Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/AHHvuaqepU-66ln9Y9b75QoqN4k.roa
File:                     AHHvuaqepU-66ln9Y9b75QoqN4k.roa (raw, json)
Hash identifier:          mlJXd2+uLfQ4lc2EUdTsE1nZkcN7dtBY+UcPs0W7ai0=
Subject key identifier:   00:71:EF:B9:AA:9E:A5:4F:BA:EA:59:FD:63:D6:FB:E5:0A:2A:37:89
Certificate issuer:       /CN=cda843e812b16dec60bb7098ca4133117db8474d
Certificate serial:       018CC94BE709251A19AD4F4C8A4457C1B492
Authority key identifier: CD:A8:43:E8:12:B1:6D:EC:60:BB:70:98:CA:41:33:11:7D:B8:47:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zahD6BKxbexgu3CYykEzEX24R00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/AHHvuaqepU-66ln9Y9b75QoqN4k.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.96.140.0/24 maxlen: 24
                          2a00:5020::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/zahD6BKxbexgu3CYykEzEX24R00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/zahD6BKxbexgu3CYykEzEX24R00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zahD6BKxbexgu3CYykEzEX24R00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e7:09:25:1a:19:ad:4f:4c:8a:44:57:c1:b4:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cda843e812b16dec60bb7098ca4133117db8474d
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0071efb9aa9ea54fbaea59fd63d6fbe50a2a3789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9e:1e:f6:11:b1:a2:43:f1:77:14:d8:79:0e:
                    b5:b4:f7:98:7b:49:e9:cd:7d:d9:4e:d3:db:e0:ff:
                    4b:2a:c9:07:e0:eb:39:32:c8:93:5f:41:33:ba:75:
                    c1:6a:3b:f6:26:c2:d3:cf:87:6b:0e:53:b8:47:2c:
                    24:62:d7:58:db:b6:b2:76:ed:fb:33:5c:1f:1b:a2:
                    ef:18:f5:02:43:a2:e6:b6:98:43:ef:ba:be:d9:6b:
                    16:23:1c:42:a3:99:5b:1c:6f:63:22:fb:f1:7c:79:
                    fd:ad:23:2d:6b:4a:3e:83:5b:df:9b:d4:d5:a1:3d:
                    11:aa:61:0e:b8:dc:9e:17:09:65:94:83:56:c8:17:
                    cb:12:91:58:94:41:53:c7:de:0f:05:23:75:05:93:
                    4a:f8:88:63:16:97:a6:8f:08:8d:eb:6d:82:2e:f6:
                    c0:7e:4e:ab:c0:8f:9b:fc:01:44:66:85:cd:5e:46:
                    e1:80:1d:6b:ac:79:19:61:b2:07:4b:3e:35:e5:17:
                    55:f9:c7:70:28:2f:ae:ae:77:5c:aa:53:3d:12:e2:
                    16:51:a5:2c:fc:c3:36:2b:6a:13:df:9d:ec:0b:c8:
                    0f:c1:ef:ae:2a:78:d5:f1:be:32:83:96:5f:b6:cd:
                    e7:51:6a:73:6a:2d:1a:0b:5a:c8:22:c1:29:cc:de:
                    3f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:71:EF:B9:AA:9E:A5:4F:BA:EA:59:FD:63:D6:FB:E5:0A:2A:37:89
            X509v3 Authority Key Identifier:
                keyid:CD:A8:43:E8:12:B1:6D:EC:60:BB:70:98:CA:41:33:11:7D:B8:47:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zahD6BKxbexgu3CYykEzEX24R00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/AHHvuaqepU-66ln9Y9b75QoqN4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8eb32d-f7e3-4a9c-aaa4-8421d781b03b/1/zahD6BKxbexgu3CYykEzEX24R00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.140.0/24
                IPv6:
                  2a00:5020::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:f8:47:0f:df:31:e1:80:3c:5d:0b:f8:19:c2:6f:55:65:53:
         30:8e:f3:15:b2:c9:40:12:32:6f:45:37:05:03:a5:9e:63:fb:
         78:62:86:7a:f3:88:92:ce:23:ce:e2:f2:91:5b:6a:29:0f:65:
         fd:31:6a:01:71:01:7b:2f:7d:69:cd:6d:01:32:df:75:46:b2:
         aa:08:c1:af:79:01:43:27:b7:a8:28:f9:6e:58:f9:5f:d1:87:
         be:e5:ec:9b:fb:91:77:3c:d5:b4:43:e5:24:b3:ec:f0:b1:c3:
         6b:bb:65:6b:5e:b2:87:e0:15:55:5a:13:7c:c2:ec:5d:60:96:
         38:b9:d9:10:90:85:65:be:06:df:f9:74:1b:35:c3:f9:96:11:
         74:28:eb:d8:cf:37:87:e4:96:6d:ba:dc:bf:af:63:7d:b1:fc:
         46:67:5b:ce:ff:92:cb:41:c0:7b:34:43:bd:51:25:8c:15:83:
         8d:e2:68:b0:61:06:0a:43:66:39:0e:51:ee:2a:0b:3d:ad:19:
         0c:23:b3:6e:bb:4c:4e:ae:c7:1a:e8:a4:53:5e:9c:cf:d7:5a:
         69:79:d6:24:15:26:51:71:9e:91:a4:43:82:b0:db:5f:5d:5e:
         a7:de:ab:7e:bd:31:2e:ed:09:71:a3:48:a1:af:7f:f4:a4:9d:
         3a:60:e5:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJS+cJJRoZrU9MikRXwbSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYTg0M2U4MTJiMTZkZWM2MGJiNzA5OGNhNDEzMzExN2Ri
ODQ3NGQwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDcxZWZiOWFhOWVhNTRmYmFlYTU5ZmQ2M2Q2ZmJlNTBhMmEzNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ4e9hGxokPxdxTYeQ61tPeYe0np
zX3ZTtPb4P9LKskH4Os5MsiTX0EzunXBajv2JsLTz4drDlO4RywkYtdY27aydu37
M1wfG6LvGPUCQ6LmtphD77q+2WsWIxxCo5lbHG9jIvvxfHn9rSMta0o+g1vfm9TV
oT0RqmEOuNyeFwlllINWyBfLEpFYlEFTx94PBSN1BZNK+IhjFpemjwiN622CLvbA
fk6rwI+b/AFEZoXNXkbhgB1rrHkZYbIHSz415RdV+cdwKC+urndcqlM9EuIWUaUs
/MM2K2oT353sC8gPwe+uKnjV8b4yg5Zfts3nUWpzai0aC1rIIsEpzN4/3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFABx77mqnqVPuupZ/WPW++UKKjeJMB8GA1UdIwQY
MBaAFM2oQ+gSsW3sYLtwmMpBMxF9uEdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFoRDZCS3hiZXhndTNDWXlrRXpFWDI0UjAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84ZWIzMmQtZjdlMy00YTljLWFhYTQt
ODQyMWQ3ODFiMDNiLzEvQUhIdnVhcWVwVS02NmxuOVk5Yjc1UW9xTjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84ZWIzMmQtZjdlMy00YTljLWFhYTQtODQyMWQ3ODFiMDNi
LzEvemFoRDZCS3hiZXhndTNDWXlrRXpFWDI0UjAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWCMMA8E
AgACMAkDBwAqAFAgAAAwDQYJKoZIhvcNAQELBQADggEBAGr4Rw/fMeGAPF0L+BnC
b1VlUzCO8xWyyUASMm9FNwUDpZ5j+3hihnrziJLOI87i8pFbaikPZf0xagFxAXsv
fWnNbQEy33VGsqoIwa95AUMnt6go+W5Y+V/Rh77l7Jv7kXc81bRD5SSz7PCxw2u7
ZWtesofgFVVaE3zC7F1glji52RCQhWW+Bt/5dBs1w/mWEXQo69jPN4fklm263L+v
Y32x/EZnW87/kstBwHs0Q71RJYwVg43iaLBhBgpDZjkOUe4qCz2tGQwjs267TE6u
xxropFNenM/XWml51iQVJlFxnpGkQ4Kw219dXqfeq369MS7tCXGjSKGvf/SknTpg
5bI=
-----END CERTIFICATE-----