Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tUlWmb3s398cB9J0JhRTjX79e3o.roa
File:                     tUlWmb3s398cB9J0JhRTjX79e3o.roa (raw, json)
Hash identifier:          tASO2rdCXvhOfsXoPLhPBujbvPA2yvo0B8Z9mCXtkF0=
Subject key identifier:   B5:49:56:99:BD:EC:DF:DF:1C:07:D2:74:26:14:53:8D:7E:FD:7B:7A
Certificate issuer:       /CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Certificate serial:       018E14813114D71E0400B2135B182127B1B6
Authority key identifier: 8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tUlWmb3s398cB9J0JhRTjX79e3o.roa
Signing time:             Wed 06 Mar 2024 16:03:14 +0000
ROA not before:           Wed 06 Mar 2024 16:03:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39292
IP address blocks:        185.80.247.0/24 maxlen: 24
                          2a01:1b1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:81:31:14:d7:1e:04:00:b2:13:5b:18:21:27:b1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
        Validity
            Not Before: Mar  6 16:03:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5495699bdecdfdf1c07d2742614538d7efd7b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a7:e1:07:c3:87:03:79:42:16:57:bc:6e:a3:
                    6b:b4:2f:52:de:d9:da:46:2b:3b:77:f0:cc:84:45:
                    71:af:53:3d:e0:16:b3:a8:08:02:59:e3:d3:c3:63:
                    2c:c2:a2:59:59:24:4d:74:85:b6:0b:5c:43:62:8d:
                    07:f1:88:75:9c:8b:59:91:0c:05:33:dc:79:4c:e7:
                    02:a2:ea:0f:34:6c:58:34:94:1c:18:c0:56:0e:e9:
                    e6:67:9b:64:20:26:e5:61:2d:eb:bb:20:6a:fd:e9:
                    6a:9e:01:38:72:6a:27:59:0a:9b:45:40:4d:94:79:
                    0e:36:7c:e2:76:d7:e2:e8:b4:55:c7:ff:03:0c:08:
                    87:e6:ec:f2:9b:66:76:63:e6:62:33:6d:55:be:bb:
                    a7:73:ac:0e:95:42:d3:90:c0:19:bf:76:c4:e3:c0:
                    e2:0d:6d:da:6e:0d:37:c6:40:7d:4e:52:19:28:ec:
                    b0:ef:40:2e:33:c0:6d:bd:51:2e:51:f4:53:a8:f5:
                    bc:59:e0:52:1a:36:25:2e:58:26:82:f0:c9:52:7b:
                    55:57:ef:39:2c:cf:b1:e4:81:4b:2f:e7:a8:bc:ed:
                    25:62:ec:52:4e:e2:7e:b6:ae:7f:2b:1a:b1:c3:7a:
                    33:c8:68:b0:c4:f8:e2:4a:15:2e:4a:47:f3:b0:6c:
                    b4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:49:56:99:BD:EC:DF:DF:1C:07:D2:74:26:14:53:8D:7E:FD:7B:7A
            X509v3 Authority Key Identifier:
                keyid:8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tUlWmb3s398cB9J0JhRTjX79e3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.247.0/24
                IPv6:
                  2a01:1b1::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:f5:b8:7f:66:ff:cb:7d:72:13:26:ac:1a:bf:a1:7f:a8:f9:
         72:17:7e:e8:07:4b:05:a8:63:65:27:89:2f:e5:0d:8f:dd:ec:
         a1:23:24:1f:48:ee:a3:57:a4:d2:cb:21:b6:21:71:e6:29:15:
         c6:2e:f5:04:50:c8:44:d0:59:3a:ab:92:e7:22:5e:96:b7:ba:
         78:6d:18:61:b5:ce:91:7e:91:a7:43:08:5c:6a:f4:0e:50:38:
         93:1d:36:c5:66:ae:c0:e2:32:e8:6f:cd:32:8d:1d:d1:b3:fc:
         03:80:de:0a:42:85:17:2e:6a:cb:32:0c:80:a9:9f:21:61:0b:
         14:e6:87:8a:98:68:96:13:e8:a7:68:77:98:a7:89:bd:02:54:
         64:cb:01:d9:b7:09:55:c2:9e:41:0a:7a:09:c2:03:e7:9c:67:
         c1:cb:5e:d2:12:54:bd:2d:57:4f:5a:3b:8a:10:4d:32:e1:43:
         25:32:6d:d6:a7:6b:ae:29:38:59:dc:a0:15:d0:d1:ff:f6:3a:
         07:cd:a5:55:7b:3f:6b:a7:8b:91:de:5d:e7:fe:40:ba:2f:ee:
         19:ec:32:94:f6:73:a6:7c:05:d1:a5:82:de:e5:e0:48:08:40:
         0b:52:f6:b0:f1:0c:fd:ee:b9:f6:1d:e6:ed:09:a3:44:6c:92:
         01:9c:7a:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4UgTEU1x4EALITWxghJ7G2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZmZmMjE1MzhlMjI1NjE4MzE0NjE1ZTRmMGQwNjg4Yjdi
MGRkNWEwHhcNMjQwMzA2MTYwMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ5NTY5OWJkZWNkZmRmMWMwN2QyNzQyNjE0NTM4ZDdlZmQ3YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoafhB8OHA3lCFle8bqNrtC9S3tna
Ris7d/DMhEVxr1M94BazqAgCWePTw2MswqJZWSRNdIW2C1xDYo0H8Yh1nItZkQwF
M9x5TOcCouoPNGxYNJQcGMBWDunmZ5tkICblYS3ruyBq/elqngE4cmonWQqbRUBN
lHkONnzidtfi6LRVx/8DDAiH5uzym2Z2Y+ZiM21Vvrunc6wOlULTkMAZv3bE48Di
DW3abg03xkB9TlIZKOyw70AuM8BtvVEuUfRTqPW8WeBSGjYlLlgmgvDJUntVV+85
LM+x5IFLL+eovO0lYuxSTuJ+tq5/Kxqxw3ozyGiwxPjiShUuSkfzsGy0zQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLVJVpm97N/fHAfSdCYUU41+/Xt6MB8GA1UdIwQY
MBaAFIz/8hU44iVhgxRhXk8NBoi3sN1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUt
MjYxNjY2YzNhNTg5LzEvdFVsV21iM3MzOThjQjlKMEpoUlRqWDc5ZTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUtMjYxNjY2YzNhNTg5
LzEvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVD3MA0E
AgACMAcDBQAqAQGxMA0GCSqGSIb3DQEBCwUAA4IBAQA+9bh/Zv/LfXITJqwav6F/
qPlyF37oB0sFqGNlJ4kv5Q2P3eyhIyQfSO6jV6TSyyG2IXHmKRXGLvUEUMhE0Fk6
q5LnIl6Wt7p4bRhhtc6RfpGnQwhcavQOUDiTHTbFZq7A4jLob80yjR3Rs/wDgN4K
QoUXLmrLMgyAqZ8hYQsU5oeKmGiWE+inaHeYp4m9AlRkywHZtwlVwp5BCnoJwgPn
nGfBy17SElS9LVdPWjuKEE0y4UMlMm3Wp2uuKThZ3KAV0NH/9joHzaVVez9rp4uR
3l3n/kC6L+4Z7DKU9nOmfAXRpYLe5eBICEALUvaw8Qz97rn2HebtCaNEbJIBnHpt
-----END CERTIFICATE-----