Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/v1BDoTKRy-b_c3f2770SVEhd308.roa
File:                     v1BDoTKRy-b_c3f2770SVEhd308.roa (raw, json)
Hash identifier:          JREZ4gtIFCR80Wr9zbZ4jfV39j0bdBr8DmsvKT2KFyU=
Subject key identifier:   BF:50:43:A1:32:91:CB:E6:FF:73:77:F6:EF:BD:12:54:48:5D:DF:4F
Certificate issuer:       /CN=d42ab78eda7bf01d95b59774ed346bcbf96a2684
Certificate serial:       018CC56EB79848A08F8396932C1CD80965A2
Authority key identifier: D4:2A:B7:8E:DA:7B:F0:1D:95:B5:97:74:ED:34:6B:CB:F9:6A:26:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Cq3jtp78B2VtZd07TRry_lqJoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/v1BDoTKRy-b_c3f2770SVEhd308.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29684
IP address blocks:        185.112.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/1Cq3jtp78B2VtZd07TRry_lqJoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/1Cq3jtp78B2VtZd07TRry_lqJoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Cq3jtp78B2VtZd07TRry_lqJoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b7:98:48:a0:8f:83:96:93:2c:1c:d8:09:65:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d42ab78eda7bf01d95b59774ed346bcbf96a2684
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf5043a13291cbe6ff7377f6efbd1254485ddf4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b6:8e:1b:bc:33:ea:e8:44:67:87:00:97:f7:
                    83:ee:1d:c4:7b:bf:34:27:1b:12:b4:34:21:9f:45:
                    09:80:47:31:fe:f4:e6:1d:3c:7b:29:68:d7:9b:3d:
                    c7:ba:ab:e0:3a:f9:89:58:56:42:c2:9d:57:1d:c1:
                    bd:d8:98:a5:4c:4b:89:32:7c:11:9e:49:a6:aa:51:
                    ac:55:8e:1e:81:b7:fc:96:5d:95:b3:43:56:0e:a7:
                    88:c5:e5:04:29:38:d3:a2:2a:2f:34:5a:61:02:b8:
                    46:e7:af:07:a2:97:10:0a:62:fe:cc:fd:11:f2:1e:
                    67:61:c8:4d:0c:1a:b4:6b:aa:44:a8:90:53:16:4c:
                    8c:52:e2:60:70:ef:c4:e6:44:ff:d2:e7:a2:7c:04:
                    e7:66:3a:d2:95:96:0e:f8:3a:fa:0f:a8:5b:d3:3a:
                    5a:6d:e2:58:2e:5b:91:46:72:16:17:40:1d:95:cd:
                    eb:bf:29:8f:d1:d2:52:17:ba:46:11:87:3f:7e:cc:
                    96:9c:d1:ad:4d:ad:68:5c:dd:8d:4e:23:79:5b:92:
                    70:31:32:19:e8:8c:e8:39:5d:60:f9:f2:2d:66:f1:
                    c1:cc:24:a4:fe:8d:ee:ea:f9:d3:65:ab:aa:4c:c1:
                    34:c0:bd:53:73:a2:fa:c2:17:d3:69:d9:42:2a:5d:
                    46:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:50:43:A1:32:91:CB:E6:FF:73:77:F6:EF:BD:12:54:48:5D:DF:4F
            X509v3 Authority Key Identifier:
                keyid:D4:2A:B7:8E:DA:7B:F0:1D:95:B5:97:74:ED:34:6B:CB:F9:6A:26:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Cq3jtp78B2VtZd07TRry_lqJoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/v1BDoTKRy-b_c3f2770SVEhd308.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/644a00-2d8b-4725-b5ca-9012beae2852/1/1Cq3jtp78B2VtZd07TRry_lqJoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:30:7b:6a:ad:b7:5f:28:9b:59:f4:ae:99:d1:65:c1:79:45:
         88:96:8c:ce:44:c9:c6:da:fd:94:4d:d8:98:83:3a:60:d2:4e:
         17:17:53:71:4f:75:2f:12:60:bd:41:db:f3:b7:2f:7a:59:3f:
         b5:30:3a:8e:f6:eb:78:89:5b:c2:00:ee:dd:3a:49:61:7c:7b:
         6c:cc:85:0a:f1:d6:b9:55:07:64:e2:6d:c2:10:2d:6e:b1:1f:
         c2:61:ba:fc:29:0d:dd:b8:a2:70:f8:b1:db:2b:d6:e8:0a:08:
         5f:c4:47:1b:57:be:e4:b9:e8:d5:7a:4e:d8:ab:8e:2e:44:0b:
         a5:4d:c0:de:43:b3:a4:ba:57:45:9d:34:3e:c4:85:88:97:4d:
         53:16:7c:40:7d:c2:ca:d2:79:bc:af:a5:f0:ca:a1:8c:5e:e9:
         e4:a9:f2:28:cc:f9:39:87:bb:19:e0:6e:55:34:87:97:dd:65:
         99:e9:0d:4b:e1:ef:e8:28:8e:a0:e3:9e:dc:b1:53:6d:20:00:
         b7:65:41:ac:44:21:d8:62:f9:24:91:5d:aa:23:65:25:d6:cc:
         fd:bf:bd:51:dc:ee:d7:f5:f8:f5:e6:b3:48:ee:02:bb:d4:34:
         39:87:b2:ef:5c:71:78:d2:2d:ab:cf:74:10:62:74:e8:a3:23:
         0a:73:08:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbreYSKCPg5aTLBzYCWWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MmFiNzhlZGE3YmYwMWQ5NWI1OTc3NGVkMzQ2YmNiZjk2
YTI2ODQwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjUwNDNhMTMyOTFjYmU2ZmY3Mzc3ZjZlZmJkMTI1NDQ4NWRkZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7aOG7wz6uhEZ4cAl/eD7h3Ee780
JxsStDQhn0UJgEcx/vTmHTx7KWjXmz3HuqvgOvmJWFZCwp1XHcG92JilTEuJMnwR
nkmmqlGsVY4egbf8ll2Vs0NWDqeIxeUEKTjToiovNFphArhG568HopcQCmL+zP0R
8h5nYchNDBq0a6pEqJBTFkyMUuJgcO/E5kT/0ueifATnZjrSlZYO+Dr6D6hb0zpa
beJYLluRRnIWF0Adlc3rvymP0dJSF7pGEYc/fsyWnNGtTa1oXN2NTiN5W5JwMTIZ
6IzoOV1g+fItZvHBzCSk/o3u6vnTZauqTME0wL1Tc6L6whfTadlCKl1GNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9QQ6Eykcvm/3N39u+9ElRIXd9PMB8GA1UdIwQY
MBaAFNQqt47ae/AdlbWXdO00a8v5aiaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNxM2p0cDc4QjJWdFpkMDdUUnJ5X2xxSm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi82NDRhMDAtMmQ4Yi00NzI1LWI1Y2Et
OTAxMmJlYWUyODUyLzEvdjFCRG9US1J5LWJfYzNmMjc3MFNWRWhkMzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi82NDRhMDAtMmQ4Yi00NzI1LWI1Y2EtOTAxMmJlYWUyODUy
LzEvMUNxM2p0cDc4QjJWdFpkMDdUUnJ5X2xxSm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXBIMA0G
CSqGSIb3DQEBCwUAA4IBAQAnMHtqrbdfKJtZ9K6Z0WXBeUWIlozORMnG2v2UTdiY
gzpg0k4XF1NxT3UvEmC9Qdvzty96WT+1MDqO9ut4iVvCAO7dOklhfHtszIUK8da5
VQdk4m3CEC1usR/CYbr8KQ3duKJw+LHbK9boCghfxEcbV77kuejVek7Yq44uRAul
TcDeQ7OkuldFnTQ+xIWIl01TFnxAfcLK0nm8r6XwyqGMXunkqfIozPk5h7sZ4G5V
NIeX3WWZ6Q1L4e/oKI6g457csVNtIAC3ZUGsRCHYYvkkkV2qI2Ul1sz9v71R3O7X
9fj15rNI7gK71DQ5h7LvXHF40i2rz3QQYnTooyMKcwgD
-----END CERTIFICATE-----