Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/8yxmrUo_o4nnZRCKsGKQ7c8y9Ds.roa
File:                     8yxmrUo_o4nnZRCKsGKQ7c8y9Ds.roa (raw, json)
Hash identifier:          9yRTd/s1RajCWbe0GVCF+PaCl4WRbKP9vu4WoE5cnhU=
Subject key identifier:   F3:2C:66:AD:4A:3F:A3:89:E7:65:10:8A:B0:62:90:ED:CF:32:F4:3B
Certificate issuer:       /CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
Certificate serial:       01932A69B31DD0CB3676E740116B2690C1FA
Authority key identifier: A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/8yxmrUo_o4nnZRCKsGKQ7c8y9Ds.roa
Signing time:             Thu 14 Nov 2024 11:23:09 +0000
ROA not before:           Thu 14 Nov 2024 11:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215322
IP address blocks:        185.99.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:69:b3:1d:d0:cb:36:76:e7:40:11:6b:26:90:c1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
        Validity
            Not Before: Nov 14 11:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f32c66ad4a3fa389e765108ab06290edcf32f43b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0c:6e:b4:2a:36:7a:4c:98:8f:c3:87:db:99:
                    90:6a:c5:fb:92:04:a4:00:32:4a:5f:9e:ed:49:a9:
                    fe:46:42:d9:40:47:ee:c1:68:63:69:98:ef:75:23:
                    3b:02:9c:2d:f0:54:66:48:30:5a:9f:21:f1:00:b8:
                    28:af:91:2b:3b:fc:bc:75:2d:21:3d:b1:3c:20:12:
                    5e:08:1f:ef:b2:0f:d1:2d:d8:1a:60:5b:9f:15:45:
                    d3:f4:9f:de:f8:00:07:9a:a8:ca:13:65:7b:32:53:
                    e3:2e:49:d8:85:92:c4:10:00:20:d1:7b:dc:8a:8f:
                    84:b4:99:06:2f:e1:de:92:dd:43:19:14:29:fb:e6:
                    52:ae:a4:da:c9:82:7e:a0:31:17:b8:52:d5:ab:08:
                    ec:99:af:b7:5b:ba:6b:66:f3:3e:08:05:8d:c5:16:
                    cf:33:ee:b2:d8:72:8e:eb:2f:d9:52:f6:7e:ca:1a:
                    ae:d2:9f:c1:c0:5c:92:c6:f0:e5:64:57:dc:d4:0c:
                    9d:1e:63:aa:64:7f:8a:6e:4c:62:9a:d1:e6:94:5e:
                    5f:4d:04:e9:74:d9:9e:11:d2:04:58:59:c7:39:be:
                    0d:c1:37:14:65:38:0e:96:37:01:3a:6f:0a:69:52:
                    ad:50:da:79:45:22:20:bc:15:49:ad:dd:55:21:f0:
                    34:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2C:66:AD:4A:3F:A3:89:E7:65:10:8A:B0:62:90:ED:CF:32:F4:3B
            X509v3 Authority Key Identifier:
                keyid:A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/8yxmrUo_o4nnZRCKsGKQ7c8y9Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:78:46:12:2a:04:c5:19:3d:2c:de:40:da:8a:05:6c:6c:c6:
         77:3b:2e:d0:69:0a:1e:35:ee:b7:8a:d1:cc:bc:05:2b:0b:20:
         d5:09:62:02:ff:7b:ae:b5:79:a9:d7:95:83:ba:a5:ae:12:9c:
         8a:8c:a7:b4:c7:81:63:20:90:a6:03:17:ce:83:6b:fb:01:c9:
         e3:84:7b:3e:6d:cf:05:08:37:02:2a:5e:1f:a1:82:5a:6e:96:
         2f:a9:d7:4b:40:06:57:b3:27:3e:50:9f:68:5d:d2:10:54:2b:
         9f:5a:04:6f:6b:33:e0:56:cb:9b:0c:cf:a4:3e:60:46:30:81:
         2a:6e:3c:83:1d:5d:51:df:29:41:a0:36:00:85:ca:3a:b7:f8:
         9c:55:56:70:ab:2e:4f:f6:9a:a0:5d:cc:d3:20:c1:83:47:cd:
         48:2f:f5:56:01:68:38:c6:ee:e5:0f:e7:82:02:7b:d5:09:39:
         62:9b:34:71:de:fa:80:38:9c:c7:a9:f8:50:9c:7d:28:f1:12:
         58:5a:c6:5a:2f:43:e1:bb:2d:79:c1:71:48:2d:0a:cb:5b:2f:
         c7:bc:6d:23:42:4e:88:7c:7f:eb:e5:0a:4e:72:cb:bb:35:8a:
         bf:e1:62:ae:fc:63:5b:a9:19:7a:f2:89:44:95:62:4e:0d:90:
         81:0a:fe:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMqabMd0Ms2dudAEWsmkMH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Zjg3Y2Y0YTE1YjllNzgyMjQ1NWIzYWE4YWYwYjVlZDNh
Mjk5ZjcwHhcNMjQxMTE0MTEyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJjNjZhZDRhM2ZhMzg5ZTc2NTEwOGFiMDYyOTBlZGNmMzJmNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwxutCo2ekyYj8OH25mQasX7kgSk
ADJKX57tSan+RkLZQEfuwWhjaZjvdSM7Apwt8FRmSDBanyHxALgor5ErO/y8dS0h
PbE8IBJeCB/vsg/RLdgaYFufFUXT9J/e+AAHmqjKE2V7MlPjLknYhZLEEAAg0Xvc
io+EtJkGL+Hekt1DGRQp++ZSrqTayYJ+oDEXuFLVqwjsma+3W7prZvM+CAWNxRbP
M+6y2HKO6y/ZUvZ+yhqu0p/BwFySxvDlZFfc1AydHmOqZH+KbkximtHmlF5fTQTp
dNmeEdIEWFnHOb4NwTcUZTgOljcBOm8KaVKtUNp5RSIgvBVJrd1VIfA0HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMsZq1KP6OJ52UQirBikO3PMvQ7MB8GA1UdIwQY
MBaAFKb4fPShW554IkVbOqivC17Topn3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQt
N2Q0MDI4YTFiZjU5LzEvOHl4bXJVb19vNG5uWlJDS3NHS1E3Yzh5OURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQtN2Q0MDI4YTFiZjU5
LzEvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWP/MA0G
CSqGSIb3DQEBCwUAA4IBAQB7eEYSKgTFGT0s3kDaigVsbMZ3Oy7QaQoeNe63itHM
vAUrCyDVCWIC/3uutXmp15WDuqWuEpyKjKe0x4FjIJCmAxfOg2v7AcnjhHs+bc8F
CDcCKl4foYJabpYvqddLQAZXsyc+UJ9oXdIQVCufWgRvazPgVsubDM+kPmBGMIEq
bjyDHV1R3ylBoDYAhco6t/icVVZwqy5P9pqgXczTIMGDR81IL/VWAWg4xu7lD+eC
AnvVCTlimzRx3vqAOJzHqfhQnH0o8RJYWsZaL0Phuy15wXFILQrLWy/HvG0jQk6I
fH/r5QpOcsu7NYq/4WKu/GNbqRl68olElWJODZCBCv6H
-----END CERTIFICATE-----