Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/bOYFfIg7etGFlDYlgCQPr8NC7-M.roa
File:                     bOYFfIg7etGFlDYlgCQPr8NC7-M.roa (raw, json)
Hash identifier:          B5sV81Xc/+1wAy3noFBtqiuIgml5UYb72fBUIvLdbq0=
Subject key identifier:   6C:E6:05:7C:88:3B:7A:D1:85:94:36:25:80:24:0F:AF:C3:42:EF:E3
Certificate issuer:       /CN=63e24977993c15bcc134b174937f41b2129f56d1
Certificate serial:       018CC424741BC2E1C2FAEE29E7A9CFC17FF6
Authority key identifier: 63:E2:49:77:99:3C:15:BC:C1:34:B1:74:93:7F:41:B2:12:9F:56:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/bOYFfIg7etGFlDYlgCQPr8NC7-M.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        185.208.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:74:1b:c2:e1:c2:fa:ee:29:e7:a9:cf:c1:7f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e24977993c15bcc134b174937f41b2129f56d1
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce6057c883b7ad18594362580240fafc342efe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3a:30:cc:d2:2a:6c:a4:fb:e1:ff:3e:7b:82:
                    eb:d3:e7:ea:99:e6:0b:5d:3f:b2:41:a4:99:16:4f:
                    ba:6c:2b:30:9c:89:bd:2c:3c:cd:42:b2:24:75:b0:
                    e8:a3:e8:03:da:e6:da:8c:38:57:02:43:b5:d1:5c:
                    4d:3f:8d:69:0e:eb:da:10:3b:58:5a:fb:65:17:90:
                    10:ce:5e:7b:2d:f6:24:fe:75:d2:6b:66:41:f1:11:
                    ef:3a:14:15:f4:61:fd:87:31:f8:8c:c1:06:54:dc:
                    91:f8:fc:56:93:3e:af:d0:80:a9:6c:50:05:12:64:
                    88:80:f6:cc:d9:2d:90:b3:d4:46:19:94:b5:cc:60:
                    79:5e:6a:05:ed:31:65:54:4a:30:1b:0c:92:26:16:
                    60:d3:d9:a3:70:e9:71:14:76:80:15:e8:c9:9d:ec:
                    62:83:da:19:5b:5e:52:43:68:f9:5e:a8:df:38:9c:
                    a6:ad:ee:50:75:fe:66:c5:60:f1:fa:a1:b9:52:05:
                    6d:38:ed:3d:f8:74:68:5b:5e:b5:44:74:ef:b2:ad:
                    08:fd:93:4b:e1:98:49:97:90:86:cc:91:80:4a:b0:
                    7d:db:07:e6:66:cb:01:f8:11:a2:ea:fa:e8:ab:e6:
                    1b:ad:c6:5f:c6:68:25:6e:13:28:76:7f:99:13:23:
                    fb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E6:05:7C:88:3B:7A:D1:85:94:36:25:80:24:0F:AF:C3:42:EF:E3
            X509v3 Authority Key Identifier:
                keyid:63:E2:49:77:99:3C:15:BC:C1:34:B1:74:93:7F:41:B2:12:9F:56:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/bOYFfIg7etGFlDYlgCQPr8NC7-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:e3:b0:ab:1a:df:e5:c4:ef:7e:55:a7:fb:f8:81:33:c9:37:
         8e:e1:b6:a7:8a:8e:32:0d:67:51:df:ce:d9:a0:98:33:e3:f9:
         47:7a:f9:19:b1:54:9e:1b:c8:3f:a9:e5:04:91:45:9a:0b:ac:
         10:12:3f:07:b1:cc:cd:e1:45:53:b6:81:55:db:c3:fc:37:28:
         92:c4:d8:b9:c4:62:1e:94:82:f6:3f:82:ec:46:1f:72:b3:e2:
         68:f3:47:ac:47:0a:d5:94:67:09:45:c3:53:b6:f2:e7:72:91:
         6d:62:cb:37:b8:a2:23:fd:d9:4e:35:f7:f7:50:89:5b:7e:2b:
         3a:0a:d9:78:61:72:d2:45:b3:ed:6a:ee:20:43:76:8b:c5:1e:
         c9:38:06:49:17:43:92:82:86:fe:09:4f:76:bc:51:d1:97:de:
         fb:00:fd:43:4a:86:36:9e:d2:c8:99:fc:7d:2f:1e:fd:ca:69:
         e4:a0:60:81:09:0a:9c:00:82:df:fc:46:9a:50:f8:d6:2c:0a:
         86:bf:ac:89:54:9a:14:9c:73:31:1f:92:49:86:4b:29:06:65:
         b5:d0:18:7b:4f:da:84:d4:18:e2:f5:61:d5:2f:0b:4c:85:1f:
         a5:b5:eb:6d:ce:53:17:4e:36:07:ef:a8:19:4f:db:7c:b6:b4:
         00:d2:33:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHQbwuHC+u4p56nPwX/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTI0OTc3OTkzYzE1YmNjMTM0YjE3NDkzN2Y0MWIyMTI5
ZjU2ZDEwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2U2MDU3Yzg4M2I3YWQxODU5NDM2MjU4MDI0MGZhZmMzNDJlZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDowzNIqbKT74f8+e4Lr0+fqmeYL
XT+yQaSZFk+6bCswnIm9LDzNQrIkdbDoo+gD2ubajDhXAkO10VxNP41pDuvaEDtY
WvtlF5AQzl57LfYk/nXSa2ZB8RHvOhQV9GH9hzH4jMEGVNyR+PxWkz6v0ICpbFAF
EmSIgPbM2S2Qs9RGGZS1zGB5XmoF7TFlVEowGwySJhZg09mjcOlxFHaAFejJnexi
g9oZW15SQ2j5XqjfOJymre5Qdf5mxWDx+qG5UgVtOO09+HRoW161RHTvsq0I/ZNL
4ZhJl5CGzJGASrB92wfmZssB+BGi6vroq+YbrcZfxmglbhModn+ZEyP7fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzmBXyIO3rRhZQ2JYAkD6/DQu/jMB8GA1UdIwQY
MBaAFGPiSXeZPBW8wTSxdJN/QbISn1bRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1KSmQ1azhGYnpCTkxGMGszOUJzaEtmVnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mZDgxMTYtNWU5OC00NWVmLWFmNzQt
MDczYTVkYjBlZmI1LzEvYk9ZRmZJZzdldEdGbERZbGdDUVByOE5DNy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mZDgxMTYtNWU5OC00NWVmLWFmNzQtMDczYTVkYjBlZmI1
LzEvWS1KSmQ1azhGYnpCTkxGMGszOUJzaEtmVnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudCQMA0G
CSqGSIb3DQEBCwUAA4IBAQBz47CrGt/lxO9+Vaf7+IEzyTeO4banio4yDWdR387Z
oJgz4/lHevkZsVSeG8g/qeUEkUWaC6wQEj8HsczN4UVTtoFV28P8NyiSxNi5xGIe
lIL2P4LsRh9ys+Jo80esRwrVlGcJRcNTtvLncpFtYss3uKIj/dlONff3UIlbfis6
Ctl4YXLSRbPtau4gQ3aLxR7JOAZJF0OSgob+CU92vFHRl977AP1DSoY2ntLImfx9
Lx79ymnkoGCBCQqcAILf/EaaUPjWLAqGv6yJVJoUnHMxH5JJhkspBmW10Bh7T9qE
1Bji9WHVLwtMhR+ltettzlMXTjYH76gZT9t8trQA0jPs
-----END CERTIFICATE-----