Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/eTc_cExB7oA-s_D66voABq54SoQ.roa
File:                     eTc_cExB7oA-s_D66voABq54SoQ.roa (raw, json)
Hash identifier:          ho3rrnaJt7tIZ4fcmKlB5H0ZPrfdA3fJgYPJfGNCEcw=
Subject key identifier:   79:37:3F:70:4C:41:EE:80:3E:B3:F0:FA:EA:FA:00:06:AE:78:4A:84
Certificate issuer:       /CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
Certificate serial:       018CC64B8DA4140739C9CC5D9B4267187157
Authority key identifier: F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/eTc_cExB7oA-s_D66voABq54SoQ.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204865
IP address blocks:        185.237.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8d:a4:14:07:39:c9:cc:5d:9b:42:67:18:71:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79373f704c41ee803eb3f0faeafa0006ae784a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c8:19:3b:85:78:a8:d7:92:3b:87:f8:35:96:
                    17:26:d6:0b:7f:a2:5e:be:16:08:a4:f3:81:8a:9d:
                    11:8e:6e:78:84:30:e2:c3:ab:b6:20:d0:00:0c:67:
                    98:84:f5:e4:fc:58:9d:87:3d:50:93:00:e0:85:96:
                    1f:66:4b:7b:42:84:e5:6e:7f:29:e7:6f:4d:43:61:
                    8d:c8:c4:61:97:95:66:5a:14:a7:ec:30:fe:18:0d:
                    f3:11:54:92:fd:fd:b9:d9:98:1b:e0:a2:3c:2b:3a:
                    13:0a:d1:38:b5:36:53:26:a4:7c:60:09:82:9a:18:
                    31:c1:22:40:d6:0f:61:22:08:69:b5:6c:ee:08:39:
                    c3:e3:1e:55:91:76:b1:2e:d9:8d:73:9a:d6:80:6a:
                    c8:f4:b1:cb:0a:00:78:fa:74:37:3c:21:8e:b0:d0:
                    8e:72:57:3b:cd:33:d5:58:46:26:52:31:7b:5c:e1:
                    1c:63:68:1c:fe:d3:67:64:bc:fb:1d:dd:4e:f2:67:
                    2e:a2:b1:66:ec:ea:a2:3e:45:0b:7a:fe:ed:e6:2d:
                    3c:47:df:aa:ea:c8:e1:7c:12:83:58:74:15:eb:d4:
                    61:f4:f4:c1:02:4b:1b:a7:f5:3f:32:7d:e1:39:02:
                    97:6e:24:c8:27:96:cc:c4:da:69:87:16:ec:d5:ef:
                    5e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:37:3F:70:4C:41:EE:80:3E:B3:F0:FA:EA:FA:00:06:AE:78:4A:84
            X509v3 Authority Key Identifier:
                keyid:F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/eTc_cExB7oA-s_D66voABq54SoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:51:e0:f3:c5:b9:cb:b1:c7:94:42:44:fd:15:68:95:63:cd:
         76:bd:b6:fd:c2:de:6b:16:cc:74:6d:67:9e:5b:71:b6:12:d9:
         09:61:2d:e2:38:a9:c5:a2:e7:ac:54:0b:44:eb:cc:30:67:fc:
         60:b5:cf:1e:21:5b:e5:81:4f:c8:50:73:11:2a:a9:c5:74:48:
         bd:46:16:e0:a6:04:99:79:82:87:05:ae:1e:28:40:70:e7:35:
         0d:ce:ee:93:33:f2:e7:95:47:c8:01:d2:ef:94:91:f8:9c:52:
         98:95:94:96:cf:69:a4:15:1f:ad:46:c7:10:c6:53:e5:a6:18:
         3a:fd:b5:65:0a:0b:82:95:2c:9f:b5:2a:d9:91:33:13:36:dd:
         97:4c:f6:5a:0a:94:23:5c:85:f3:a8:c1:8e:70:dd:ad:7e:33:
         0a:28:c6:5d:84:58:17:88:b2:75:fa:72:83:ea:76:48:51:37:
         1c:03:be:49:10:b1:10:29:d3:47:e8:5c:8e:14:4e:a8:51:b6:
         7c:ad:c5:cc:6b:0b:44:db:7c:12:4b:1d:00:db:cc:3a:db:7b:
         50:9a:2d:c3:54:20:9d:bf:ff:39:50:1c:64:64:4b:e3:89:33:
         12:40:38:26:f6:dc:07:ae:eb:cf:3b:3b:7d:c0:a0:cd:a7:b7:
         48:63:c1:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS42kFAc5ycxdm0JnGHFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MDM3OWYzYWZkOTRjMGYyNmI2N2ZmZmEzNGQ2ZTk0NmMy
OWQ2MjQwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTM3M2Y3MDRjNDFlZTgwM2ViM2YwZmFlYWZhMDAwNmFlNzg0YTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcgZO4V4qNeSO4f4NZYXJtYLf6Je
vhYIpPOBip0Rjm54hDDiw6u2INAADGeYhPXk/Fidhz1QkwDghZYfZkt7QoTlbn8p
529NQ2GNyMRhl5VmWhSn7DD+GA3zEVSS/f252Zgb4KI8KzoTCtE4tTZTJqR8YAmC
mhgxwSJA1g9hIghptWzuCDnD4x5VkXaxLtmNc5rWgGrI9LHLCgB4+nQ3PCGOsNCO
clc7zTPVWEYmUjF7XOEcY2gc/tNnZLz7Hd1O8mcuorFm7OqiPkULev7t5i08R9+q
6sjhfBKDWHQV69Rh9PTBAksbp/U/Mn3hOQKXbiTIJ5bMxNpphxbs1e9eEwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHk3P3BMQe6APrPw+ur6AAaueEqEMB8GA1UdIwQY
MBaAFPkDefOv2UwPJrZ//6NNbpRsKdYkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1RTjU4Nl9aVEE4bXRuX19vMDF1bEd3cDFpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvZGU3ZWY2LWJkYWUtNDcxNy1iMDYx
LTZmMjA3OTUxYzRiMi8xL2VUY19jRXhCN29BLXNfRDY2dm9BQnE1NFNvUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDYvZGU3ZWY2LWJkYWUtNDcxNy1iMDYxLTZmMjA3OTUxYzRi
Mi8xLzEtUU41ODZfWlRBOG10bl9fbzAxdWxHd3AxaVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC57VUw
DQYJKoZIhvcNAQELBQADggEBAEZR4PPFucuxx5RCRP0VaJVjzXa9tv3C3msWzHRt
Z55bcbYS2QlhLeI4qcWi56xUC0TrzDBn/GC1zx4hW+WBT8hQcxEqqcV0SL1GFuCm
BJl5gocFrh4oQHDnNQ3O7pMz8ueVR8gB0u+UkficUpiVlJbPaaQVH61GxxDGU+Wm
GDr9tWUKC4KVLJ+1KtmRMxM23ZdM9loKlCNchfOowY5w3a1+Mwooxl2EWBeIsnX6
coPqdkhRNxwDvkkQsRAp00foXI4UTqhRtnytxcxrC0TbfBJLHQDbzDrbe1CaLcNU
IJ2//zlQHGRkS+OJMxJAOCb23Aeu6887O33AoM2nt0hjwX0=
-----END CERTIFICATE-----