmXSvP1HqBbooIx5IQjiSWHapCEU=
Subject key identifier:   9D:2D:85:B9:24:13:DF:3E:BB:85:EF:DD:9E:44:A2:3C:81:3B:8C:AF
Certificate issuer:       /CN=ef1f01881b73c8e9b5d92239229a6e512eca4e7c
Certificate serial:       018CCA2952011DEF6C67D7D9F72D31BEC4A8
Authority key identifier: EF:1F:01:88:1B:73:C8:E9:B5:D9:22:39:22:9A:6E:51:2E:CA:4E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/nS2FuSQT3z67he_dnkSiPIE7jK8.roa
Signing time:             Tue 02 Jan 2024 12:32:34 +0000
ROA not before:           Tue 02 Jan 2024 12:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202751
IP address blocks:        185.155.180.0/24 maxlen: 24
                          2a00:8c40:239::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:52:01:1d:ef:6c:67:d7:d9:f7:2d:31:be:c4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1f01881b73c8e9b5d92239229a6e512eca4e7c
        Validity
            Not Before: Jan  2 12:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d2d85b92413df3ebb85efdd9e44a23c813b8caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8f:c1:47:fb:ca:08:2a:cd:e1:31:3e:1c:8e:
                    b8:ed:fa:92:60:fc:a6:a7:1b:75:a6:5c:9d:8f:ac:
                    5a:49:7e:9b:d7:b6:43:c7:66:26:11:d1:26:45:2c:
                    46:91:dd:12:4d:79:0b:55:84:23:22:47:01:41:67:
                    24:07:3b:db:ab:f6:db:23:fa:42:05:ec:8a:24:0c:
                    2d:a5:ca:31:d0:47:0d:f3:d2:08:fc:09:b3:ac:96:
                    fa:2d:c4:c1:9a:de:f2:93:53:fc:dc:bc:48:5f:f6:
                    c6:ab:50:be:dc:fa:35:67:e7:44:3d:8f:59:4b:65:
                    38:c6:ca:90:6e:70:94:bb:9d:c9:78:a1:3b:fb:80:
                    43:5f:e2:f9:a7:76:d7:f5:c3:0e:06:ef:d5:97:3a:
                    32:98:76:4f:6c:dd:e9:7a:cc:6f:84:6c:2a:dc:ff:
                    42:a0:5d:c9:3a:36:13:1b:73:c1:e0:49:f5:cd:f0:
                    ee:0d:f2:80:4e:06:a0:2c:cf:51:24:b5:d9:90:e6:
                    01:16:f7:de:e7:13:da:db:ac:3c:e7:03:e4:2a:2a:
                    33:12:43:9a:53:ea:49:c5:aa:a1:d3:4f:b5:b4:2d:
                    a8:b4:0d:0c:83:7d:2a:b0:04:90:71:77:2b:51:fb:
                    32:49:7c:cd:52:60:ea:88:5f:58:35:c5:d2:b5:46:
                    b7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:2D:85:B9:24:13:DF:3E:BB:85:EF:DD:9E:44:A2:3C:81:3B:8C:AF
            X509v3 Authority Key Identifier:
                keyid:EF:1F:01:88:1B:73:C8:E9:B5:D9:22:39:22:9A:6E:51:2E:CA:4E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7x8BiBtzyOm12SI5IppuUS7KTnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/nS2FuSQT3z67he_dnkSiPIE7jK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/675399-81be-4fec-9f86-55131cc1efea/1/7x8BiBtzyOm12SI5IppuUS7KTnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.180.0/24
                IPv6:
                  2a00:8c40:239::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:69:d3:57:fe:77:36:17:8c:48:18:1f:df:1a:d9:25:ad:2a:
         5f:e0:01:2b:4a:bf:4c:90:3c:ff:5d:c9:93:b2:78:78:30:f1:
         b5:89:ee:af:93:dc:14:17:2e:09:87:21:08:3e:7f:f2:ac:ae:
         5b:93:c0:70:8c:c7:93:28:3f:3a:64:07:6c:99:c2:25:71:3a:
         05:55:50:9e:5e:18:aa:3a:e6:17:6b:24:ca:ed:d9:ff:54:6f:
         86:02:2b:e0:57:f9:05:45:67:d9:7b:19:c5:1a:85:91:f1:43:
         ca:fe:41:56:50:2a:c7:74:55:28:cc:db:09:57:ac:85:66:0f:
         a0:76:c7:9f:31:45:d6:05:0d:15:39:11:d2:ab:1c:91:ac:ea:
         10:bd:35:d8:f9:d2:96:ee:4c:5c:ce:7e:46:31:8c:96:08:5a:
         16:03:10:65:ae:0e:d4:a3:b0:6e:94:a9:22:e3:0c:e8:f2:d5:
         e5:28:9e:74:90:14:b4:0a:a4:92:5d:db:3f:44:bc:8b:1d:7d:
         f6:3d:e9:32:56:1f:2c:d3:ae:20:35:b0:cd:ea:02:19:4c:b0:
         9a:45:20:dc:45:d3:82:e5:0b:eb:1e:74:d7:5e:ff:c4:e3:da:
         57:41:e3:a5:ed:27:c0:9e:0d:c3:06:6a:e3:38:dd:59:4a:e6:
         51:9b:df:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKVIBHe9sZ9fZ9y0xvsSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWYwMTg4MWI3M2M4ZTliNWQ5MjIzOTIyOWE2ZTUxMmVj
YTRlN2MwHhcNMjQwMTAyMTIzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDJkODViOTI0MTNkZjNlYmI4NWVmZGQ5ZTQ0YTIzYzgxM2I4Y2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4/BR/vKCCrN4TE+HI647fqSYPym
pxt1plydj6xaSX6b17ZDx2YmEdEmRSxGkd0STXkLVYQjIkcBQWckBzvbq/bbI/pC
BeyKJAwtpcox0EcN89II/AmzrJb6LcTBmt7yk1P83LxIX/bGq1C+3Po1Z+dEPY9Z
S2U4xsqQbnCUu53JeKE7+4BDX+L5p3bX9cMOBu/VlzoymHZPbN3pesxvhGwq3P9C
oF3JOjYTG3PB4En1zfDuDfKATgagLM9RJLXZkOYBFvfe5xPa26w85wPkKiozEkOa
U+pJxaqh00+1tC2otA0Mg30qsASQcXcrUfsySXzNUmDqiF9YNcXStUa3uwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ0thbkkE98+u4Xv3Z5EojyBO4yvMB8GA1UdIwQY
MBaAFO8fAYgbc8jptdkiOSKablEuyk58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3g4QmlCdHp5T20xMlNJNUlwcHVVUzdLVG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS82NzUzOTktODFiZS00ZmVjLTlmODYt
NTUxMzFjYzFlZmVhLzEvblMyRnVTUVQzejY3aGVfZG5rU2lQSUU3aks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS82NzUzOTktODFiZS00ZmVjLTlmODYtNTUxMzFjYzFlZmVh
LzEvN3g4QmlCdHp5T20xMlNJNUlwcHVVUzdLVG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuZu0MA8E
AgACMAkDBwAqAIxAAjkwDQYJKoZIhvcNAQELBQADggEBAGFp01f+dzYXjEgYH98a
2SWtKl/gAStKv0yQPP9dyZOyeHgw8bWJ7q+T3BQXLgmHIQg+f/KsrluTwHCMx5Mo
PzpkB2yZwiVxOgVVUJ5eGKo65hdrJMrt2f9Ub4YCK+BX+QVFZ9l7GcUahZHxQ8r+
QVZQKsd0VSjM2wlXrIVmD6B2x58xRdYFDRU5EdKrHJGs6hC9Ndj50pbuTFzOfkYx
jJYIWhYDEGWuDtSjsG6UqSLjDOjy1eUonnSQFLQKpJJd2z9EvIsdffY96TJWHyzT
riA1sM3qAhlMsJpFINxF04LlC+sedNde/8Tj2ldB46XtJ8CeDcMGauM43VlK5lGb
31M=
-----END CERTIFICATE-----