Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/1-DjR6uHroKUjdKjtQ4TurZZRNJw.roa
File:                     1-DjR6uHroKUjdKjtQ4TurZZRNJw.roa (raw, json)
Hash identifier:          QQfKHQLKnUgeRhE462efgzBisElj/Hz/hUyK1peTFEQ=
Subject key identifier:   F8:38:D1:EA:E1:EB:A0:A5:23:74:A8:ED:43:84:EE:AD:96:51:34:9C
Certificate issuer:       /CN=585e4f4b4a9ef5531dfe50f41541c912a335fbf1
Certificate serial:       018CCA2A6836D2FAC4ED2A4145D39C410BBB
Authority key identifier: 58:5E:4F:4B:4A:9E:F5:53:1D:FE:50:F4:15:41:C9:12:A3:35:FB:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WF5PS0qe9VMd_lD0FUHJEqM1-_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/1-DjR6uHroKUjdKjtQ4TurZZRNJw.roa
Signing time:             Tue 02 Jan 2024 12:33:45 +0000
ROA not before:           Tue 02 Jan 2024 12:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        195.246.97.0/24 maxlen: 24
                          195.246.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/WF5PS0qe9VMd_lD0FUHJEqM1-_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/WF5PS0qe9VMd_lD0FUHJEqM1-_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WF5PS0qe9VMd_lD0FUHJEqM1-_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:68:36:d2:fa:c4:ed:2a:41:45:d3:9c:41:0b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=585e4f4b4a9ef5531dfe50f41541c912a335fbf1
        Validity
            Not Before: Jan  2 12:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f838d1eae1eba0a52374a8ed4384eead9651349c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:59:bc:e5:ed:ac:39:86:69:68:8a:40:99:2f:
                    ff:f3:ad:11:36:b5:42:fe:22:f4:e3:23:25:e4:2f:
                    7c:d0:07:37:34:d1:a7:ce:36:ec:06:ed:58:34:81:
                    29:89:91:69:e2:1a:10:9f:21:3f:4d:5f:48:c7:db:
                    90:b9:e4:1b:17:cd:01:af:dd:e0:6c:08:07:be:5c:
                    de:91:34:e4:b8:93:4e:1d:7d:c5:cf:35:fe:dc:9c:
                    cb:e4:d1:91:76:05:14:1e:ba:3f:93:e9:69:20:5d:
                    0f:4b:1b:51:7f:a3:bd:b7:cc:ef:b8:e9:b9:11:b6:
                    ba:da:fe:ac:43:ff:b4:f3:72:61:d1:20:78:75:78:
                    81:80:0e:ae:b6:5b:a9:9e:92:f5:dc:eb:2a:3a:e8:
                    42:bb:b7:d6:6f:df:db:90:c0:9f:f0:ca:4c:0b:81:
                    9d:9b:52:a9:db:49:e3:00:5a:71:74:61:b0:f3:0b:
                    b5:62:d1:40:2e:89:0e:60:9e:4b:4e:c4:01:13:76:
                    60:3e:0c:0f:30:01:86:93:33:4d:86:5d:f8:11:ec:
                    74:e3:2a:a5:94:92:bc:c6:6f:75:eb:c3:53:64:6e:
                    b0:3f:d2:7f:12:97:09:4a:a7:12:7a:7a:f6:10:c6:
                    69:2a:10:cd:1c:37:5d:9b:19:6f:5d:28:ca:10:17:
                    29:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:38:D1:EA:E1:EB:A0:A5:23:74:A8:ED:43:84:EE:AD:96:51:34:9C
            X509v3 Authority Key Identifier:
                keyid:58:5E:4F:4B:4A:9E:F5:53:1D:FE:50:F4:15:41:C9:12:A3:35:FB:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WF5PS0qe9VMd_lD0FUHJEqM1-_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/1-DjR6uHroKUjdKjtQ4TurZZRNJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/cfc4af-17e6-43de-921f-6baf3007905c/1/WF5PS0qe9VMd_lD0FUHJEqM1-_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:a9:83:96:a1:92:5a:26:3a:38:47:ee:a4:24:f7:09:90:e9:
         ab:a5:7b:2c:77:81:f0:16:77:8c:fd:a3:c5:1d:ec:64:92:64:
         51:ac:6a:25:c0:23:2a:06:91:59:95:8c:87:63:bd:39:9f:15:
         cf:03:b2:32:b1:3e:07:c2:91:0d:88:82:e6:9b:82:a3:ce:62:
         58:f3:9b:50:61:1e:5a:64:cb:42:89:fd:1b:31:0a:53:b2:a8:
         b6:a2:2b:62:32:fb:27:c5:a3:7a:34:0a:9b:7b:c7:c7:77:4d:
         f3:80:08:7c:d7:a3:40:01:d7:2d:8a:4c:5a:0b:e0:7d:2f:5c:
         ce:5c:ce:4c:22:77:54:a0:6d:8e:9c:9d:cb:33:2f:c7:9d:5d:
         7a:af:15:18:23:76:4d:e5:0d:9f:03:77:f1:90:4b:e9:80:71:
         3d:69:8b:6b:62:f0:8c:3a:8c:96:9e:9b:8a:05:66:fe:f6:52:
         8d:6c:89:91:e7:db:d4:0a:c9:82:f0:22:fe:1e:f9:86:12:9a:
         e2:bb:bf:82:38:b9:4b:de:71:3c:21:c9:ed:b7:80:9f:d7:19:
         91:53:e0:a0:e6:2e:49:e1:d8:de:ef:b3:c4:cd:6c:b7:80:a0:
         a6:32:ea:46:ae:7a:22:43:64:21:f4:45:ac:12:02:f6:38:15:
         fc:80:3c:75
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKmg20vrE7SpBRdOcQQu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NWU0ZjRiNGE5ZWY1NTMxZGZlNTBmNDE1NDFjOTEyYTMz
NWZiZjEwHhcNMjQwMTAyMTIzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM4ZDFlYWUxZWJhMGE1MjM3NGE4ZWQ0Mzg0ZWVhZDk2NTEzNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVm85e2sOYZpaIpAmS//860RNrVC
/iL04yMl5C980Ac3NNGnzjbsBu1YNIEpiZFp4hoQnyE/TV9Ix9uQueQbF80Br93g
bAgHvlzekTTkuJNOHX3FzzX+3JzL5NGRdgUUHro/k+lpIF0PSxtRf6O9t8zvuOm5
Eba62v6sQ/+083Jh0SB4dXiBgA6utlupnpL13OsqOuhCu7fWb9/bkMCf8MpMC4Gd
m1Kp20njAFpxdGGw8wu1YtFALokOYJ5LTsQBE3ZgPgwPMAGGkzNNhl34Eex04yql
lJK8xm9168NTZG6wP9J/EpcJSqcSenr2EMZpKhDNHDddmxlvXSjKEBcp9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg40erh66ClI3So7UOE7q2WUTScMB8GA1UdIwQY
MBaAFFheT0tKnvVTHf5Q9BVByRKjNfvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0Y1UFMwcWU5Vk1kX2xEMEZVSEpFcU0xLV9FLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9jZmM0YWYtMTdlNi00M2RlLTkyMWYt
NmJhZjMwMDc5MDVjLzEvMS1EalI2dUhyb0tVamRLanRRNFR1clpaUk5Kdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjcvY2ZjNGFmLTE3ZTYtNDNkZS05MjFmLTZiYWYzMDA3OTA1
Yy8xL1dGNVBTMHFlOVZNZF9sRDBGVUhKRXFNMS1fRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcP2YDAN
BgkqhkiG9w0BAQsFAAOCAQEAhamDlqGSWiY6OEfupCT3CZDpq6V7LHeB8BZ3jP2j
xR3sZJJkUaxqJcAjKgaRWZWMh2O9OZ8VzwOyMrE+B8KRDYiC5puCo85iWPObUGEe
WmTLQon9GzEKU7KotqIrYjL7J8WjejQKm3vHx3dN84AIfNejQAHXLYpMWgvgfS9c
zlzOTCJ3VKBtjpydyzMvx51deq8VGCN2TeUNnwN38ZBL6YBxPWmLa2LwjDqMlp6b
igVm/vZSjWyJkefb1ArJgvAi/h75hhKa4ru/gji5S95xPCHJ7beAn9cZkVPgoOYu
SeHY3u+zxM1st4CgpjLqRq56IkNkIfRFrBIC9jgV/IA8dQ==
-----END CERTIFICATE-----