Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/lHd7xqftLAEpkoOWzQgys_oMo1o.roa
File:                     lHd7xqftLAEpkoOWzQgys_oMo1o.roa (raw, json)
Hash identifier:          QV+zHFcW4RwbAVZAzU7oK7t9vsa1pYMso+duAWIlBCs=
Subject key identifier:   94:77:7B:C6:A7:ED:2C:01:29:92:83:96:CD:08:32:B3:FA:0C:A3:5A
Certificate issuer:       /CN=ff1c218811d9294ad631253a445ed1d395a9639f
Certificate serial:       018CCA2B06685A2530CBE6892059E5AC0B5B
Authority key identifier: FF:1C:21:88:11:D9:29:4A:D6:31:25:3A:44:5E:D1:D3:95:A9:63:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_xwhiBHZKUrWMSU6RF7R05WpY58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/lHd7xqftLAEpkoOWzQgys_oMo1o.roa
Signing time:             Tue 02 Jan 2024 12:34:26 +0000
ROA not before:           Tue 02 Jan 2024 12:34:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207435
IP address blocks:        82.115.212.0/24 maxlen: 24
                          2a10:3a00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/_xwhiBHZKUrWMSU6RF7R05WpY58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/_xwhiBHZKUrWMSU6RF7R05WpY58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_xwhiBHZKUrWMSU6RF7R05WpY58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:06:68:5a:25:30:cb:e6:89:20:59:e5:ac:0b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff1c218811d9294ad631253a445ed1d395a9639f
        Validity
            Not Before: Jan  2 12:34:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94777bc6a7ed2c0129928396cd0832b3fa0ca35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:df:82:85:ad:8c:8d:2a:10:b4:95:c9:48:fc:
                    ef:49:5e:01:6c:21:56:20:47:ff:5e:c2:6c:75:72:
                    0d:6c:ff:ff:dc:f2:d7:00:0a:45:19:6e:06:9f:ea:
                    0f:0c:50:95:57:d1:d9:2f:b0:32:32:aa:8c:89:29:
                    91:7c:26:0e:18:3c:aa:29:7d:20:44:f6:33:d6:2d:
                    00:12:92:04:b4:3d:ac:c2:2d:d3:c8:fe:5d:ef:11:
                    9f:98:ac:81:96:dc:8f:f8:fc:8f:e0:7d:c0:7f:9f:
                    07:95:dd:ef:9f:23:64:33:e2:8c:70:11:ec:c3:d6:
                    d3:9e:e0:a1:b5:0f:96:55:da:91:fc:4b:ee:61:73:
                    c2:c3:33:09:ed:4e:37:e6:b8:1a:c7:16:8c:ab:b8:
                    da:ea:65:f1:94:d0:31:2e:3c:51:7d:4b:bf:c1:00:
                    33:91:a1:5c:32:94:dd:f8:a9:56:2d:08:f1:bb:e6:
                    e1:bd:63:d5:60:03:81:29:7b:8b:8c:cf:0d:3b:df:
                    18:ce:3b:4c:27:bd:10:e7:78:36:40:7b:c9:a1:36:
                    f6:b7:c8:95:c9:13:76:84:82:0c:cb:be:27:80:91:
                    02:d2:66:72:bb:0c:e7:db:54:0d:d2:c3:26:6d:2a:
                    41:f9:ce:14:d6:38:f9:76:69:e3:74:6e:3a:5e:18:
                    01:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:77:7B:C6:A7:ED:2C:01:29:92:83:96:CD:08:32:B3:FA:0C:A3:5A
            X509v3 Authority Key Identifier:
                keyid:FF:1C:21:88:11:D9:29:4A:D6:31:25:3A:44:5E:D1:D3:95:A9:63:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_xwhiBHZKUrWMSU6RF7R05WpY58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/lHd7xqftLAEpkoOWzQgys_oMo1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/_xwhiBHZKUrWMSU6RF7R05WpY58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.212.0/24
                IPv6:
                  2a10:3a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:31:10:44:ef:ee:1f:a2:6f:3d:36:bb:df:dd:3b:2f:db:0c:
         2e:45:ad:c6:61:4d:04:6b:1f:ea:83:3c:74:8a:af:90:98:94:
         8b:cd:55:6f:8c:fe:1e:a4:6d:a8:ec:ab:cc:6d:db:7a:9e:34:
         20:6c:4a:8f:a1:24:48:55:37:0a:f7:30:72:a1:bb:85:64:54:
         29:aa:a8:ea:40:09:fe:8a:3d:ba:01:72:42:8f:84:91:fe:0e:
         c3:20:2e:96:cd:bc:cd:5c:2c:d9:0b:ce:a4:f1:5c:63:16:e3:
         4a:3b:2a:08:56:a3:ff:68:2c:bd:fd:45:a7:ba:3c:4b:e2:09:
         26:75:09:a8:02:8e:a2:a4:28:35:57:95:9f:bd:f2:59:f2:c7:
         07:bb:3d:11:65:3b:dc:e7:da:c6:e9:a8:1a:25:10:e6:60:32:
         ac:65:30:cf:8c:d4:cc:e2:b7:6b:fe:5a:89:42:74:e5:9b:3f:
         84:eb:b9:25:45:c4:9b:ad:ab:9f:9c:b1:3f:91:fd:a3:4f:e1:
         5f:78:2f:21:a9:f8:2a:16:98:16:e8:a8:0b:a5:dc:9a:1f:d5:
         ca:85:f0:0a:d8:00:91:46:9e:44:06:11:e5:cb:37:6c:5b:5e:
         e2:41:c5:05:d9:f4:8c:9f:6d:13:1b:d1:62:15:d4:81:75:d0:
         c9:38:57:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKwZoWiUwy+aJIFnlrAtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWMyMTg4MTFkOTI5NGFkNjMxMjUzYTQ0NWVkMWQzOTVh
OTYzOWYwHhcNMjQwMTAyMTIzNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc3N2JjNmE3ZWQyYzAxMjk5MjgzOTZjZDA4MzJiM2ZhMGNhMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN+Cha2MjSoQtJXJSPzvSV4BbCFW
IEf/XsJsdXINbP//3PLXAApFGW4Gn+oPDFCVV9HZL7AyMqqMiSmRfCYOGDyqKX0g
RPYz1i0AEpIEtD2swi3TyP5d7xGfmKyBltyP+PyP4H3Af58Hld3vnyNkM+KMcBHs
w9bTnuChtQ+WVdqR/EvuYXPCwzMJ7U435rgaxxaMq7ja6mXxlNAxLjxRfUu/wQAz
kaFcMpTd+KlWLQjxu+bhvWPVYAOBKXuLjM8NO98YzjtMJ70Q53g2QHvJoTb2t8iV
yRN2hIIMy74ngJEC0mZyuwzn21QN0sMmbSpB+c4U1jj5dmnjdG46XhgBZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJR3e8an7SwBKZKDls0IMrP6DKNaMB8GA1UdIwQY
MBaAFP8cIYgR2SlK1jElOkRe0dOVqWOfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3h3aGlCSFpLVXJXTVNVNlJGN1IwNVdwWTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYzZiMTQtN2U4Ny00OWM3LWEzYjMt
YTBhNjBiYjljZDliLzEvbEhkN3hxZnRMQUVwa29PV3pRZ3lzX29NbzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYzZiMTQtN2U4Ny00OWM3LWEzYjMtYTBhNjBiYjljZDli
LzEvX3h3aGlCSFpLVXJXTVNVNlJGN1IwNVdwWTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUnPUMA0E
AgACMAcDBQMqEDoAMA0GCSqGSIb3DQEBCwUAA4IBAQAbMRBE7+4fom89Nrvf3Tsv
2wwuRa3GYU0Eax/qgzx0iq+QmJSLzVVvjP4epG2o7KvMbdt6njQgbEqPoSRIVTcK
9zByobuFZFQpqqjqQAn+ij26AXJCj4SR/g7DIC6WzbzNXCzZC86k8VxjFuNKOyoI
VqP/aCy9/UWnujxL4gkmdQmoAo6ipCg1V5WfvfJZ8scHuz0RZTvc59rG6agaJRDm
YDKsZTDPjNTM4rdr/lqJQnTlmz+E67klRcSbraufnLE/kf2jT+FfeC8hqfgqFpgW
6KgLpdyaH9XKhfAK2ACRRp5EBhHlyzdsW17iQcUF2fSMn20TG9FiFdSBddDJOFfy
-----END CERTIFICATE-----