Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/xvI7a1vx4hempyngLWjBPfmDsno.roa
File:                     xvI7a1vx4hempyngLWjBPfmDsno.roa (raw, json)
Hash identifier:          kcIjbZj497zqN/InCjCU9auWtegElY6wcnkRXru1Ny8=
Subject key identifier:   C6:F2:3B:6B:5B:F1:E2:17:A6:A7:29:E0:2D:68:C1:3D:F9:83:B2:7A
Certificate issuer:       /CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
Certificate serial:       018CCA2ABBDC3DC95FD238EBE1EE689C831C
Authority key identifier: 4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/xvI7a1vx4hempyngLWjBPfmDsno.roa
Signing time:             Tue 02 Jan 2024 12:34:07 +0000
ROA not before:           Tue 02 Jan 2024 12:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        185.142.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:bb:dc:3d:c9:5f:d2:38:eb:e1:ee:68:9c:83:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
        Validity
            Not Before: Jan  2 12:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6f23b6b5bf1e217a6a729e02d68c13df983b27a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ed:0b:bf:dc:55:40:44:4d:eb:b2:85:31:77:
                    93:8d:33:2d:35:40:ad:9f:c7:b4:01:aa:1f:b3:22:
                    30:a9:4b:df:3c:59:fc:37:dd:76:9c:19:b7:21:1d:
                    f4:f4:b1:2a:54:53:f0:53:2c:d4:85:11:1c:c2:a7:
                    c4:58:e1:15:97:87:46:68:95:57:ab:ca:37:0c:55:
                    05:d8:ad:1d:8c:89:29:b7:c8:52:4f:1a:3b:23:a8:
                    c7:3e:8a:31:c4:8e:10:74:4b:d4:a2:c7:b0:bf:75:
                    7d:d6:b5:96:71:bc:b1:62:93:fc:9b:14:f8:51:41:
                    b2:36:33:dc:4e:07:fe:72:35:9f:df:72:47:b9:a2:
                    4c:dd:57:e6:ed:75:ef:f6:35:c0:c8:3c:24:50:21:
                    0b:34:f2:8c:0f:6b:a0:dc:a1:a2:72:80:80:65:8b:
                    24:99:4e:3d:fd:c2:c8:b1:6e:98:27:9b:fb:04:4f:
                    c5:fa:44:1f:d4:d2:8e:2d:7d:32:87:c6:f0:e9:92:
                    6f:3e:8c:cb:df:b7:a9:d6:fa:70:af:cb:5d:01:f0:
                    59:fb:b8:21:1a:cc:ce:98:1e:90:51:73:22:c8:ce:
                    b9:68:ee:96:ed:cd:51:59:e5:43:1c:2b:2b:2b:77:
                    b6:c9:8e:13:67:c1:ae:e1:04:5c:ca:6d:92:71:92:
                    a8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F2:3B:6B:5B:F1:E2:17:A6:A7:29:E0:2D:68:C1:3D:F9:83:B2:7A
            X509v3 Authority Key Identifier:
                keyid:4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/xvI7a1vx4hempyngLWjBPfmDsno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:02:e2:c4:cd:4d:50:e5:d2:ea:eb:18:ae:71:51:ca:9e:db:
         a4:28:54:81:ca:25:a0:6d:2c:e4:ae:e6:18:99:39:91:39:26:
         d8:da:c7:43:b0:37:4d:a8:ce:71:61:69:c5:94:68:79:22:ed:
         a8:d1:a7:71:71:a9:97:d3:e3:39:82:54:9a:84:d8:65:ef:95:
         10:a0:29:57:30:7e:b2:c5:15:aa:28:40:af:f8:06:80:79:37:
         af:d7:04:67:57:2c:29:80:2e:1a:7b:bc:3a:d3:16:47:de:41:
         01:4b:14:b8:9b:d3:0e:73:3b:e6:b7:ca:78:a4:64:81:17:cf:
         19:6d:5e:ee:dc:1e:84:10:9b:ee:69:fc:d9:7f:2b:c7:5f:c2:
         72:96:a1:01:a7:68:bb:e2:e4:ef:d9:77:25:82:89:85:5e:9b:
         27:86:9e:e6:18:bb:50:46:b9:2c:13:8a:8a:1b:d5:60:d2:aa:
         ec:70:46:91:c9:4a:26:f3:b0:73:f6:c5:af:00:bd:c6:c3:70:
         ee:e8:57:4c:51:22:3a:35:ce:48:11:e3:af:16:a3:79:55:0a:
         1b:b9:2d:cb:53:d2:a6:d1:d1:c0:5a:62:56:68:e6:82:9d:9f:
         6f:cf:60:ad:27:fd:b7:a5:88:36:dc:04:f8:b6:15:32:5e:a5:
         cf:b9:e9:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKrvcPclf0jjr4e5onIMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWYzMWU3MzUyYTg3MDdiOThjNmQyNzM0OGU4YmM0OTNk
MWE5YWYwHhcNMjQwMTAyMTIzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmYyM2I2YjViZjFlMjE3YTZhNzI5ZTAyZDY4YzEzZGY5ODNiMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxe0Lv9xVQERN67KFMXeTjTMtNUCt
n8e0AaofsyIwqUvfPFn8N912nBm3IR309LEqVFPwUyzUhREcwqfEWOEVl4dGaJVX
q8o3DFUF2K0djIkpt8hSTxo7I6jHPooxxI4QdEvUosewv3V91rWWcbyxYpP8mxT4
UUGyNjPcTgf+cjWf33JHuaJM3Vfm7XXv9jXAyDwkUCELNPKMD2ug3KGicoCAZYsk
mU49/cLIsW6YJ5v7BE/F+kQf1NKOLX0yh8bw6ZJvPozL37ep1vpwr8tdAfBZ+7gh
GszOmB6QUXMiyM65aO6W7c1RWeVDHCsrK3e2yY4TZ8Gu4QRcym2ScZKoFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbyO2tb8eIXpqcp4C1owT35g7J6MB8GA1UdIwQY
MBaAFEufMec1KocHuYxtJzSOi8ST0amvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjct
MzY1MWU0MGYxNDM2LzEveHZJN2Exdng0aGVtcHluZ0xXakJQZm1Ec25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjctMzY1MWU0MGYxNDM2
LzEvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY5EMA0G
CSqGSIb3DQEBCwUAA4IBAQBqAuLEzU1Q5dLq6xiucVHKntukKFSByiWgbSzkruYY
mTmROSbY2sdDsDdNqM5xYWnFlGh5Iu2o0adxcamX0+M5glSahNhl75UQoClXMH6y
xRWqKECv+AaAeTev1wRnVywpgC4ae7w60xZH3kEBSxS4m9MOczvmt8p4pGSBF88Z
bV7u3B6EEJvuafzZfyvHX8JylqEBp2i74uTv2XclgomFXpsnhp7mGLtQRrksE4qK
G9Vg0qrscEaRyUom87Bz9sWvAL3Gw3Du6FdMUSI6Nc5IEeOvFqN5VQobuS3LU9Km
0dHAWmJWaOaCnZ9vz2CtJ/23pYg23AT4thUyXqXPuenx
-----END CERTIFICATE-----