Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/j-I7BfJcK5RMRmos0eGWPDPOK8Y.roa
File:                     j-I7BfJcK5RMRmos0eGWPDPOK8Y.roa (raw, json)
Hash identifier:          3AKuVbl1J6qOsuyHHtgC700+ZVrgE2L7wiDy2STenho=
Subject key identifier:   8F:E2:3B:05:F2:5C:2B:94:4C:46:6A:2C:D1:E1:96:3C:33:CE:2B:C6
Certificate issuer:       /CN=06c44b821ab5db542cc536c1f88b84baf0621654
Certificate serial:       018F930FEB24F76DA3385FBF044694E66455
Authority key identifier: 06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/j-I7BfJcK5RMRmos0eGWPDPOK8Y.roa
Signing time:             Sun 19 May 2024 22:54:04 +0000
ROA not before:           Sun 19 May 2024 22:54:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203653
IP address blocks:        185.128.39.0/24 maxlen: 24
                          2a03:9f60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:93:0f:eb:24:f7:6d:a3:38:5f:bf:04:46:94:e6:64:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c44b821ab5db542cc536c1f88b84baf0621654
        Validity
            Not Before: May 19 22:54:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fe23b05f25c2b944c466a2cd1e1963c33ce2bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6c:02:4f:85:a2:38:78:38:06:f9:32:e7:1e:
                    c8:26:ee:d4:20:d1:ad:82:ac:ca:91:a9:5a:52:6e:
                    2e:ff:71:68:c0:31:c2:82:c3:f3:94:aa:21:a1:2a:
                    5c:79:53:c5:ae:1f:68:7e:39:ec:4c:9b:0c:f9:c1:
                    69:f6:d7:ec:72:24:37:9e:ca:db:1b:ac:c3:28:03:
                    6a:75:8f:3a:d7:14:46:01:c2:83:9e:cb:88:ae:1d:
                    8a:8e:d1:78:f6:5f:4e:08:17:ca:9a:5c:39:6e:9b:
                    78:11:69:0c:09:52:a6:b5:66:80:77:f2:91:81:9b:
                    90:0a:ef:d2:28:1f:58:b6:f0:f4:2d:fd:f3:df:a0:
                    20:1c:86:cf:66:a9:c3:b5:13:0f:c6:e8:60:0b:86:
                    a3:4a:3e:ab:db:56:bc:2b:07:7e:f1:0a:0d:14:01:
                    97:e1:41:0d:99:b1:9f:8e:ad:43:88:eb:b4:95:fd:
                    70:93:5f:84:cd:c1:56:2d:1b:eb:16:7a:8d:22:54:
                    c9:9e:cc:2f:22:ac:f7:ee:bc:f1:38:3d:2e:68:47:
                    ab:d7:02:c1:50:61:5d:5e:00:d7:e7:3c:a4:68:fd:
                    b3:58:01:06:2d:9b:d9:8f:6c:15:5e:63:8f:2b:1f:
                    f6:93:08:3e:20:18:ed:ab:65:de:27:a9:6d:41:7f:
                    01:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E2:3B:05:F2:5C:2B:94:4C:46:6A:2C:D1:E1:96:3C:33:CE:2B:C6
            X509v3 Authority Key Identifier:
                keyid:06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/j-I7BfJcK5RMRmos0eGWPDPOK8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.39.0/24
                IPv6:
                  2a03:9f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:b1:5f:f4:6f:20:35:74:64:49:55:ff:07:8c:4e:30:58:19:
         fd:26:f7:e5:ae:b6:50:7f:5f:2e:c9:d4:0c:75:2e:ac:7c:18:
         61:30:90:2a:41:1a:58:a7:fc:63:db:2a:4e:84:4c:4d:a9:ea:
         3a:e9:6c:74:2e:81:6e:e9:f0:8b:09:25:b9:b0:6d:17:8a:69:
         30:ea:93:07:41:a9:e4:24:c1:17:d1:ed:e0:f6:26:9d:a3:4f:
         c0:85:6c:1a:df:85:03:7d:c1:2b:96:82:47:31:bb:a0:71:52:
         10:38:a2:33:79:82:77:70:33:d4:07:4d:46:54:ea:98:da:11:
         9b:97:78:a3:e9:86:86:3e:0a:56:20:2c:7c:4d:e9:dd:28:ac:
         6f:19:de:73:87:ea:f4:dd:bc:8d:5a:86:92:1b:80:79:e2:ba:
         60:06:e0:ca:49:38:a1:8e:6d:02:f1:84:a9:0d:98:2f:c1:58:
         dd:b4:23:d0:13:c7:90:e0:c8:03:24:d7:04:c9:4e:85:41:35:
         3e:47:da:16:31:38:01:37:fb:e2:8d:1e:34:05:10:38:99:ec:
         3e:f3:30:87:21:88:61:25:d7:36:15:72:52:23:12:93:93:07:
         62:b6:6a:1f:0b:e6:75:f4:3b:06:40:54:9a:ba:92:d3:da:f9:
         ea:a5:3d:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+TD+sk922jOF+/BEaU5mRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzQ0YjgyMWFiNWRiNTQyY2M1MzZjMWY4OGI4NGJhZjA2
MjE2NTQwHhcNMjQwNTE5MjI1NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmUyM2IwNWYyNWMyYjk0NGM0NjZhMmNkMWUxOTYzYzMzY2UyYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmwCT4WiOHg4Bvky5x7IJu7UINGt
gqzKkalaUm4u/3FowDHCgsPzlKohoSpceVPFrh9ofjnsTJsM+cFp9tfsciQ3nsrb
G6zDKANqdY861xRGAcKDnsuIrh2KjtF49l9OCBfKmlw5bpt4EWkMCVKmtWaAd/KR
gZuQCu/SKB9YtvD0Lf3z36AgHIbPZqnDtRMPxuhgC4ajSj6r21a8Kwd+8QoNFAGX
4UENmbGfjq1DiOu0lf1wk1+EzcFWLRvrFnqNIlTJnswvIqz37rzxOD0uaEer1wLB
UGFdXgDX5zykaP2zWAEGLZvZj2wVXmOPKx/2kwg+IBjtq2XeJ6ltQX8BQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI/iOwXyXCuUTEZqLNHhljwzzivGMB8GA1UdIwQY
MBaAFAbES4IatdtULMU2wfiLhLrwYhZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYt
ZGM5ODQyNjU1NjdkLzEvai1JN0JmSmNLNVJNUm1vczBlR1dQRFBPSzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYtZGM5ODQyNjU1Njdk
LzEvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYAnMA0E
AgACMAcDBQAqA59gMA0GCSqGSIb3DQEBCwUAA4IBAQAKsV/0byA1dGRJVf8HjE4w
WBn9JvflrrZQf18uydQMdS6sfBhhMJAqQRpYp/xj2ypOhExNqeo66Wx0LoFu6fCL
CSW5sG0Ximkw6pMHQankJMEX0e3g9iado0/AhWwa34UDfcErloJHMbugcVIQOKIz
eYJ3cDPUB01GVOqY2hGbl3ij6YaGPgpWICx8TendKKxvGd5zh+r03byNWoaSG4B5
4rpgBuDKSTihjm0C8YSpDZgvwVjdtCPQE8eQ4MgDJNcEyU6FQTU+R9oWMTgBN/vi
jR40BRA4mew+8zCHIYhhJdc2FXJSIxKTkwditmofC+Z19DsGQFSaupLT2vnqpT2U
-----END CERTIFICATE-----