Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/01Cpe8f1k-J8tnJMouP_qKlCny8.roa
File:                     01Cpe8f1k-J8tnJMouP_qKlCny8.roa (raw, json)
Hash identifier:          CA/qTBZRthAKuKQcZd8SrR4W6ZYOJaMbfrIvq//whBE=
Subject key identifier:   D3:50:A9:7B:C7:F5:93:E2:7C:B6:72:4C:A2:E3:FF:A8:A9:42:9F:2F
Certificate issuer:       /CN=6b5d1c7f2bff274848875fb7a9e31f0382bb76a1
Certificate serial:       018CC4247556281B0202A44A4FDA3C2B6E30
Authority key identifier: 6B:5D:1C:7F:2B:FF:27:48:48:87:5F:B7:A9:E3:1F:03:82:BB:76:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a10cfyv_J0hIh1-3qeMfA4K7dqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/01Cpe8f1k-J8tnJMouP_qKlCny8.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.109.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/a10cfyv_J0hIh1-3qeMfA4K7dqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/a10cfyv_J0hIh1-3qeMfA4K7dqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a10cfyv_J0hIh1-3qeMfA4K7dqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:75:56:28:1b:02:02:a4:4a:4f:da:3c:2b:6e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5d1c7f2bff274848875fb7a9e31f0382bb76a1
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d350a97bc7f593e27cb6724ca2e3ffa8a9429f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:90:f2:18:ad:f5:65:05:f4:e0:03:32:38:b6:
                    ec:f4:a6:39:3f:4e:e2:55:56:d7:3d:c2:49:ee:8b:
                    8a:ca:01:6c:1b:de:1b:79:fa:1b:ef:a7:ba:94:b6:
                    da:6c:26:f8:aa:92:85:42:0f:5b:46:04:67:c7:dd:
                    aa:53:51:67:e5:c2:58:75:c8:24:0c:52:a7:fc:c7:
                    67:83:9a:c4:84:34:83:52:99:f5:f9:11:fe:0d:56:
                    8b:5c:c2:8b:dd:e0:42:58:1d:d2:8c:93:d6:56:bf:
                    23:b4:79:89:ed:65:1a:f3:f2:28:02:08:61:78:eb:
                    22:6c:92:a4:7c:6f:ca:c4:c7:f2:12:cf:18:bf:28:
                    51:44:f6:2c:1c:28:ba:a8:97:5c:3e:b4:17:f2:7c:
                    d7:48:6b:c1:91:f9:8f:a8:70:74:e3:e7:06:22:0c:
                    8f:58:01:21:97:53:ec:66:8b:58:51:65:26:aa:54:
                    bb:07:c3:77:a4:ac:a6:69:18:31:ef:6a:49:d8:a1:
                    39:7b:6d:14:e2:30:78:45:f2:dd:9e:07:27:fb:f4:
                    53:d5:44:03:f9:f6:21:25:55:cd:b8:84:7f:e4:83:
                    3c:80:60:c6:9f:01:98:4d:cb:cd:ad:bd:7b:33:4b:
                    a3:05:be:92:10:07:b6:ef:5a:8d:55:79:10:78:c4:
                    99:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:50:A9:7B:C7:F5:93:E2:7C:B6:72:4C:A2:E3:FF:A8:A9:42:9F:2F
            X509v3 Authority Key Identifier:
                keyid:6B:5D:1C:7F:2B:FF:27:48:48:87:5F:B7:A9:E3:1F:03:82:BB:76:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a10cfyv_J0hIh1-3qeMfA4K7dqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/01Cpe8f1k-J8tnJMouP_qKlCny8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/8b28ab-39f4-455e-8e2f-3ff10d603eca/1/a10cfyv_J0hIh1-3qeMfA4K7dqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:1c:97:cb:a2:b6:93:ca:07:c3:34:75:1e:67:1b:e5:67:9d:
         a1:11:fd:28:50:c9:df:53:a7:61:d5:84:0a:30:b1:e3:a5:3f:
         bf:7e:28:14:49:11:e4:dd:3b:ba:1e:a9:e9:c1:42:f9:7c:69:
         63:50:10:8f:ef:0c:15:02:14:e2:38:9e:2f:20:43:b9:dc:37:
         9c:b3:d3:31:7a:bd:93:d7:0e:70:36:d3:7e:cc:c2:e2:71:04:
         55:a9:14:e7:e3:72:84:de:55:5e:4c:6f:82:28:5b:c3:50:f7:
         3a:16:00:f7:8c:d2:b5:27:d7:a8:06:78:74:1f:7a:ac:3c:2e:
         9f:8b:9c:1a:f6:68:a6:f4:bb:82:fa:df:52:3d:1b:7b:eb:cc:
         9f:01:d2:85:2f:48:bc:46:1c:07:00:84:6a:28:88:0d:b1:61:
         f1:74:42:f6:eb:f6:c7:d8:ff:82:8c:b6:0e:03:78:4c:05:ca:
         69:b7:4e:d7:f8:ae:c7:2c:ac:25:f0:e9:ff:e3:63:d4:28:6b:
         ba:f2:0c:21:13:c8:e2:72:ee:de:e1:1b:a9:f6:a9:5b:3a:64:
         43:c5:42:8f:81:06:9c:c4:c7:1f:f4:bc:8a:5c:a6:3e:26:36:
         94:e5:a4:a1:72:16:5f:0e:c7:2a:6c:34:bc:d2:cd:6e:f3:84:
         ca:05:bd:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHVWKBsCAqRKT9o8K24wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWQxYzdmMmJmZjI3NDg0ODg3NWZiN2E5ZTMxZjAzODJi
Yjc2YTEwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUwYTk3YmM3ZjU5M2UyN2NiNjcyNGNhMmUzZmZhOGE5NDI5ZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JDyGK31ZQX04AMyOLbs9KY5P07i
VVbXPcJJ7ouKygFsG94befob76e6lLbabCb4qpKFQg9bRgRnx92qU1Fn5cJYdcgk
DFKn/Mdng5rEhDSDUpn1+RH+DVaLXMKL3eBCWB3SjJPWVr8jtHmJ7WUa8/IoAghh
eOsibJKkfG/KxMfyEs8YvyhRRPYsHCi6qJdcPrQX8nzXSGvBkfmPqHB04+cGIgyP
WAEhl1PsZotYUWUmqlS7B8N3pKymaRgx72pJ2KE5e20U4jB4RfLdngcn+/RT1UQD
+fYhJVXNuIR/5IM8gGDGnwGYTcvNrb17M0ujBb6SEAe271qNVXkQeMSZnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNQqXvH9ZPifLZyTKLj/6ipQp8vMB8GA1UdIwQY
MBaAFGtdHH8r/ydISIdft6njHwOCu3ahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTEwY2Z5dl9KMGhJaDEtM3FlTWZBNEs3ZHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84YjI4YWItMzlmNC00NTVlLThlMmYt
M2ZmMTBkNjAzZWNhLzEvMDFDcGU4ZjFrLUo4dG5KTW91UF9xS2xDbnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84YjI4YWItMzlmNC00NTVlLThlMmYtM2ZmMTBkNjAzZWNh
LzEvYTEwY2Z5dl9KMGhJaDEtM3FlTWZBNEs3ZHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW3uMA0G
CSqGSIb3DQEBCwUAA4IBAQAoHJfLoraTygfDNHUeZxvlZ52hEf0oUMnfU6dh1YQK
MLHjpT+/figUSRHk3Tu6HqnpwUL5fGljUBCP7wwVAhTiOJ4vIEO53Decs9Mxer2T
1w5wNtN+zMLicQRVqRTn43KE3lVeTG+CKFvDUPc6FgD3jNK1J9eoBnh0H3qsPC6f
i5wa9mim9LuC+t9SPRt768yfAdKFL0i8RhwHAIRqKIgNsWHxdEL26/bH2P+CjLYO
A3hMBcppt07X+K7HLKwl8On/42PUKGu68gwhE8jicu7e4Rup9qlbOmRDxUKPgQac
xMcf9LyKXKY+JjaU5aShchZfDscqbDS80s1u84TKBb2p
-----END CERTIFICATE-----