Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/ahO8QOj9tu4XWu4jPDukNwLM5q8.roa
File:                     ahO8QOj9tu4XWu4jPDukNwLM5q8.roa (raw, json)
Hash identifier:          RvwkF91KGDlUpvFiH6iy062nXWMOSw4qKxr9IRwreLo=
Subject key identifier:   6A:13:BC:40:E8:FD:B6:EE:17:5A:EE:23:3C:3B:A4:37:02:CC:E6:AF
Certificate issuer:       /CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
Certificate serial:       018CC42509287B5F7A5BB0A6CB590C5B9968
Authority key identifier: DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/ahO8QOj9tu4XWu4jPDukNwLM5q8.roa
Signing time:             Mon 01 Jan 2024 08:30:10 +0000
ROA not before:           Mon 01 Jan 2024 08:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62095
IP address blocks:        185.48.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:09:28:7b:5f:7a:5b:b0:a6:cb:59:0c:5b:99:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
        Validity
            Not Before: Jan  1 08:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a13bc40e8fdb6ee175aee233c3ba43702cce6af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bb:ba:e3:9f:96:43:bd:c5:7e:25:74:fe:fc:
                    72:74:66:ec:2d:e9:95:e2:66:c6:c0:e0:17:ad:68:
                    2b:4f:88:96:32:5a:39:c5:c2:27:12:ea:1a:6a:92:
                    02:11:4d:bf:0d:ef:83:f1:d9:7d:3d:d6:61:d2:2e:
                    ef:41:6a:a1:84:6b:69:84:69:d7:2d:c0:33:e4:84:
                    b0:02:32:a6:97:aa:71:63:34:d0:b6:ca:d7:48:da:
                    a7:dd:76:cc:37:08:d8:5a:46:ef:21:53:9d:03:c5:
                    d5:c8:24:c4:09:73:51:46:c3:d8:b8:e7:d1:56:cd:
                    48:71:ad:57:0a:37:c5:29:ef:11:6e:9a:07:39:71:
                    4f:53:90:20:48:2a:27:84:3b:2f:7a:fb:08:10:48:
                    7a:4a:f7:cf:6f:7e:ab:af:f5:73:32:81:c8:0c:92:
                    1d:7a:40:c2:68:9a:09:e2:fa:22:b0:1f:54:43:52:
                    58:fd:a4:a3:5c:bd:26:68:f1:ab:d3:5a:b7:40:50:
                    9f:25:ef:85:4a:0c:4e:71:21:11:42:01:ef:88:e3:
                    26:a6:81:02:89:bb:b5:14:24:37:57:8e:9b:19:87:
                    64:04:a5:68:d9:7c:7d:82:1b:48:c6:58:a3:e3:12:
                    36:e5:78:3c:53:dc:e2:4e:b1:9e:01:ff:51:e3:70:
                    5d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:13:BC:40:E8:FD:B6:EE:17:5A:EE:23:3C:3B:A4:37:02:CC:E6:AF
            X509v3 Authority Key Identifier:
                keyid:DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/ahO8QOj9tu4XWu4jPDukNwLM5q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:2a:5c:35:40:5e:af:ac:32:85:79:3a:b4:71:72:b8:2e:98:
         c6:cf:29:c5:dc:ac:5b:5b:d5:3f:5d:9d:0b:27:b9:bc:5b:34:
         69:47:f0:94:80:6b:6e:31:02:d6:e4:8c:aa:a1:d3:57:e3:09:
         41:e2:73:f0:cf:df:94:e8:83:77:1c:44:99:b3:23:a2:95:71:
         7f:fd:0d:85:74:f6:84:34:57:ff:e6:3a:9a:d7:9e:27:d4:8b:
         f8:45:1c:56:d7:e1:94:51:30:1f:73:0e:28:8f:60:0d:5f:02:
         83:f4:85:93:f0:6e:30:3a:58:6b:e4:38:6e:90:6d:37:33:79:
         5d:db:1e:de:ec:4d:fd:2c:59:23:09:b3:29:01:8a:dc:ec:19:
         ff:81:07:0d:b4:d1:ed:cb:0d:f9:c0:b4:28:22:16:73:ea:2f:
         7b:f8:4c:b2:66:88:48:8e:a0:61:77:28:b0:5c:2b:57:2f:75:
         5d:7b:bc:cf:8c:d4:40:3e:67:73:27:73:85:21:f2:54:34:20:
         74:8b:81:2d:e4:bc:6b:2e:ba:99:5a:74:b3:f9:d2:e0:4b:b7:
         36:fe:34:b4:32:79:69:a4:7a:81:ec:30:a4:2a:87:3b:2f:32:
         96:a7:20:e0:45:af:76:92:9b:a0:b3:ae:00:cc:9a:5e:3d:a8:
         c4:cd:d0:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQkoe196W7Cmy1kMW5loMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNmVkMDU3OWMzZmQyNTM1OTdlYzgyZjA5MzkxMTFiYTlk
OGM4OGQwHhcNMjQwMTAxMDgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTEzYmM0MGU4ZmRiNmVlMTc1YWVlMjMzYzNiYTQzNzAyY2NlNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLu645+WQ73FfiV0/vxydGbsLemV
4mbGwOAXrWgrT4iWMlo5xcInEuoaapICEU2/De+D8dl9PdZh0i7vQWqhhGtphGnX
LcAz5ISwAjKml6pxYzTQtsrXSNqn3XbMNwjYWkbvIVOdA8XVyCTECXNRRsPYuOfR
Vs1Ica1XCjfFKe8RbpoHOXFPU5AgSConhDsvevsIEEh6SvfPb36rr/VzMoHIDJId
ekDCaJoJ4voisB9UQ1JY/aSjXL0maPGr01q3QFCfJe+FSgxOcSERQgHviOMmpoEC
ibu1FCQ3V46bGYdkBKVo2Xx9ghtIxlij4xI25Xg8U9ziTrGeAf9R43BdkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoTvEDo/bbuF1ruIzw7pDcCzOavMB8GA1UdIwQY
MBaAFN5u0FecP9JTWX7ILwk5ERup2MiNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAt
ODM4NmU3MGJkYzU4LzEvYWhPOFFPajl0dTRYV3U0alBEdWtOd0xNNXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAtODM4NmU3MGJkYzU4
LzEvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAYMA0G
CSqGSIb3DQEBCwUAA4IBAQBnKlw1QF6vrDKFeTq0cXK4LpjGzynF3KxbW9U/XZ0L
J7m8WzRpR/CUgGtuMQLW5IyqodNX4wlB4nPwz9+U6IN3HESZsyOilXF//Q2FdPaE
NFf/5jqa154n1Iv4RRxW1+GUUTAfcw4oj2ANXwKD9IWT8G4wOlhr5DhukG03M3ld
2x7e7E39LFkjCbMpAYrc7Bn/gQcNtNHtyw35wLQoIhZz6i97+EyyZohIjqBhdyiw
XCtXL3Vde7zPjNRAPmdzJ3OFIfJUNCB0i4Et5LxrLrqZWnSz+dLgS7c2/jS0Mnlp
pHqB7DCkKoc7LzKWpyDgRa92kpugs64AzJpePajEzdCe
-----END CERTIFICATE-----