Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/V4zQPHFgZ0PwkOx8UsjH0Q-cIy4.roa
File:                     V4zQPHFgZ0PwkOx8UsjH0Q-cIy4.roa (raw, json)
Hash identifier:          /HGy7lJ7Va3MKO4EvRYSuCRqbGzplVE9cJg8RO3shq0=
Subject key identifier:   57:8C:D0:3C:71:60:67:43:F0:90:EC:7C:52:C8:C7:D1:0F:9C:23:2E
Certificate issuer:       /CN=8f9a4670146ad880f14bada4b2762b613ddf1d18
Certificate serial:       018CC501295AC59544D0CBF94B3CA21ADE19
Authority key identifier: 8F:9A:46:70:14:6A:D8:80:F1:4B:AD:A4:B2:76:2B:61:3D:DF:1D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j5pGcBRq2IDxS62ksnYrYT3fHRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/V4zQPHFgZ0PwkOx8UsjH0Q-cIy4.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15623
IP address blocks:        185.241.85.0/24 maxlen: 24
                          185.241.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/j5pGcBRq2IDxS62ksnYrYT3fHRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/j5pGcBRq2IDxS62ksnYrYT3fHRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j5pGcBRq2IDxS62ksnYrYT3fHRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:29:5a:c5:95:44:d0:cb:f9:4b:3c:a2:1a:de:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f9a4670146ad880f14bada4b2762b613ddf1d18
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=578cd03c71606743f090ec7c52c8c7d10f9c232e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f9:a7:e4:8b:6a:59:21:ec:a8:e1:c7:00:d6:
                    ac:f9:e1:a8:60:84:37:6d:73:ba:35:36:0b:08:62:
                    62:f2:9f:7c:6e:29:74:29:82:af:3c:0d:3f:2e:00:
                    35:0e:76:e4:06:5e:b9:df:e0:fd:32:05:cd:27:f9:
                    b8:84:d7:a4:d1:5f:e1:78:ab:db:d2:ae:99:e2:de:
                    ff:68:96:08:28:6c:39:73:ff:d7:f6:97:f6:96:30:
                    c3:e1:2e:2c:f3:a6:ea:33:9e:9f:55:b2:8e:04:a7:
                    a1:e4:a5:b0:9f:a0:98:94:dd:dc:3c:b7:7b:01:db:
                    52:c9:e1:54:d5:c1:08:83:af:f7:16:5b:b6:78:5d:
                    91:b4:de:b2:5e:ab:bb:ee:5b:0e:42:85:52:e6:e5:
                    8d:8c:6e:61:07:06:6a:2d:da:8e:e0:1a:60:a4:08:
                    5e:30:10:c3:ea:16:a7:64:73:f1:ca:cd:41:fd:08:
                    a5:cb:df:59:2e:89:62:ac:fb:97:0a:f9:5b:c7:0c:
                    06:00:63:71:3c:d2:9b:77:57:ea:c8:e5:cd:dd:70:
                    d1:82:35:dc:d4:81:f2:e5:95:d6:a1:b6:0b:59:3c:
                    a4:4c:26:70:96:41:fa:e7:06:ae:f9:b1:63:51:88:
                    39:a6:aa:1a:f2:ad:08:dd:1c:67:cb:ad:d8:f0:c0:
                    7b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8C:D0:3C:71:60:67:43:F0:90:EC:7C:52:C8:C7:D1:0F:9C:23:2E
            X509v3 Authority Key Identifier:
                keyid:8F:9A:46:70:14:6A:D8:80:F1:4B:AD:A4:B2:76:2B:61:3D:DF:1D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j5pGcBRq2IDxS62ksnYrYT3fHRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/V4zQPHFgZ0PwkOx8UsjH0Q-cIy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/354430-54bc-455e-b0d1-7cd508f73364/1/j5pGcBRq2IDxS62ksnYrYT3fHRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:cd:fb:b2:e8:5e:f7:f2:2e:78:4f:90:c3:c1:06:83:ca:d2:
         09:25:b3:65:eb:ec:15:19:1d:1b:15:e3:0a:6c:6a:3e:63:13:
         47:df:02:c8:80:a8:23:e4:b1:e3:76:43:3c:e8:5d:24:7e:54:
         2e:4f:6b:1c:1c:4b:36:4a:50:9f:52:62:4c:70:bb:08:e3:cd:
         55:09:35:49:9d:7f:18:d2:40:d9:7f:d7:a9:8e:95:c3:22:6c:
         c5:e6:63:94:0c:92:7a:f7:58:7a:b9:63:b3:4c:73:e6:80:65:
         d4:82:af:ec:5c:af:69:64:29:92:b9:05:10:fa:fa:61:f9:f2:
         8f:30:65:d0:85:fc:ea:63:34:59:ea:c2:6c:54:18:82:11:69:
         b7:92:1c:55:0e:38:bb:65:ef:95:6f:e3:89:e2:5b:81:b4:90:
         82:6b:c2:dc:d3:e5:37:73:c4:58:d8:10:24:4a:ca:28:79:b2:
         20:51:9a:73:36:63:c5:11:14:40:84:bc:26:4e:08:22:a4:30:
         12:dd:65:ca:10:1f:f6:32:5d:ad:ff:2a:f8:a2:92:92:20:8c:
         cc:5a:4c:d6:23:32:b8:c4:49:15:00:59:1b:af:99:02:99:52:
         ec:fe:17:af:56:7d:55:28:99:a1:29:c1:32:e1:3b:2b:80:11:
         3f:66:19:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASlaxZVE0Mv5SzyiGt4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmOWE0NjcwMTQ2YWQ4ODBmMTRiYWRhNGIyNzYyYjYxM2Rk
ZjFkMTgwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzhjZDAzYzcxNjA2NzQzZjA5MGVjN2M1MmM4YzdkMTBmOWMyMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvmn5ItqWSHsqOHHANas+eGoYIQ3
bXO6NTYLCGJi8p98bil0KYKvPA0/LgA1DnbkBl653+D9MgXNJ/m4hNek0V/heKvb
0q6Z4t7/aJYIKGw5c//X9pf2ljDD4S4s86bqM56fVbKOBKeh5KWwn6CYlN3cPLd7
AdtSyeFU1cEIg6/3Flu2eF2RtN6yXqu77lsOQoVS5uWNjG5hBwZqLdqO4BpgpAhe
MBDD6hanZHPxys1B/Qily99ZLolirPuXCvlbxwwGAGNxPNKbd1fqyOXN3XDRgjXc
1IHy5ZXWobYLWTykTCZwlkH65wau+bFjUYg5pqoa8q0I3Rxny63Y8MB7twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeM0DxxYGdD8JDsfFLIx9EPnCMuMB8GA1UdIwQY
MBaAFI+aRnAUatiA8UutpLJ2K2E93x0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajVwR2NCUnEySUR4UzYya3NuWXJZVDNmSFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zNTQ0MzAtNTRiYy00NTVlLWIwZDEt
N2NkNTA4ZjczMzY0LzEvVjR6UVBIRmdaMFB3a094OFVzakgwUS1jSXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zNTQ0MzAtNTRiYy00NTVlLWIwZDEtN2NkNTA4ZjczMzY0
LzEvajVwR2NCUnEySUR4UzYya3NuWXJZVDNmSFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufFUMA0G
CSqGSIb3DQEBCwUAA4IBAQALzfuy6F738i54T5DDwQaDytIJJbNl6+wVGR0bFeMK
bGo+YxNH3wLIgKgj5LHjdkM86F0kflQuT2scHEs2SlCfUmJMcLsI481VCTVJnX8Y
0kDZf9epjpXDImzF5mOUDJJ691h6uWOzTHPmgGXUgq/sXK9pZCmSuQUQ+vph+fKP
MGXQhfzqYzRZ6sJsVBiCEWm3khxVDji7Ze+Vb+OJ4luBtJCCa8Lc0+U3c8RY2BAk
SsooebIgUZpzNmPFERRAhLwmTggipDAS3WXKEB/2Ml2t/yr4opKSIIzMWkzWIzK4
xEkVAFkbr5kCmVLs/hevVn1VKJmhKcEy4TsrgBE/Zhle
-----END CERTIFICATE-----