Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/k8WQBJf-3eoWKVeh8YVtvNQ0oo8.roa
File:                     k8WQBJf-3eoWKVeh8YVtvNQ0oo8.roa (raw, json)
Hash identifier:          MFPYveCCqDxEAhsRfO3MZ5qkYgF+BZZ4/Vrfs1aL4f8=
Subject key identifier:   93:C5:90:04:97:FE:DD:EA:16:29:57:A1:F1:85:6D:BC:D4:34:A2:8F
Certificate issuer:       /CN=0ef47d753d25289fd98794974aa0536010567bd9
Certificate serial:       018DF68F144423115C7DDBE5058F5F9AAE3F
Authority key identifier: 0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/k8WQBJf-3eoWKVeh8YVtvNQ0oo8.roa
Signing time:             Thu 29 Feb 2024 20:29:48 +0000
ROA not before:           Thu 29 Feb 2024 20:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207505
IP address blocks:        185.242.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f6:8f:14:44:23:11:5c:7d:db:e5:05:8f:5f:9a:ae:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef47d753d25289fd98794974aa0536010567bd9
        Validity
            Not Before: Feb 29 20:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93c5900497feddea162957a1f1856dbcd434a28f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d0:4f:b1:77:1a:e5:bb:73:f8:aa:9b:d0:f4:
                    74:e5:7c:f7:1c:d1:70:11:c2:c0:d2:76:c9:7e:eb:
                    97:cb:e8:5d:00:a2:f9:22:05:1e:58:22:63:ff:be:
                    2a:d6:b3:68:cb:e6:09:06:ab:91:50:a8:cb:e5:05:
                    2c:dd:e0:d5:7b:39:2e:52:3f:a4:13:67:6a:ca:33:
                    af:b5:90:3f:d5:0d:54:ec:16:11:7e:0d:d3:40:c8:
                    90:87:21:fe:c2:10:56:8d:9a:73:ad:34:ab:26:2d:
                    18:16:a4:29:3d:8c:ce:71:12:5d:4e:69:14:54:6a:
                    f2:dc:2e:b4:90:ec:a9:20:fd:5e:f4:99:57:4f:83:
                    b4:c4:39:2f:3d:df:4c:33:3e:d2:7f:7d:55:d8:16:
                    01:1c:2d:99:4e:5e:82:57:5d:e4:d3:a6:1b:9e:69:
                    01:71:72:2c:a0:35:49:ae:dd:b7:2c:c4:83:01:fa:
                    29:fe:a7:1b:5a:63:89:20:e5:12:7b:f6:d4:2e:36:
                    cd:60:a4:1b:c9:6d:75:77:f0:23:70:b1:23:71:7d:
                    57:8c:0c:4d:8d:ad:de:82:02:9b:a5:7f:16:c9:49:
                    7c:9a:1a:99:9f:5c:13:5e:10:80:cf:14:4c:84:3e:
                    20:6c:be:0b:df:96:7f:7a:79:77:fc:1a:61:9c:46:
                    e3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C5:90:04:97:FE:DD:EA:16:29:57:A1:F1:85:6D:BC:D4:34:A2:8F
            X509v3 Authority Key Identifier:
                keyid:0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/k8WQBJf-3eoWKVeh8YVtvNQ0oo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1b:cf:a7:31:4a:c2:88:db:d6:d8:78:bd:0d:14:46:3b:7d:
         14:60:f7:ae:ad:d8:85:ba:73:1a:3b:90:b1:28:68:15:63:79:
         b2:00:11:e1:9c:7d:1e:91:db:c9:de:47:e1:78:29:0f:67:e8:
         81:9d:5b:5c:cb:81:bf:d7:eb:76:65:e0:e0:94:42:7a:ac:9f:
         b3:1d:8d:7e:c4:26:a7:b0:9b:18:05:ff:1b:da:da:e9:72:36:
         12:bb:4b:f1:8c:01:9a:16:b0:36:5b:0d:e4:8b:50:5c:25:ec:
         d4:11:25:b2:10:69:e1:30:57:b6:6b:be:bc:2c:c8:4c:d7:71:
         9d:87:57:79:c9:e8:9f:9f:f2:eb:bd:63:82:ff:1b:b0:09:2a:
         73:4e:21:2e:01:7e:1c:c8:5c:70:d9:85:3c:28:c5:5e:81:64:
         ab:8e:cb:27:c3:c9:3e:11:16:50:c1:76:04:fc:e6:d6:d3:e9:
         10:16:50:48:45:0c:e4:af:f1:5a:30:e5:43:2e:53:78:e2:10:
         b5:7a:cc:a2:f6:c1:61:16:8f:42:44:c1:c9:03:05:11:8a:66:
         ca:6d:3b:a2:79:9d:63:b2:d4:16:8b:3b:b1:b4:9b:19:ff:cc:
         e1:20:91:8f:16:ad:28:6c:be:2a:c4:44:6b:6e:c6:30:a5:61:
         6d:48:f1:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY32jxREIxFcfdvlBY9fmq4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjQ3ZDc1M2QyNTI4OWZkOTg3OTQ5NzRhYTA1MzYwMTA1
NjdiZDkwHhcNMjQwMjI5MjAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M1OTAwNDk3ZmVkZGVhMTYyOTU3YTFmMTg1NmRiY2Q0MzRhMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdBPsXca5btz+Kqb0PR05Xz3HNFw
EcLA0nbJfuuXy+hdAKL5IgUeWCJj/74q1rNoy+YJBquRUKjL5QUs3eDVezkuUj+k
E2dqyjOvtZA/1Q1U7BYRfg3TQMiQhyH+whBWjZpzrTSrJi0YFqQpPYzOcRJdTmkU
VGry3C60kOypIP1e9JlXT4O0xDkvPd9MMz7Sf31V2BYBHC2ZTl6CV13k06YbnmkB
cXIsoDVJrt23LMSDAfop/qcbWmOJIOUSe/bULjbNYKQbyW11d/AjcLEjcX1XjAxN
ja3eggKbpX8WyUl8mhqZn1wTXhCAzxRMhD4gbL4L35Z/enl3/BphnEbjFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPFkASX/t3qFilXofGFbbzUNKKPMB8GA1UdIwQY
MBaAFA70fXU9JSif2YeUl0qgU2AQVnvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYt
YTRjOGQ5ODk1YTQzLzEvazhXUUJKZi0zZW9XS1ZlaDhZVnR2TlEwb284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYtYTRjOGQ5ODk1YTQz
LzEvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLbMA0G
CSqGSIb3DQEBCwUAA4IBAQBHG8+nMUrCiNvW2Hi9DRRGO30UYPeurdiFunMaO5Cx
KGgVY3myABHhnH0ekdvJ3kfheCkPZ+iBnVtcy4G/1+t2ZeDglEJ6rJ+zHY1+xCan
sJsYBf8b2trpcjYSu0vxjAGaFrA2Ww3ki1BcJezUESWyEGnhMFe2a768LMhM13Gd
h1d5yeifn/LrvWOC/xuwCSpzTiEuAX4cyFxw2YU8KMVegWSrjssnw8k+ERZQwXYE
/ObW0+kQFlBIRQzkr/FaMOVDLlN44hC1esyi9sFhFo9CRMHJAwURimbKbTuieZ1j
stQWizuxtJsZ/8zhIJGPFq0obL4qxERrbsYwpWFtSPHY
-----END CERTIFICATE-----