Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/anrw6qRLcOEWyNyWh3-y--EvM2E.roa
File:                     anrw6qRLcOEWyNyWh3-y--EvM2E.roa (raw, json)
Hash identifier:          Z0rzDuteCmUPhRGHoPSehQeH9jqWl8Ul/7hudKV24Hs=
Subject key identifier:   6A:7A:F0:EA:A4:4B:70:E1:16:C8:DC:96:87:7F:B2:FB:E1:2F:33:61
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79564B97AB23A22E5A0694AD0472E63
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/anrw6qRLcOEWyNyWh3-y--EvM2E.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62162
IP address blocks:        85.204.43.0/24 maxlen: 24
                          85.204.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:64:b9:7a:b2:3a:22:e5:a0:69:4a:d0:47:2e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a7af0eaa44b70e116c8dc96877fb2fbe12f3361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9e:71:bf:60:7d:26:1f:54:dd:c6:5b:a2:67:
                    11:8a:d8:c1:80:9c:ca:70:aa:16:c1:b8:5c:c8:45:
                    75:a5:cb:2e:ca:81:77:5f:90:61:5a:6a:21:36:14:
                    91:03:2d:9c:f3:d7:ec:70:1c:f1:e4:ec:ee:37:67:
                    28:8d:de:72:c0:32:95:3a:16:59:86:74:7d:c0:14:
                    bc:bf:a0:4b:40:c3:94:21:57:79:a5:e8:df:94:4d:
                    9a:67:70:53:b8:43:90:90:46:24:c8:5a:d5:8f:3a:
                    8f:e6:31:d6:a8:e6:43:98:39:d6:f5:a2:ab:fd:a1:
                    58:52:33:dd:44:53:b9:5d:9a:4c:52:9b:f9:4b:a9:
                    bd:4d:6e:05:52:75:24:e4:a6:bd:86:62:2d:5f:0a:
                    ff:4f:64:de:c5:a4:d6:1a:9f:63:a1:29:39:8a:97:
                    dd:6c:db:e9:1f:0a:3f:ab:89:e8:61:b6:b3:46:ec:
                    f0:25:4c:9b:d6:fc:55:83:45:b3:fe:32:1b:23:35:
                    ea:0f:17:33:fc:7e:a4:77:74:a5:29:ce:34:97:2e:
                    a1:5b:0e:6a:dc:29:93:bf:89:9c:7e:13:8a:dc:49:
                    35:a7:0c:2a:5a:da:1d:81:e9:94:11:09:78:0e:a2:
                    51:82:61:b1:b1:61:26:dc:63:4e:62:e7:93:08:d5:
                    bb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7A:F0:EA:A4:4B:70:E1:16:C8:DC:96:87:7F:B2:FB:E1:2F:33:61
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/anrw6qRLcOEWyNyWh3-y--EvM2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.43.0/24
                  85.204.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:90:ce:38:59:31:29:ca:72:22:9b:a0:20:59:22:ce:2d:94:
         cd:5f:c8:4b:e7:e5:c7:57:d6:83:4a:e7:99:0a:33:0a:1a:3c:
         f4:88:10:65:48:ba:74:87:1a:c1:a7:61:87:b1:b8:c9:2c:c5:
         11:d8:f3:fd:96:a4:10:2e:72:d3:05:36:a4:b6:4c:69:54:ff:
         42:69:21:3b:c9:11:84:3d:27:2e:87:44:ad:a2:0b:83:5a:fa:
         63:27:da:39:40:dd:05:d0:bb:1c:43:a6:76:60:36:28:98:62:
         5a:0a:4c:b9:b5:39:65:a6:49:81:2d:0e:8d:59:30:e6:0a:72:
         69:09:03:f7:a0:17:ec:9a:6b:1f:77:36:5b:c8:78:1c:b9:aa:
         f3:74:0a:79:61:98:2b:95:b2:0d:53:2d:3f:e1:67:e6:dd:47:
         2d:f8:53:49:fc:c5:e1:37:73:63:fa:4e:d4:77:1d:e3:46:8a:
         4a:87:6d:cf:59:2f:3b:09:73:b8:99:cd:37:a0:80:6c:a8:4a:
         8f:ed:20:a6:7f:83:45:ab:8c:4e:b5:8c:1e:aa:f0:2b:79:bf:
         0c:fa:f6:28:5c:17:53:44:03:e5:69:4e:33:47:41:9e:18:6b:
         65:7f:4a:75:9d:de:40:63:68:38:7f:8b:3c:3e:d9:1d:ef:b3:
         96:42:2a:5f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlWS5erI6IuWgaUrQRy5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTdhZjBlYWE0NGI3MGUxMTZjOGRjOTY4NzdmYjJmYmUxMmYzMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ5xv2B9Jh9U3cZbomcRitjBgJzK
cKoWwbhcyEV1pcsuyoF3X5BhWmohNhSRAy2c89fscBzx5OzuN2cojd5ywDKVOhZZ
hnR9wBS8v6BLQMOUIVd5pejflE2aZ3BTuEOQkEYkyFrVjzqP5jHWqOZDmDnW9aKr
/aFYUjPdRFO5XZpMUpv5S6m9TW4FUnUk5Ka9hmItXwr/T2TexaTWGp9joSk5ipfd
bNvpHwo/q4noYbazRuzwJUyb1vxVg0Wz/jIbIzXqDxcz/H6kd3SlKc40ly6hWw5q
3CmTv4mcfhOK3Ek1pwwqWtodgemUEQl4DqJRgmGxsWEm3GNOYueTCNW7UwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGp68OqkS3DhFsjclod/svvhLzNhMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2Fucnc2cVJMY09FV3lOeVdoMy15LS1Fdk0yRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABVzCsD
BABVzEkwDQYJKoZIhvcNAQELBQADggEBAHKQzjhZMSnKciKboCBZIs4tlM1fyEvn
5cdX1oNK55kKMwoaPPSIEGVIunSHGsGnYYexuMksxRHY8/2WpBAuctMFNqS2TGlU
/0JpITvJEYQ9Jy6HRK2iC4Na+mMn2jlA3QXQuxxDpnZgNiiYYloKTLm1OWWmSYEt
Do1ZMOYKcmkJA/egF+yaax93NlvIeBy5qvN0CnlhmCuVsg1TLT/hZ+bdRy34U0n8
xeE3c2P6TtR3HeNGikqHbc9ZLzsJc7iZzTeggGyoSo/tIKZ/g0WrjE61jB6q8Ct5
vwz69ihcF1NEA+VpTjNHQZ4Ya2V/SnWd3kBjaDh/izw+2R3vs5ZCKl8=
-----END CERTIFICATE-----