Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cPMM1K2hPwBNKXA18ExqfxyFH_8.roa
File:                     cPMM1K2hPwBNKXA18ExqfxyFH_8.roa (raw, json)
Hash identifier:          Rk1fOPT6TU4NWB8GNmrAkfVB3OCjHNj2bkDsnIR+N5k=
Subject key identifier:   70:F3:0C:D4:AD:A1:3F:00:4D:29:70:35:F0:4C:6A:7F:1C:85:1F:FF
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01913826118A154FC5D8B87D60C6CD2B18AF
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cPMM1K2hPwBNKXA18ExqfxyFH_8.roa
Signing time:             Fri 09 Aug 2024 17:18:24 +0000
ROA not before:           Fri 09 Aug 2024 17:18:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273829
IP address blocks:        185.229.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:38:26:11:8a:15:4f:c5:d8:b8:7d:60:c6:cd:2b:18:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug  9 17:18:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70f30cd4ada13f004d297035f04c6a7f1c851fff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:87:af:f8:95:d6:45:98:f2:68:92:84:2a:
                    9e:31:c0:af:1a:d3:8e:37:0c:c3:a9:dd:dd:3f:41:
                    41:ad:c4:0e:19:ea:51:c7:eb:28:26:48:04:6d:eb:
                    2a:dc:35:7e:23:84:55:ef:ea:3e:7b:13:a2:c0:de:
                    19:ad:13:47:d2:67:37:d7:93:98:02:e8:0f:b0:bb:
                    2e:0c:1f:90:48:c2:61:a9:04:32:5d:07:4d:94:a3:
                    90:be:e1:45:bc:6d:f3:5d:3e:b7:53:84:13:00:38:
                    f0:19:eb:6e:10:f3:c3:d4:f1:ec:cc:c9:df:1c:c2:
                    80:52:d6:02:c9:0e:34:39:29:1b:c0:70:11:ea:95:
                    18:f8:e7:b5:a4:5d:83:42:bf:af:25:91:49:67:66:
                    88:86:2d:b8:d6:4f:ca:54:5b:ec:ec:0f:ff:d7:13:
                    43:90:37:f6:a1:c1:e3:e1:9c:4b:20:3c:fe:f6:e2:
                    65:24:14:d7:90:52:c8:59:28:df:4c:86:2a:ae:62:
                    1a:3e:6c:ce:7d:f9:ca:c7:81:d9:6c:7b:3c:6d:13:
                    ec:ba:05:c5:f2:d4:00:82:77:cd:70:9f:d0:fd:47:
                    7b:ab:0a:9d:c1:a5:20:64:49:49:d1:59:a1:ac:a4:
                    07:da:e4:d9:03:d9:16:57:2e:9d:e9:ef:fa:8c:ba:
                    5c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F3:0C:D4:AD:A1:3F:00:4D:29:70:35:F0:4C:6A:7F:1C:85:1F:FF
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cPMM1K2hPwBNKXA18ExqfxyFH_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:51:00:ca:6c:63:24:ce:06:61:91:5c:22:b4:56:bf:ba:75:
         3e:50:81:ab:de:9e:2d:8e:d3:2b:a3:59:7c:be:c0:7e:b6:38:
         68:08:f8:93:eb:b0:4d:7d:9f:02:10:ca:6c:f8:b9:dd:83:56:
         aa:23:cb:7b:3d:80:11:0c:9b:a3:de:bf:32:8c:99:ff:41:5b:
         9b:89:f9:54:d7:89:2e:df:65:6c:0f:71:8a:f1:d9:2e:84:26:
         d4:a6:e9:bb:9b:32:0b:e0:63:0e:a1:46:34:47:33:29:56:17:
         51:6d:96:df:05:53:d9:f3:2e:e8:fb:d1:09:d4:6f:46:c9:86:
         29:92:a8:24:45:cf:01:de:4a:23:3e:e7:9b:fa:78:b6:2b:cb:
         ed:f5:ca:cf:b9:13:15:9c:b8:0c:6a:1a:dd:cb:b0:77:c9:1a:
         d6:c6:d4:d0:49:f7:d8:fe:40:d3:cd:73:b9:11:6a:d4:52:c6:
         8a:90:3a:9d:c6:a3:00:19:34:59:57:50:cf:e0:84:89:92:a3:
         3c:8e:b7:f7:56:33:5f:32:04:09:c8:3d:e5:41:72:cb:85:db:
         bc:e8:6f:0e:d5:a8:7c:3d:9d:07:b8:2f:3a:50:22:5b:bc:f9:
         fc:23:47:31:f9:4f:ab:d2:79:2e:c7:5c:11:4e:7a:eb:5c:dd:
         07:fa:27:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE4JhGKFU/F2Lh9YMbNKxivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwODA5MTcxODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGYzMGNkNGFkYTEzZjAwNGQyOTcwMzVmMDRjNmE3ZjFjODUxZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog2Hr/iV1kWY8miShCqeMcCvGtOO
NwzDqd3dP0FBrcQOGepRx+soJkgEbesq3DV+I4RV7+o+exOiwN4ZrRNH0mc315OY
AugPsLsuDB+QSMJhqQQyXQdNlKOQvuFFvG3zXT63U4QTADjwGetuEPPD1PHszMnf
HMKAUtYCyQ40OSkbwHAR6pUY+Oe1pF2DQr+vJZFJZ2aIhi241k/KVFvs7A//1xND
kDf2ocHj4ZxLIDz+9uJlJBTXkFLIWSjfTIYqrmIaPmzOffnKx4HZbHs8bRPsugXF
8tQAgnfNcJ/Q/Ud7qwqdwaUgZElJ0VmhrKQH2uTZA9kWVy6d6e/6jLpckwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDzDNStoT8ATSlwNfBMan8chR//MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvY1BNTTFLMmhQd0JOS1hBMThFeHFmeHlGSF84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXYMA0G
CSqGSIb3DQEBCwUAA4IBAQDKUQDKbGMkzgZhkVwitFa/unU+UIGr3p4tjtMro1l8
vsB+tjhoCPiT67BNfZ8CEMps+Lndg1aqI8t7PYARDJuj3r8yjJn/QVubiflU14ku
32VsD3GK8dkuhCbUpum7mzIL4GMOoUY0RzMpVhdRbZbfBVPZ8y7o+9EJ1G9GyYYp
kqgkRc8B3kojPueb+ni2K8vt9crPuRMVnLgMahrdy7B3yRrWxtTQSffY/kDTzXO5
EWrUUsaKkDqdxqMAGTRZV1DP4ISJkqM8jrf3VjNfMgQJyD3lQXLLhdu86G8O1ah8
PZ0HuC86UCJbvPn8I0cx+U+r0nkux1wRTnrrXN0H+ice
-----END CERTIFICATE-----