Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/sfDjxO-hcKYfu8i7EXCg6wgqBuU.roa
File:                     sfDjxO-hcKYfu8i7EXCg6wgqBuU.roa (raw, json)
Hash identifier:          8K/rYP/tSY1RPcT1L6L7OLuM5vMnfm1SK22tZ8zk5Io=
Subject key identifier:   B1:F0:E3:C4:EF:A1:70:A6:1F:BB:C8:BB:11:70:A0:EB:08:2A:06:E5
Certificate issuer:       /CN=ed7efb0a28f10cba751c92ccb0bfbf357b9a625d
Certificate serial:       018CC3B70DE84AB1008AE32592E2C357D4A8
Authority key identifier: ED:7E:FB:0A:28:F1:0C:BA:75:1C:92:CC:B0:BF:BF:35:7B:9A:62:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7X77CijxDLp1HJLMsL-_NXuaYl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/sfDjxO-hcKYfu8i7EXCg6wgqBuU.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199831
IP address blocks:        185.45.216.0/22 maxlen: 22
                          185.30.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/7X77CijxDLp1HJLMsL-_NXuaYl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/7X77CijxDLp1HJLMsL-_NXuaYl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7X77CijxDLp1HJLMsL-_NXuaYl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0d:e8:4a:b1:00:8a:e3:25:92:e2:c3:57:d4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed7efb0a28f10cba751c92ccb0bfbf357b9a625d
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f0e3c4efa170a61fbbc8bb1170a0eb082a06e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b6:1a:91:12:d4:b2:2b:72:a8:f4:30:2f:c7:
                    89:69:42:36:f0:b8:48:81:94:d4:1d:6d:d3:07:a6:
                    56:36:6a:d4:30:0c:ff:6e:64:87:37:3a:7b:f1:e3:
                    ad:33:fb:52:23:ca:64:fd:ae:5f:ba:9f:8b:e8:63:
                    fd:9e:67:a8:9b:7a:7b:d6:2a:dc:0c:6e:1f:08:c4:
                    a7:77:59:a3:4c:63:73:98:c6:b8:48:68:5a:aa:fe:
                    3d:d1:e5:ed:fe:c3:3f:5c:26:53:d9:75:9f:ae:61:
                    a8:bb:c9:a9:b6:e5:4f:83:dd:51:28:77:15:a3:ba:
                    ef:59:12:cf:f7:dc:5b:96:cd:f1:68:6c:82:12:be:
                    90:dd:d3:e5:7b:84:29:6c:c2:b6:fa:5e:33:22:f7:
                    c3:57:36:be:ca:fc:41:1f:77:3a:7b:2d:14:e1:32:
                    7b:af:d4:99:5d:fc:1a:fb:68:23:aa:59:8b:32:98:
                    1b:1d:18:96:08:b6:c3:00:e8:8a:4f:a5:85:9c:f6:
                    ca:70:5d:11:88:71:06:05:18:ae:75:e3:17:c7:d5:
                    53:81:cd:fc:ec:ba:cd:2a:da:b4:80:d8:05:1f:b9:
                    06:63:b8:05:7d:19:67:81:71:7b:a0:5f:83:48:21:
                    62:6d:67:46:e8:b8:cf:35:09:57:82:63:f0:16:63:
                    b0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F0:E3:C4:EF:A1:70:A6:1F:BB:C8:BB:11:70:A0:EB:08:2A:06:E5
            X509v3 Authority Key Identifier:
                keyid:ED:7E:FB:0A:28:F1:0C:BA:75:1C:92:CC:B0:BF:BF:35:7B:9A:62:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7X77CijxDLp1HJLMsL-_NXuaYl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/sfDjxO-hcKYfu8i7EXCg6wgqBuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/65ab29-0c20-417a-8958-97fe470809f9/1/7X77CijxDLp1HJLMsL-_NXuaYl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.0.0/22
                  185.45.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:85:00:4c:98:3c:2e:48:2a:df:df:e7:c6:3b:11:1e:26:be:
         1b:70:24:43:a4:b2:e0:96:e6:0d:a6:50:d2:b5:3f:71:93:a3:
         b1:20:69:23:46:d3:b8:93:25:bc:5b:e7:de:31:39:0c:73:52:
         a8:da:cf:11:60:1f:78:ed:00:e6:9b:8b:83:f3:06:9d:c7:c4:
         a3:28:9d:a7:b0:3f:e5:45:29:4b:e6:d4:0a:71:0f:b5:db:91:
         f0:9f:1a:93:03:a3:84:42:a7:b6:13:f4:6f:1b:ef:42:73:87:
         d3:a9:0e:aa:ee:9d:a7:2f:ee:75:9c:9d:e4:20:f7:b7:d7:f4:
         41:39:30:94:fc:d3:13:a4:2c:b0:bd:7b:7e:b5:30:5a:6f:27:
         f0:24:d5:a6:40:bd:39:82:25:dd:7d:b1:7c:8c:58:df:f5:ef:
         81:b6:2c:4c:80:cd:cc:f3:e1:0c:b6:2d:35:c9:ce:40:01:32:
         92:0b:d9:fb:4e:38:ce:0c:7d:45:e6:ad:fb:48:d5:71:59:f9:
         cf:14:07:18:e3:4c:a5:0f:03:f6:d9:cd:e4:be:29:0f:79:80:
         4f:f2:36:c7:19:c2:12:83:fb:ce:73:32:79:4a:a6:d7:e7:49:
         be:02:90:08:0d:44:05:e2:16:2b:e1:dd:cc:e6:4e:10:2d:f6:
         8e:25:07:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtw3oSrEAiuMlkuLDV9SoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkN2VmYjBhMjhmMTBjYmE3NTFjOTJjY2IwYmZiZjM1N2I5
YTYyNWQwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYwZTNjNGVmYTE3MGE2MWZiYmM4YmIxMTcwYTBlYjA4MmEwNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLYakRLUsityqPQwL8eJaUI28LhI
gZTUHW3TB6ZWNmrUMAz/bmSHNzp78eOtM/tSI8pk/a5fup+L6GP9nmeom3p71irc
DG4fCMSnd1mjTGNzmMa4SGhaqv490eXt/sM/XCZT2XWfrmGou8mptuVPg91RKHcV
o7rvWRLP99xbls3xaGyCEr6Q3dPle4QpbMK2+l4zIvfDVza+yvxBH3c6ey0U4TJ7
r9SZXfwa+2gjqlmLMpgbHRiWCLbDAOiKT6WFnPbKcF0RiHEGBRiudeMXx9VTgc38
7LrNKtq0gNgFH7kGY7gFfRlngXF7oF+DSCFibWdG6LjPNQlXgmPwFmOwTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHw48TvoXCmH7vIuxFwoOsIKgblMB8GA1UdIwQY
MBaAFO1++woo8Qy6dRySzLC/vzV7mmJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1g3N0NpanhETHAxSEpMTXNMLV9OWHVhWWwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NWFiMjktMGMyMC00MTdhLTg5NTgt
OTdmZTQ3MDgwOWY5LzEvc2ZEanhPLWhjS1lmdThpN0VYQ2c2d2dxQnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NWFiMjktMGMyMC00MTdhLTg5NTgtOTdmZTQ3MDgwOWY5
LzEvN1g3N0NpanhETHAxSEpMTXNMLV9OWHVhWWwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuR4AAwQC
uS3YMA0GCSqGSIb3DQEBCwUAA4IBAQAZhQBMmDwuSCrf3+fGOxEeJr4bcCRDpLLg
luYNplDStT9xk6OxIGkjRtO4kyW8W+feMTkMc1Ko2s8RYB947QDmm4uD8wadx8Sj
KJ2nsD/lRSlL5tQKcQ+125HwnxqTA6OEQqe2E/RvG+9Cc4fTqQ6q7p2nL+51nJ3k
IPe31/RBOTCU/NMTpCywvXt+tTBabyfwJNWmQL05giXdfbF8jFjf9e+BtixMgM3M
8+EMti01yc5AATKSC9n7TjjODH1F5q37SNVxWfnPFAcY40ylDwP22c3kvikPeYBP
8jbHGcISg/vOczJ5SqbX50m+ApAIDUQF4hYr4d3M5k4QLfaOJQdd
-----END CERTIFICATE-----