Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8aPufEJg6Ffdg8Hbeh6FZ5kePZ4.roa
File:                     8aPufEJg6Ffdg8Hbeh6FZ5kePZ4.roa (raw, json)
Hash identifier:          15DBw63bFzh6Ok+5ePRqXxEIXp6kW4Ira4ToAQMw5II=
Subject key identifier:   F1:A3:EE:7C:42:60:E8:57:DD:83:C1:DB:7A:1E:85:67:99:1E:3D:9E
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA5FFDF1CBCDF28E36452F22CFBB2
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8aPufEJg6Ffdg8Hbeh6FZ5kePZ4.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133929
IP address blocks:        185.243.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a5:ff:df:1c:bc:df:28:e3:64:52:f2:2c:fb:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1a3ee7c4260e857dd83c1db7a1e8567991e3d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7c:53:18:84:6c:f1:8c:fb:b4:76:47:70:d7:
                    43:7a:4a:c4:9b:e1:69:91:a9:33:4a:46:c0:63:62:
                    48:12:ff:3f:db:b7:06:b3:39:76:45:fa:82:4f:2d:
                    e3:17:74:ba:36:30:f0:76:9c:85:ec:e4:db:d5:a2:
                    19:c0:06:1a:4f:b3:30:80:01:af:f2:28:51:a9:4f:
                    7f:12:07:18:0a:71:5b:36:f8:48:ca:4a:73:73:6a:
                    1f:8b:7b:3e:be:4a:64:d7:9c:eb:6a:46:bf:e5:ae:
                    58:e0:19:8f:fb:84:3d:be:b5:2b:ec:ec:8d:b8:bb:
                    2c:1a:4f:d2:db:7a:d1:d2:6e:ed:eb:d4:d0:f3:ae:
                    ef:b2:7d:86:e5:ab:d9:9d:39:5b:fd:e5:fd:8a:44:
                    61:0c:56:ae:af:f2:8d:25:56:74:b8:8b:c6:95:d9:
                    2d:ea:93:05:d4:83:b6:2b:21:70:97:29:da:26:a6:
                    0c:82:c6:16:ee:96:64:54:36:fb:25:bd:5c:a6:1a:
                    fc:b9:62:a2:ff:26:07:3b:38:61:21:1e:8f:93:8d:
                    2a:5b:23:71:37:a9:66:d5:53:39:d9:2b:81:3e:b9:
                    d5:b2:1c:90:81:60:36:d2:c2:d2:27:f4:16:5c:13:
                    7a:23:4e:e0:6f:a9:54:c6:bc:08:05:9d:1a:e8:97:
                    4f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A3:EE:7C:42:60:E8:57:DD:83:C1:DB:7A:1E:85:67:99:1E:3D:9E
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8aPufEJg6Ffdg8Hbeh6FZ5kePZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:1d:f9:79:8e:a1:05:e9:2b:ef:e9:9c:67:b3:82:11:2b:9a:
         d7:bf:2b:7f:46:a1:27:6b:67:bf:d2:5b:a0:f7:ec:91:b5:02:
         4b:1e:fe:9a:b3:68:6b:78:28:b7:6f:0c:88:4f:87:30:d4:85:
         51:fc:59:aa:b7:1c:e7:90:4e:f9:05:4a:33:34:0e:d5:4b:f2:
         8f:f7:7e:c0:fc:26:09:42:ed:0a:11:dc:5e:82:3e:ea:10:2b:
         87:32:d6:84:92:e9:e5:db:41:54:80:81:5c:c9:48:a4:7e:7e:
         89:7e:f4:36:d5:2f:79:14:d0:27:e8:db:1f:c4:bb:8d:15:99:
         6f:5a:b1:b7:97:a5:13:e0:dc:ff:77:73:9e:f8:5a:8a:69:00:
         d0:e9:27:29:4b:7e:a9:2d:22:bb:25:28:45:5b:05:fd:43:e7:
         df:a1:0d:64:9f:99:07:22:8e:60:34:50:c6:e4:f9:4c:81:cb:
         e9:7b:17:9f:83:67:1c:9f:92:be:55:c8:f3:67:de:86:48:eb:
         66:8e:46:f3:02:ba:d6:78:c2:78:e2:4c:80:2f:b3:df:d6:43:
         43:e2:25:74:fe:d4:68:10:d0:41:9c:ff:58:ef:9c:cc:19:31:
         44:01:17:73:65:ff:f4:f3:81:64:c0:65:7a:d5:e0:67:5f:83:
         ed:06:4b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36X/3xy83yjjZFLyLPuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWEzZWU3YzQyNjBlODU3ZGQ4M2MxZGI3YTFlODU2Nzk5MWUzZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3xTGIRs8Yz7tHZHcNdDekrEm+Fp
kakzSkbAY2JIEv8/27cGszl2RfqCTy3jF3S6NjDwdpyF7OTb1aIZwAYaT7MwgAGv
8ihRqU9/EgcYCnFbNvhIykpzc2ofi3s+vkpk15zraka/5a5Y4BmP+4Q9vrUr7OyN
uLssGk/S23rR0m7t69TQ867vsn2G5avZnTlb/eX9ikRhDFaur/KNJVZ0uIvGldkt
6pMF1IO2KyFwlynaJqYMgsYW7pZkVDb7Jb1cphr8uWKi/yYHOzhhIR6Pk40qWyNx
N6lm1VM52SuBPrnVshyQgWA20sLSJ/QWXBN6I07gb6lUxrwIBZ0a6JdPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGj7nxCYOhX3YPB23oehWeZHj2eMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvOGFQdWZFSmc2RmZkZzhIYmVoNkZaNWtlUFo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMGMA0G
CSqGSIb3DQEBCwUAA4IBAQANHfl5jqEF6Svv6Zxns4IRK5rXvyt/RqEna2e/0lug
9+yRtQJLHv6as2hreCi3bwyIT4cw1IVR/FmqtxznkE75BUozNA7VS/KP937A/CYJ
Qu0KEdxegj7qECuHMtaEkunl20FUgIFcyUikfn6JfvQ21S95FNAn6NsfxLuNFZlv
WrG3l6UT4Nz/d3Oe+FqKaQDQ6ScpS36pLSK7JShFWwX9Q+ffoQ1kn5kHIo5gNFDG
5PlMgcvpexefg2ccn5K+VcjzZ96GSOtmjkbzArrWeMJ44kyAL7Pf1kND4iV0/tRo
ENBBnP9Y75zMGTFEARdzZf/084FkwGV61eBnX4PtBkvQ
-----END CERTIFICATE-----