Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/0sfCS0PPpBa66QhPq-2Pc34HVvk.roa
File:                     0sfCS0PPpBa66QhPq-2Pc34HVvk.roa (raw, json)
Hash identifier:          Ci2MgGX5hLmJMDNvcNPOCm936zpwq7VsbFHxlKIxl0M=
Subject key identifier:   D2:C7:C2:4B:43:CF:A4:16:BA:E9:08:4F:AB:ED:8F:73:7E:07:56:F9
Certificate issuer:       /CN=66e3ed06e88e5591d9096676951555c0dc535c19
Certificate serial:       018CC492ACF9BAFCC3D275A2D19F8BE0BFA9
Authority key identifier: 66:E3:ED:06:E8:8E:55:91:D9:09:66:76:95:15:55:C0:DC:53:5C:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/0sfCS0PPpBa66QhPq-2Pc34HVvk.roa
Signing time:             Mon 01 Jan 2024 10:29:55 +0000
ROA not before:           Mon 01 Jan 2024 10:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201020
IP address blocks:        185.28.179.0/24 maxlen: 24
                          185.28.176.0/24 maxlen: 24
                          2a04:4000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ac:f9:ba:fc:c3:d2:75:a2:d1:9f:8b:e0:bf:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e3ed06e88e5591d9096676951555c0dc535c19
        Validity
            Not Before: Jan  1 10:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c7c24b43cfa416bae9084fabed8f737e0756f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:03:4b:57:1a:86:7a:82:c8:2e:b8:c2:54:d8:
                    3f:ac:9b:e6:85:55:23:d2:fa:b5:56:00:ae:c4:03:
                    4b:1b:62:04:6f:da:6b:df:c4:de:91:0e:e2:16:98:
                    66:a1:88:42:d0:45:4f:d9:64:30:1c:6d:89:64:50:
                    b3:83:8a:c7:2e:07:09:0d:82:34:2a:cd:d9:29:f2:
                    59:ac:29:ff:d2:aa:a7:c1:27:92:df:7f:f8:b8:a6:
                    c7:de:0e:e6:ca:70:f9:fa:55:b9:13:73:8b:00:46:
                    8e:64:97:7b:62:33:1f:d7:27:3d:52:82:85:cf:b8:
                    20:c4:41:f4:1c:f6:c9:d3:cb:90:e5:1e:a7:cf:aa:
                    e3:10:62:8a:cc:e7:ed:3c:80:a0:1c:f6:b6:f2:77:
                    7b:bf:02:ce:b2:97:86:dc:7d:df:48:5b:75:12:6b:
                    d0:8c:32:df:fe:6a:41:00:46:b9:78:7b:a6:0e:12:
                    c6:1b:5c:25:a2:02:08:57:69:c6:a3:8e:17:e9:12:
                    9b:6e:61:ce:5a:f8:33:36:80:51:9f:b1:4d:f5:c4:
                    7a:be:9a:3a:56:eb:20:72:73:fb:1b:87:4f:32:2e:
                    19:c9:c6:50:5f:98:e2:84:eb:10:2f:83:99:fa:c6:
                    da:91:e4:5d:8f:2f:63:55:2f:0f:0d:37:3d:ae:29:
                    30:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C7:C2:4B:43:CF:A4:16:BA:E9:08:4F:AB:ED:8F:73:7E:07:56:F9
            X509v3 Authority Key Identifier:
                keyid:66:E3:ED:06:E8:8E:55:91:D9:09:66:76:95:15:55:C0:DC:53:5C:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/0sfCS0PPpBa66QhPq-2Pc34HVvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.176.0/24
                  185.28.179.0/24
                IPv6:
                  2a04:4000::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:a7:eb:c6:5b:93:c4:de:1a:aa:c7:0a:2b:07:0c:fa:97:91:
         c0:23:e6:78:89:c4:6b:3b:9d:c3:2b:25:03:2c:82:15:70:41:
         5d:1d:5b:a6:e9:17:85:a2:a5:5c:b1:0d:ce:d5:8f:a8:8b:ee:
         f2:c8:9f:9a:5d:61:92:44:bc:78:65:ec:e4:ec:8a:a4:4e:02:
         af:14:a9:ba:47:a9:9f:58:25:9a:1a:89:78:c3:a8:02:cf:56:
         68:5f:26:d1:32:cd:44:16:65:f7:64:45:dd:e8:93:67:4b:10:
         71:9c:17:2a:bb:3e:17:d3:d1:e6:e4:de:ce:4f:84:17:00:ff:
         e9:14:5b:24:6a:68:d1:bc:d8:21:e3:f5:62:6c:2a:9a:85:c1:
         e6:3f:39:ae:e0:d0:e4:2f:b6:4e:8d:66:03:83:e4:66:c7:04:
         93:47:6e:a2:64:96:02:62:f1:1b:94:a4:84:a5:e3:5d:4b:d4:
         4b:03:34:07:ce:d6:f8:e4:8b:64:b9:e5:1b:a6:fe:db:85:98:
         68:96:68:c0:29:c6:cd:4a:3b:2e:77:22:7b:84:e4:2a:a0:ce:
         6e:a0:43:a1:a5:be:af:52:34:d6:ba:69:1e:8f:9f:24:4c:04:
         4e:73:0f:c0:24:63:f8:9c:8c:ad:03:b6:16:5a:60:6e:82:0b:
         11:81:be:a2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkqz5uvzD0nWi0Z+L4L+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTNlZDA2ZTg4ZTU1OTFkOTA5NjY3Njk1MTU1NWMwZGM1
MzVjMTkwHhcNMjQwMTAxMTAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM3YzI0YjQzY2ZhNDE2YmFlOTA4NGZhYmVkOGY3MzdlMDc1NmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigNLVxqGeoLILrjCVNg/rJvmhVUj
0vq1VgCuxANLG2IEb9pr38TekQ7iFphmoYhC0EVP2WQwHG2JZFCzg4rHLgcJDYI0
Ks3ZKfJZrCn/0qqnwSeS33/4uKbH3g7mynD5+lW5E3OLAEaOZJd7YjMf1yc9UoKF
z7ggxEH0HPbJ08uQ5R6nz6rjEGKKzOftPICgHPa28nd7vwLOspeG3H3fSFt1EmvQ
jDLf/mpBAEa5eHumDhLGG1wlogIIV2nGo44X6RKbbmHOWvgzNoBRn7FN9cR6vpo6
VusgcnP7G4dPMi4ZycZQX5jihOsQL4OZ+sbakeRdjy9jVS8PDTc9rikwVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNLHwktDz6QWuukIT6vtj3N+B1b5MB8GA1UdIwQY
MBaAFGbj7QbojlWR2QlmdpUVVcDcU1wZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVQdEJ1aU9WWkhaQ1daMmxSVlZ3TnhUWEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni84ZDc1NDgtMDc1My00MGRjLThmYmIt
ZGUyMWY1ZmVlM2RiLzEvMHNmQ1MwUFBwQmE2NlFoUHEtMlBjMzRIVnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni84ZDc1NDgtMDc1My00MGRjLThmYmItZGUyMWY1ZmVlM2Ri
LzEvWnVQdEJ1aU9WWkhaQ1daMmxSVlZ3TnhUWEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuRywAwQA
uRyzMA0EAgACMAcDBQMqBEAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZp+vGW5PE3hqq
xworBwz6l5HAI+Z4icRrO53DKyUDLIIVcEFdHVum6ReFoqVcsQ3O1Y+oi+7yyJ+a
XWGSRLx4Zezk7IqkTgKvFKm6R6mfWCWaGol4w6gCz1ZoXybRMs1EFmX3ZEXd6JNn
SxBxnBcquz4X09Hm5N7OT4QXAP/pFFskamjRvNgh4/VibCqahcHmPzmu4NDkL7ZO
jWYDg+RmxwSTR26iZJYCYvEblKSEpeNdS9RLAzQHztb45ItkueUbpv7bhZholmjA
KcbNSjsudyJ7hOQqoM5uoEOhpb6vUjTWumkej58kTAROcw/AJGP4nIytA7YWWmBu
ggsRgb6i
-----END CERTIFICATE-----