Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/b1RHKpfHx7WWfVCQHycQ2bjvajE.roa
File:                     b1RHKpfHx7WWfVCQHycQ2bjvajE.roa (raw, json)
Hash identifier:          Ao6wIDKDrSR3fdn48s/1aTcaE4IF5TK++8TutH9Fp28=
Subject key identifier:   6F:54:47:2A:97:C7:C7:B5:96:7D:50:90:1F:27:10:D9:B8:EF:6A:31
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       018CC7950F3FB2EF24C2BCB11208CE1308DB
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/b1RHKpfHx7WWfVCQHycQ2bjvajE.roa
Signing time:             Tue 02 Jan 2024 00:31:23 +0000
ROA not before:           Tue 02 Jan 2024 00:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57588
IP address blocks:        185.143.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:0f:3f:b2:ef:24:c2:bc:b1:12:08:ce:13:08:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Jan  2 00:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f54472a97c7c7b5967d50901f2710d9b8ef6a31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2a:96:82:bf:17:72:80:a3:8c:66:ff:ea:1e:
                    e9:e7:e9:04:b9:55:a8:85:09:33:ec:90:c2:56:77:
                    73:2e:42:44:fd:8a:00:1e:48:9b:79:07:94:11:5b:
                    3a:88:01:0a:a8:e2:5c:4f:22:13:9b:14:b1:0e:f2:
                    19:cd:75:a0:05:56:e1:c3:09:da:23:1b:86:f6:aa:
                    2a:ee:e0:4a:1a:60:e6:65:0d:0f:65:7d:c8:f0:88:
                    db:f2:ec:2d:b4:7d:9c:60:c5:ec:98:18:9f:71:40:
                    42:93:d6:d0:4e:1f:f7:df:ac:9d:79:61:93:4c:f4:
                    2a:70:16:ce:11:c3:d9:77:d1:e6:9a:0c:93:d5:37:
                    34:90:fd:5b:17:60:49:cd:7e:27:06:01:d0:02:8f:
                    53:c9:ff:f5:cd:5b:e7:c2:4c:01:24:7d:a1:a0:d1:
                    e1:df:b6:f4:76:60:43:b8:55:ea:82:77:a9:94:94:
                    9b:35:0e:08:5f:36:12:f8:d9:0d:c6:52:2f:71:92:
                    02:a2:05:20:7e:5d:0c:86:f8:a3:26:a6:46:63:2e:
                    28:a8:73:7f:13:a7:cf:57:68:fa:1f:84:64:5e:7b:
                    79:98:21:cf:35:2e:82:3a:21:1e:90:00:fb:b9:f3:
                    c9:1c:d5:bc:0d:4d:50:36:27:9d:1d:5c:8b:b7:e0:
                    e0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:54:47:2A:97:C7:C7:B5:96:7D:50:90:1F:27:10:D9:B8:EF:6A:31
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/b1RHKpfHx7WWfVCQHycQ2bjvajE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:1a:a3:3f:73:4c:94:64:93:77:bf:9b:d3:71:5f:98:cf:ac:
         84:a5:b4:db:42:8d:9e:cc:7e:c4:9d:79:03:ca:34:d7:96:c6:
         9d:a3:81:96:56:cd:54:31:af:84:6a:ff:8a:f5:9a:5b:f2:07:
         20:cc:a5:82:db:a6:78:a9:6e:00:df:ca:ee:14:6f:59:3b:69:
         5c:26:40:29:1a:6c:7c:97:46:39:c1:93:06:86:d1:5e:04:46:
         31:af:ac:84:38:d0:5b:ee:46:d0:fb:1b:50:79:24:83:12:c3:
         cd:a0:ae:35:ec:50:52:35:7d:d4:83:5f:15:87:78:4f:93:ea:
         12:1a:50:b3:a0:e1:fd:72:cb:c7:68:b0:df:7b:35:91:a6:7c:
         a7:ae:2c:1a:71:49:3a:da:7e:e0:75:0a:c6:b7:c1:3d:a8:04:
         30:59:f9:b8:20:80:65:78:45:19:17:23:2f:7b:17:69:07:bf:
         31:3f:aa:ab:d9:d6:38:cd:35:07:bd:bc:21:eb:ad:e1:fc:7b:
         d9:b5:1a:7b:e0:23:de:6b:9a:3a:85:30:c9:69:cf:3d:e9:eb:
         5e:b6:69:35:88:f1:32:a8:77:51:b9:3f:a2:77:21:cb:4d:0c:
         f5:05:b1:8a:33:8a:21:d5:47:15:04:b6:b4:14:16:14:2a:3f:
         f9:4a:64:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQ8/su8kwryxEgjOEwjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjQwMTAyMDAzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjU0NDcyYTk3YzdjN2I1OTY3ZDUwOTAxZjI3MTBkOWI4ZWY2YTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCqWgr8XcoCjjGb/6h7p5+kEuVWo
hQkz7JDCVndzLkJE/YoAHkibeQeUEVs6iAEKqOJcTyITmxSxDvIZzXWgBVbhwwna
IxuG9qoq7uBKGmDmZQ0PZX3I8Ijb8uwttH2cYMXsmBifcUBCk9bQTh/336ydeWGT
TPQqcBbOEcPZd9HmmgyT1Tc0kP1bF2BJzX4nBgHQAo9Tyf/1zVvnwkwBJH2hoNHh
37b0dmBDuFXqgneplJSbNQ4IXzYS+NkNxlIvcZICogUgfl0MhvijJqZGYy4oqHN/
E6fPV2j6H4RkXnt5mCHPNS6COiEekAD7ufPJHNW8DU1QNiedHVyLt+DgCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9URyqXx8e1ln1QkB8nENm472oxMB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEvYjFSSEtwZkh4N1dXZlZDUUh5Y1EyYmp2YWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY8qMA0G
CSqGSIb3DQEBCwUAA4IBAQA2GqM/c0yUZJN3v5vTcV+Yz6yEpbTbQo2ezH7EnXkD
yjTXlsado4GWVs1UMa+Eav+K9Zpb8gcgzKWC26Z4qW4A38ruFG9ZO2lcJkApGmx8
l0Y5wZMGhtFeBEYxr6yEONBb7kbQ+xtQeSSDEsPNoK417FBSNX3Ug18Vh3hPk+oS
GlCzoOH9csvHaLDfezWRpnynriwacUk62n7gdQrGt8E9qAQwWfm4IIBleEUZFyMv
exdpB78xP6qr2dY4zTUHvbwh663h/HvZtRp74CPea5o6hTDJac896etetmk1iPEy
qHdRuT+idyHLTQz1BbGKM4oh1UcVBLa0FBYUKj/5SmR9
-----END CERTIFICATE-----