Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/zyUVruQXxAD7_mFlYZEvcdr00mU.roa
File:                     zyUVruQXxAD7_mFlYZEvcdr00mU.roa (raw, json)
Hash identifier:          dU0mqZqPQqyj4Bx04Ts8T1TOd99wL2FT6Eqrd1DIawc=
Subject key identifier:   CF:25:15:AE:E4:17:C4:00:FB:FE:61:65:61:91:2F:71:DA:F4:D2:65
Certificate issuer:       /CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
Certificate serial:       018CC9BBB8F22645C4A2B3ED103971C92F76
Authority key identifier: 21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/zyUVruQXxAD7_mFlYZEvcdr00mU.roa
Signing time:             Tue 02 Jan 2024 10:32:52 +0000
ROA not before:           Tue 02 Jan 2024 10:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210605
IP address blocks:        185.25.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b8:f2:26:45:c4:a2:b3:ed:10:39:71:c9:2f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
        Validity
            Not Before: Jan  2 10:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf2515aee417c400fbfe616561912f71daf4d265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:3d:18:70:a4:5a:69:a2:69:10:2f:de:34:
                    23:99:2a:70:41:ad:88:c1:b8:fd:f7:b1:c8:58:86:
                    17:ef:50:8b:d0:ca:a2:54:4d:67:83:81:79:8e:51:
                    ab:d0:9b:e1:c0:b6:5f:2d:4c:1e:b3:49:26:9f:28:
                    b1:dc:e8:c3:a8:f5:5b:42:46:59:56:8f:0b:82:9e:
                    9b:3e:80:e8:3f:72:72:9b:cf:d9:30:9b:e7:ec:68:
                    07:f2:91:65:99:c6:e3:a2:b2:10:4d:53:f6:21:4b:
                    3e:b2:1e:35:52:73:d9:66:f5:e2:0b:37:4f:32:37:
                    2e:32:61:8d:87:ff:5d:76:2d:49:ae:6a:82:b4:00:
                    de:b3:c7:8c:fe:32:ca:08:7f:76:0e:5a:47:43:de:
                    39:ff:35:b5:7f:3d:c4:4f:63:6a:76:f2:5e:ef:c7:
                    a9:90:8b:bd:b4:7b:4f:82:8a:66:d7:1f:c6:49:1b:
                    88:68:2e:7c:fe:38:37:19:11:5f:7b:65:3c:88:a9:
                    f5:89:13:55:ba:f9:10:aa:ce:a5:04:9d:bd:71:40:
                    71:5a:72:24:a2:15:c3:fa:34:8f:2e:bd:3d:3c:e1:
                    9e:33:53:0a:d2:3c:d1:82:fa:83:a8:1a:93:aa:63:
                    5f:8c:93:c3:4f:e7:28:5a:05:3d:62:32:ed:57:36:
                    37:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:25:15:AE:E4:17:C4:00:FB:FE:61:65:61:91:2F:71:DA:F4:D2:65
            X509v3 Authority Key Identifier:
                keyid:21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/zyUVruQXxAD7_mFlYZEvcdr00mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a9:81:d3:e1:89:1c:d4:3f:42:65:ce:c7:8f:ba:69:17:c5:
         17:98:7a:f4:d2:f8:fa:0a:dc:b7:eb:a2:2c:48:4b:7f:44:ae:
         58:0d:ed:05:f3:e4:76:04:ca:e0:34:12:3a:5e:b9:4c:90:69:
         93:d7:08:d1:a7:51:68:47:67:d3:49:d2:d6:f3:1d:cc:7b:37:
         8f:32:fe:5c:ae:f6:cc:4e:60:37:6d:b0:82:17:31:9f:7f:9f:
         80:4a:95:03:5f:48:db:48:31:6a:8b:98:33:21:53:f4:bd:6e:
         c1:32:57:db:1a:f0:ee:66:15:98:01:e1:b0:9a:7e:cf:3c:e7:
         1e:22:39:28:40:8c:6b:bd:53:56:e0:b0:a2:86:dd:69:1f:96:
         88:9b:3c:03:aa:6a:e3:99:71:1c:56:b9:63:e5:6e:f6:59:f7:
         fe:60:24:69:31:dd:b3:35:1e:66:3b:d5:d4:eb:27:57:87:a8:
         e7:fd:64:66:ca:d2:5d:de:74:0a:3d:f4:3d:24:66:2d:04:19:
         48:c1:e6:3e:aa:aa:07:59:13:db:0f:93:0d:5a:56:fe:bb:39:
         64:f5:f8:49:58:da:db:f4:66:25:3a:81:ed:b7:5b:87:e6:e9:
         9c:79:94:a4:2f:ca:64:79:a3:87:19:e3:ba:4f:de:1c:52:94:
         00:a8:02:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7jyJkXEorPtEDlxyS92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzE2NzJkYmJiZjcxNjVhNmE4M2IzMjI3YTcxMTlmMGQz
MWU4ZWUwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjI1MTVhZWU0MTdjNDAwZmJmZTYxNjU2MTkxMmY3MWRhZjRkMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYk9GHCkWmmiaRAv3jQjmSpwQa2I
wbj997HIWIYX71CL0MqiVE1ng4F5jlGr0JvhwLZfLUwes0kmnyix3OjDqPVbQkZZ
Vo8Lgp6bPoDoP3Jym8/ZMJvn7GgH8pFlmcbjorIQTVP2IUs+sh41UnPZZvXiCzdP
MjcuMmGNh/9ddi1JrmqCtADes8eM/jLKCH92DlpHQ945/zW1fz3ET2NqdvJe78ep
kIu9tHtPgopm1x/GSRuIaC58/jg3GRFfe2U8iKn1iRNVuvkQqs6lBJ29cUBxWnIk
ohXD+jSPLr09POGeM1MK0jzRgvqDqBqTqmNfjJPDT+coWgU9YjLtVzY3RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8lFa7kF8QA+/5hZWGRL3Ha9NJlMB8GA1UdIwQY
MBaAFCHBZy27v3Flpqg7MienEZ8NMejuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQt
MzQ3N2M3ZmNkNGQ5LzEvenlVVnJ1UVh4QUQ3X21GbFlaRXZjZHIwMG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQtMzQ3N2M3ZmNkNGQ5
LzEvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRlzMA0G
CSqGSIb3DQEBCwUAA4IBAQCFqYHT4Ykc1D9CZc7Hj7ppF8UXmHr00vj6Cty366Is
SEt/RK5YDe0F8+R2BMrgNBI6XrlMkGmT1wjRp1FoR2fTSdLW8x3MezePMv5crvbM
TmA3bbCCFzGff5+ASpUDX0jbSDFqi5gzIVP0vW7BMlfbGvDuZhWYAeGwmn7PPOce
IjkoQIxrvVNW4LCiht1pH5aImzwDqmrjmXEcVrlj5W72Wff+YCRpMd2zNR5mO9XU
6ydXh6jn/WRmytJd3nQKPfQ9JGYtBBlIweY+qqoHWRPbD5MNWlb+uzlk9fhJWNrb
9GYlOoHtt1uH5umceZSkL8pkeaOHGeO6T94cUpQAqAKa
-----END CERTIFICATE-----