Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/9HiFkzjY9svGb25FkU6Ej5_iMb8.roa
File:                     9HiFkzjY9svGb25FkU6Ej5_iMb8.roa (raw, json)
Hash identifier:          YxFZXKFQyE9g2uIH4qSuY9IqXcpNVvT2Jg5QyS0rYr8=
Subject key identifier:   F4:78:85:93:38:D8:F6:CB:C6:6F:6E:45:91:4E:84:8F:9F:E2:31:BF
Certificate issuer:       /CN=66e3ed06e88e5591d9096676951555c0dc535c19
Certificate serial:       018CC492ADBCBEB5995C0732E317E2C679D5
Authority key identifier: 66:E3:ED:06:E8:8E:55:91:D9:09:66:76:95:15:55:C0:DC:53:5C:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/9HiFkzjY9svGb25FkU6Ej5_iMb8.roa
Signing time:             Mon 01 Jan 2024 10:29:56 +0000
ROA not before:           Mon 01 Jan 2024 10:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207218
IP address blocks:        185.28.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ad:bc:be:b5:99:5c:07:32:e3:17:e2:c6:79:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e3ed06e88e5591d9096676951555c0dc535c19
        Validity
            Not Before: Jan  1 10:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f478859338d8f6cbc66f6e45914e848f9fe231bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:0c:88:b4:1d:77:5b:d3:d5:26:6d:7a:03:bf:
                    25:fb:54:70:41:79:13:aa:56:77:03:29:a5:91:7c:
                    0b:b2:8f:74:79:ef:f7:c1:72:ed:f1:ab:09:1c:12:
                    5f:10:bc:36:b4:8a:c1:2f:0f:ec:f2:ab:93:35:d4:
                    ac:91:80:c0:43:f0:3e:71:4b:8b:fc:7f:0e:79:96:
                    9d:6b:e7:6d:9c:03:f8:83:26:17:9a:23:27:23:90:
                    59:6e:82:5c:83:73:8e:85:e8:a6:d9:3f:6b:2a:63:
                    0a:3f:61:54:6f:1d:04:ee:6c:05:0d:7e:96:9f:1e:
                    3b:01:f6:ce:c3:17:a7:94:43:69:ae:71:94:75:a8:
                    e5:9f:84:17:a2:a2:06:46:fc:39:bf:78:80:50:fc:
                    a8:1b:7f:36:cb:b8:23:dd:13:b6:ae:3d:1a:ad:dc:
                    f1:6a:ab:df:b6:6b:66:74:43:87:16:87:a7:e1:ed:
                    43:99:4f:ee:c8:6d:2e:6a:00:be:a8:7b:0f:9e:72:
                    81:f4:03:fd:e7:48:4e:5e:55:6d:90:aa:67:74:b3:
                    b1:ff:dc:ec:e1:62:9a:87:d3:58:39:01:4e:4e:6a:
                    79:b9:80:d7:ba:ed:77:06:fe:1b:6b:57:49:8c:5f:
                    09:85:1c:c4:54:52:ba:05:e9:85:92:c2:ff:9e:82:
                    49:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:78:85:93:38:D8:F6:CB:C6:6F:6E:45:91:4E:84:8F:9F:E2:31:BF
            X509v3 Authority Key Identifier:
                keyid:66:E3:ED:06:E8:8E:55:91:D9:09:66:76:95:15:55:C0:DC:53:5C:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/9HiFkzjY9svGb25FkU6Ej5_iMb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8d7548-0753-40dc-8fbb-de21f5fee3db/1/ZuPtBuiOVZHZCWZ2lRVVwNxTXBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:c3:82:fb:2f:8c:5a:6d:58:1a:75:89:e2:f7:d2:74:22:07:
         5b:eb:76:cb:31:1c:f7:60:d3:27:d5:1f:47:f1:00:b0:e1:75:
         19:c7:45:fc:7c:d7:9b:fc:87:72:1a:c5:9f:f2:82:82:18:58:
         97:4d:61:29:85:dc:08:27:81:41:ea:69:ed:4d:63:1f:67:60:
         47:fb:f5:09:3a:a1:dd:98:9c:fe:d6:16:d0:25:0d:c6:2b:1f:
         06:cd:e8:a9:8e:13:d5:33:50:a7:60:14:f9:e1:54:03:bc:26:
         27:76:17:e1:db:ab:35:26:a1:e2:f3:13:d7:f1:fa:8c:58:7d:
         ae:16:56:bc:d6:1d:87:36:b7:4d:51:f9:fd:62:6d:2c:46:02:
         b9:b0:17:57:1a:78:16:50:89:98:fc:e4:89:91:43:4b:80:4d:
         48:d4:e3:db:41:57:32:a8:a1:78:d5:32:2b:7c:1b:f2:24:a4:
         58:c4:c3:1b:3b:33:c6:12:d2:ab:d2:70:82:64:46:05:e6:7f:
         d4:11:ad:28:95:db:cf:e6:9e:cb:56:5f:ab:60:21:af:e7:6f:
         ed:86:ad:59:03:2e:95:8f:62:1f:82:9c:fd:d9:2e:fa:e0:c1:
         9e:c5:14:e4:f0:26:74:5d:6a:89:7b:bc:64:5b:f3:c2:09:a7:
         7b:5d:91:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkq28vrWZXAcy4xfixnnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTNlZDA2ZTg4ZTU1OTFkOTA5NjY3Njk1MTU1NWMwZGM1
MzVjMTkwHhcNMjQwMTAxMTAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDc4ODU5MzM4ZDhmNmNiYzY2ZjZlNDU5MTRlODQ4ZjlmZTIzMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9QyItB13W9PVJm16A78l+1RwQXkT
qlZ3AymlkXwLso90ee/3wXLt8asJHBJfELw2tIrBLw/s8quTNdSskYDAQ/A+cUuL
/H8OeZada+dtnAP4gyYXmiMnI5BZboJcg3OOheim2T9rKmMKP2FUbx0E7mwFDX6W
nx47AfbOwxenlENprnGUdajln4QXoqIGRvw5v3iAUPyoG382y7gj3RO2rj0ardzx
aqvftmtmdEOHFoen4e1DmU/uyG0uagC+qHsPnnKB9AP950hOXlVtkKpndLOx/9zs
4WKah9NYOQFOTmp5uYDXuu13Bv4ba1dJjF8JhRzEVFK6BemFksL/noJJcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPR4hZM42PbLxm9uRZFOhI+f4jG/MB8GA1UdIwQY
MBaAFGbj7QbojlWR2QlmdpUVVcDcU1wZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVQdEJ1aU9WWkhaQ1daMmxSVlZ3TnhUWEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni84ZDc1NDgtMDc1My00MGRjLThmYmIt
ZGUyMWY1ZmVlM2RiLzEvOUhpRmt6alk5c3ZHYjI1RmtVNkVqNV9pTWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni84ZDc1NDgtMDc1My00MGRjLThmYmItZGUyMWY1ZmVlM2Ri
LzEvWnVQdEJ1aU9WWkhaQ1daMmxSVlZ3TnhUWEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRyxMA0G
CSqGSIb3DQEBCwUAA4IBAQBuw4L7L4xabVgadYni99J0Igdb63bLMRz3YNMn1R9H
8QCw4XUZx0X8fNeb/IdyGsWf8oKCGFiXTWEphdwIJ4FB6mntTWMfZ2BH+/UJOqHd
mJz+1hbQJQ3GKx8GzeipjhPVM1CnYBT54VQDvCYndhfh26s1JqHi8xPX8fqMWH2u
Fla81h2HNrdNUfn9Ym0sRgK5sBdXGngWUImY/OSJkUNLgE1I1OPbQVcyqKF41TIr
fBvyJKRYxMMbOzPGEtKr0nCCZEYF5n/UEa0oldvP5p7LVl+rYCGv52/thq1ZAy6V
j2Ifgpz92S764MGexRTk8CZ0XWqJe7xkW/PCCad7XZHc
-----END CERTIFICATE-----