Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/CPFJNcKISjYLdoFEcyE7IBzMhGY.roa
File:                     CPFJNcKISjYLdoFEcyE7IBzMhGY.roa (raw, json)
Hash identifier:          dzt/Ke4jAXQI6BD2xtIl79xhRMbZ7196G3jBpbP82/w=
Subject key identifier:   08:F1:49:35:C2:88:4A:36:0B:76:81:44:73:21:3B:20:1C:CC:84:66
Certificate issuer:       /CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
Certificate serial:       018CC9BC06FB343609EC66DF0015E9BC7CB3
Authority key identifier: CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/CPFJNcKISjYLdoFEcyE7IBzMhGY.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7117502
IP address blocks:        185.210.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:06:fb:34:36:09:ec:66:df:00:15:e9:bc:7c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08f14935c2884a360b76814473213b201ccc8466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:70:25:59:d2:3d:03:d9:4c:1c:06:37:8b:
                    6e:6f:e8:cf:ec:cc:26:4d:79:76:c2:15:4b:01:a1:
                    50:de:b2:d0:77:31:52:dc:20:9a:f2:15:21:84:94:
                    25:cd:69:35:4e:26:d7:07:36:19:89:69:1c:a4:93:
                    e5:0b:59:19:11:0c:11:c6:ab:f0:57:38:27:11:cf:
                    3e:9d:e2:91:37:20:ae:7b:0d:8f:53:8b:3c:77:06:
                    1b:a2:48:b1:6e:c6:a4:f1:ee:6b:40:e3:86:64:82:
                    f8:6d:62:31:59:de:32:2c:5c:69:21:8b:b0:1f:cd:
                    cc:ce:59:e6:3b:79:f2:4a:d3:14:f5:63:93:27:36:
                    ed:0f:cd:33:77:40:af:92:f7:c2:bb:b8:19:e2:ea:
                    20:54:dd:23:0b:f8:9b:6a:dd:f3:fc:d5:97:50:7a:
                    34:b4:98:7d:f6:95:49:e6:95:4e:dd:df:2f:45:4b:
                    83:30:f9:c4:a4:bd:42:9d:b9:87:81:a4:b5:f2:76:
                    a5:05:2d:03:72:08:d6:af:5b:5d:d0:32:05:3d:a6:
                    89:c9:93:60:4e:10:90:7f:d5:fc:52:6b:7c:dd:17:
                    d2:fc:de:01:49:4a:c0:b2:e2:86:a1:eb:4e:6d:4c:
                    55:32:c6:49:5e:6d:5b:a4:34:8f:b3:8e:d4:53:49:
                    a8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F1:49:35:C2:88:4A:36:0B:76:81:44:73:21:3B:20:1C:CC:84:66
            X509v3 Authority Key Identifier:
                keyid:CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/CPFJNcKISjYLdoFEcyE7IBzMhGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:fa:27:cb:67:33:1a:92:82:ec:ba:39:02:6d:09:d7:45:e7:
         47:ba:e3:78:de:0d:d8:e7:cd:1a:7f:f7:21:2a:73:13:8c:f0:
         1d:e1:83:96:9d:7f:1e:e9:fd:c1:d2:84:0f:7f:5e:0f:45:1d:
         2d:7b:94:c9:89:93:b2:b8:24:c5:a8:e4:aa:1d:32:47:e0:b1:
         0a:06:2e:44:b3:c2:8c:f3:39:32:5d:ea:15:9b:7d:ed:e6:40:
         a9:8f:ab:f3:20:3d:60:c4:a7:06:d2:30:5e:4a:f4:b6:f8:9b:
         0f:1f:2e:4d:46:45:0c:f8:40:d8:03:40:3f:00:32:0d:86:21:
         48:a3:e2:1d:20:09:be:6f:47:ab:06:04:1c:0c:d6:54:20:2d:
         2d:81:0e:2e:09:af:3f:14:e8:05:8e:b1:33:fd:d9:7a:88:ca:
         85:0f:f4:92:a9:e3:cc:a8:dd:1b:1b:cb:16:bd:4e:30:27:95:
         9a:a7:d1:d7:4c:cf:db:b4:cb:3a:36:09:aa:a1:dc:48:39:9f:
         b7:f4:7b:36:1d:be:e5:dc:32:01:a5:5f:73:3f:f7:d7:2b:51:
         70:00:51:12:a9:93:b6:92:78:1d:e0:b5:22:a7:bb:69:66:96:
         85:28:ef:ed:79:4a:02:7a:f5:3d:d4:f8:fd:2b:fc:23:22:4d:
         51:99:1d:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAb7NDYJ7GbfABXpvHyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjQ1YmMwZmRiODYyNmJjZTJjMDQyNWM0MDg3YjU0ZTE1
MGQzODYwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYxNDkzNWMyODg0YTM2MGI3NjgxNDQ3MzIxM2IyMDFjY2M4NDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwtwJVnSPQPZTBwGN4tub+jP7Mwm
TXl2whVLAaFQ3rLQdzFS3CCa8hUhhJQlzWk1TibXBzYZiWkcpJPlC1kZEQwRxqvw
VzgnEc8+neKRNyCuew2PU4s8dwYbokixbsak8e5rQOOGZIL4bWIxWd4yLFxpIYuw
H83MzlnmO3nyStMU9WOTJzbtD80zd0CvkvfCu7gZ4uogVN0jC/ibat3z/NWXUHo0
tJh99pVJ5pVO3d8vRUuDMPnEpL1CnbmHgaS18nalBS0DcgjWr1td0DIFPaaJyZNg
ThCQf9X8Umt83RfS/N4BSUrAsuKGoetObUxVMsZJXm1bpDSPs47UU0moawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjxSTXCiEo2C3aBRHMhOyAczIRmMB8GA1UdIwQY
MBaAFMtkW8D9uGJrziwEJcQIe1ThUNOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmIt
ZTg3NTRkMDA1ZWJlLzEvQ1BGSk5jS0lTallMZG9GRWN5RTdJQnpNaEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmItZTg3NTRkMDA1ZWJl
LzEveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKdMA0G
CSqGSIb3DQEBCwUAA4IBAQBh+ifLZzMakoLsujkCbQnXRedHuuN43g3Y580af/ch
KnMTjPAd4YOWnX8e6f3B0oQPf14PRR0te5TJiZOyuCTFqOSqHTJH4LEKBi5Es8KM
8zkyXeoVm33t5kCpj6vzID1gxKcG0jBeSvS2+JsPHy5NRkUM+EDYA0A/ADINhiFI
o+IdIAm+b0erBgQcDNZUIC0tgQ4uCa8/FOgFjrEz/dl6iMqFD/SSqePMqN0bG8sW
vU4wJ5Wap9HXTM/btMs6NgmqodxIOZ+39Hs2Hb7l3DIBpV9zP/fXK1FwAFESqZO2
kngd4LUip7tpZpaFKO/teUoCevU91Pj9K/wjIk1RmR1w
-----END CERTIFICATE-----