Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/0NffjqNFzP_lsfXiB6wiO4AqtgM.roa
File:                     0NffjqNFzP_lsfXiB6wiO4AqtgM.roa (raw, json)
Hash identifier:          FDHNjaTiWZsof03netrS207D8fi1iOLMbI+ktbQolZA=
Subject key identifier:   D0:D7:DF:8E:A3:45:CC:FF:E5:B1:F5:E2:07:AC:22:3B:80:2A:B6:03
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       018CC79561664F9159B165CD4961444DDAEE
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/0NffjqNFzP_lsfXiB6wiO4AqtgM.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207085
IP address blocks:        185.160.90.0/24 maxlen: 24
                          2a07:bbc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:61:66:4f:91:59:b1:65:cd:49:61:44:4d:da:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0d7df8ea345ccffe5b1f5e207ac223b802ab603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7f:2f:eb:2a:25:11:e2:6c:b1:6c:ab:7f:c6:
                    fd:6a:50:e7:89:c6:cb:37:43:2d:8e:72:1a:6f:de:
                    5b:7c:d4:c5:ab:08:72:1c:fd:69:e4:18:20:8e:69:
                    e3:dc:bb:48:21:00:47:aa:3f:a2:2e:4a:be:b9:45:
                    e3:29:ab:07:b8:69:4c:78:e5:06:1c:84:8d:ae:26:
                    e6:cc:7b:04:1f:d3:cc:d9:5f:b5:8f:98:0f:92:0d:
                    bd:0b:29:43:d8:8d:48:97:f5:c0:f6:71:8d:87:c8:
                    8a:a6:9e:64:30:1f:64:4c:91:23:40:7a:3a:46:63:
                    1d:f7:2d:d0:5d:d9:d0:bd:31:53:8a:6d:ab:a1:6a:
                    90:3a:43:fd:51:fe:dc:21:9c:f0:62:58:d0:68:c1:
                    69:1c:13:46:23:3e:10:b3:58:50:a7:3f:bb:7c:d6:
                    fc:56:1c:54:37:d6:26:3e:f8:d5:83:f9:d1:9a:5a:
                    87:dd:ca:02:70:34:d9:d4:d3:7c:05:12:49:41:15:
                    07:d4:d1:6f:60:86:e4:f4:2a:09:51:5b:de:1b:fa:
                    17:26:98:5a:02:7d:e3:a8:3c:ad:38:b7:31:7d:1d:
                    3a:8f:89:75:89:4a:49:8b:d3:89:00:76:55:cd:8f:
                    88:56:c4:4b:92:73:40:ca:70:4c:56:f9:c5:5b:7b:
                    fa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D7:DF:8E:A3:45:CC:FF:E5:B1:F5:E2:07:AC:22:3B:80:2A:B6:03
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/0NffjqNFzP_lsfXiB6wiO4AqtgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.90.0/24
                IPv6:
                  2a07:bbc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:7b:85:d2:6c:8b:7e:ce:4b:8e:63:01:d5:84:54:a9:3c:29:
         6d:5c:34:e3:39:4c:63:c0:04:f5:6d:5f:a5:b4:bf:39:8c:09:
         9e:b4:50:6e:76:f8:58:29:14:4b:3b:5a:69:db:5e:3a:57:3b:
         45:30:6f:96:f3:93:30:f0:10:d1:0a:e8:e9:0e:f8:73:75:66:
         e5:5a:ba:1d:bf:c8:86:eb:e2:a0:56:a5:3b:ba:80:f2:eb:97:
         60:8c:24:c8:d2:bc:44:53:69:14:ae:ee:b9:f5:0f:b0:69:3b:
         bd:37:5c:37:fa:97:9b:b5:ad:ab:c7:42:58:82:68:ea:83:92:
         a8:41:ab:31:76:48:51:44:40:90:92:7c:45:52:db:6a:0e:df:
         c8:e9:90:11:7e:1b:8b:eb:a2:e6:e9:5e:26:97:24:f1:03:84:
         d2:61:93:35:7d:4d:b3:c6:41:b1:5b:a2:f8:01:88:47:fc:77:
         65:78:46:7f:f6:e3:5f:76:13:e2:5a:6f:53:95:8f:69:e8:7b:
         f3:f3:a4:55:54:97:a2:1f:49:07:d2:bc:79:d2:14:ef:69:3d:
         c4:58:37:98:f1:43:77:43:4a:b1:ae:cc:a1:f3:cc:6b:fa:31:
         a7:f7:80:f2:46:28:c0:dc:2f:26:68:e8:7f:57:dc:ef:14:55:
         d1:f4:44:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlWFmT5FZsWXNSWFETdruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQ3ZGY4ZWEzNDVjY2ZmZTViMWY1ZTIwN2FjMjIzYjgwMmFiNjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH8v6yolEeJssWyrf8b9alDnicbL
N0MtjnIab95bfNTFqwhyHP1p5Bggjmnj3LtIIQBHqj+iLkq+uUXjKasHuGlMeOUG
HISNribmzHsEH9PM2V+1j5gPkg29CylD2I1Il/XA9nGNh8iKpp5kMB9kTJEjQHo6
RmMd9y3QXdnQvTFTim2roWqQOkP9Uf7cIZzwYljQaMFpHBNGIz4Qs1hQpz+7fNb8
VhxUN9YmPvjVg/nRmlqH3coCcDTZ1NN8BRJJQRUH1NFvYIbk9CoJUVveG/oXJpha
An3jqDytOLcxfR06j4l1iUpJi9OJAHZVzY+IVsRLknNAynBMVvnFW3v62QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNDX346jRcz/5bH14gesIjuAKrYDMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvME5mZmpxTkZ6UF9sc2ZYaUI2d2lPNEFxdGdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuaBaMA8E
AgACMAkDBwAqB7vAAAAwDQYJKoZIhvcNAQELBQADggEBAMR7hdJsi37OS45jAdWE
VKk8KW1cNOM5TGPABPVtX6W0vzmMCZ60UG52+FgpFEs7WmnbXjpXO0Uwb5bzkzDw
ENEK6OkO+HN1ZuVauh2/yIbr4qBWpTu6gPLrl2CMJMjSvERTaRSu7rn1D7BpO703
XDf6l5u1ravHQliCaOqDkqhBqzF2SFFEQJCSfEVS22oO38jpkBF+G4vroubpXiaX
JPEDhNJhkzV9TbPGQbFbovgBiEf8d2V4Rn/24192E+Jab1OVj2noe/PzpFVUl6If
SQfSvHnSFO9pPcRYN5jxQ3dDSrGuzKHzzGv6Maf3gPJGKMDcLyZo6H9X3O8UVdH0
RJs=
-----END CERTIFICATE-----