Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/1-glQQLJIGrHfyCj4NWREpvYxVu4.roa
File:                     1-glQQLJIGrHfyCj4NWREpvYxVu4.roa (raw, json)
Hash identifier:          VfT8fqkDMwePc+HxIk+aHa6qtw4/TVhbVShqO7r+w1A=
Subject key identifier:   FA:09:50:40:B2:48:1A:B1:DF:C8:28:F8:35:64:44:A6:F6:31:56:EE
Certificate issuer:       /CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
Certificate serial:       018CC348E9B740A6AA6DC8C61135354FAE86
Authority key identifier: 4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/1-glQQLJIGrHfyCj4NWREpvYxVu4.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        85.234.107.0/24 maxlen: 24
                          85.234.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e9:b7:40:a6:aa:6d:c8:c6:11:35:35:4f:ae:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c2b89c3c57a3e296aa4061e962840be7ae8f018
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa095040b2481ab1dfc828f8356444a6f63156ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:89:3e:90:ee:b8:08:c7:c2:b4:de:d8:92:
                    0c:a5:b1:bc:bc:f0:d1:c9:e0:0b:0f:76:bc:ce:f5:
                    24:d7:67:00:ea:52:79:ae:d4:3b:e6:81:f7:6c:79:
                    d9:46:97:e8:92:ba:1b:df:55:d5:4b:d0:6a:14:76:
                    e6:7d:a7:5a:f7:b3:aa:d4:d3:af:7b:9c:b9:63:dc:
                    1a:b4:90:25:ff:50:4f:a4:2d:a8:11:9e:85:da:fe:
                    63:14:05:2c:ac:b6:29:d4:6e:73:46:43:40:7d:07:
                    24:c4:92:29:11:79:c3:26:87:93:e5:30:a1:e5:25:
                    58:d1:70:66:03:58:7c:89:33:98:00:eb:6c:b1:8e:
                    c0:c1:3b:1f:f2:4f:e6:cd:07:a9:e4:65:fa:6f:7e:
                    a7:85:fa:4b:cc:2d:90:ee:0c:e7:f5:19:b5:50:7b:
                    84:ee:0e:41:64:ce:7e:77:a0:97:36:a5:8a:26:b0:
                    c0:50:ac:07:55:6c:06:65:ea:5e:34:c1:c0:21:6c:
                    7f:33:7c:18:3d:fe:ba:f8:bc:fa:94:67:25:44:cc:
                    f0:3d:38:76:02:ba:7e:33:bb:ca:bc:7a:9e:ff:ca:
                    e4:ca:0b:a6:c3:02:af:8f:33:58:40:ed:45:f5:16:
                    54:1c:24:04:fd:e5:f7:d8:3a:5c:e1:c8:d6:40:e2:
                    73:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:09:50:40:B2:48:1A:B1:DF:C8:28:F8:35:64:44:A6:F6:31:56:EE
            X509v3 Authority Key Identifier:
                keyid:4C:2B:89:C3:C5:7A:3E:29:6A:A4:06:1E:96:28:40:BE:7A:E8:F0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCuJw8V6PilqpAYelihAvnro8Bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/1-glQQLJIGrHfyCj4NWREpvYxVu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/72155a-d109-4c2d-b974-1128e5ce6a5b/1/TCuJw8V6PilqpAYelihAvnro8Bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.234.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:5e:f4:37:01:9b:64:d6:f5:1c:30:fd:b0:2b:47:ae:57:21:
         6f:9e:6e:b9:6a:d8:50:f1:5e:d8:f2:2b:b1:90:bc:cb:e7:76:
         ff:15:5c:f5:9b:0c:a3:3a:27:87:72:60:9c:1f:0f:6c:c8:a5:
         73:2b:b3:8f:52:cc:76:54:55:c2:8c:9b:ed:f0:2b:3e:a6:47:
         5c:93:49:46:e2:10:ea:ce:74:a4:73:68:a8:50:94:0c:40:c0:
         b6:a6:13:21:29:e7:4d:02:62:0a:79:9d:f0:25:2c:36:c1:e6:
         eb:4d:56:22:99:a0:da:61:32:4e:1f:e9:82:a3:ec:39:21:41:
         69:0d:eb:a8:22:bd:e6:a4:93:f5:5d:8e:e1:fa:37:97:b3:57:
         58:02:99:28:a1:41:84:16:a7:35:31:4a:f2:0b:b6:f0:91:01:
         6b:d2:4f:99:12:9f:94:b3:20:52:61:14:7b:2e:d3:56:04:51:
         db:fd:ab:25:ef:71:f1:ac:95:17:1a:4b:13:e5:ac:14:64:50:
         94:8f:6a:c2:f1:29:ad:f0:b7:ad:ee:28:12:3d:16:f3:82:75:
         f2:65:93:4a:88:8e:06:f9:fc:e3:dc:3d:1e:67:2e:2e:79:c7:
         f5:9f:c8:c3:19:9c:ba:ce:fa:4d:12:31:32:af:f0:ae:dd:25:
         98:f9:53:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSOm3QKaqbcjGETU1T66GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmI4OWMzYzU3YTNlMjk2YWE0MDYxZTk2Mjg0MGJlN2Fl
OGYwMTgwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTA5NTA0MGIyNDgxYWIxZGZjODI4ZjgzNTY0NDRhNmY2MzE1NmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPKJPpDuuAjHwrTe2JIMpbG8vPDR
yeALD3a8zvUk12cA6lJ5rtQ75oH3bHnZRpfokrob31XVS9BqFHbmfada97Oq1NOv
e5y5Y9watJAl/1BPpC2oEZ6F2v5jFAUsrLYp1G5zRkNAfQckxJIpEXnDJoeT5TCh
5SVY0XBmA1h8iTOYAOtssY7AwTsf8k/mzQep5GX6b36nhfpLzC2Q7gzn9Rm1UHuE
7g5BZM5+d6CXNqWKJrDAUKwHVWwGZepeNMHAIWx/M3wYPf66+Lz6lGclRMzwPTh2
Arp+M7vKvHqe/8rkygumwwKvjzNYQO1F9RZUHCQE/eX32Dpc4cjWQOJzTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoJUECySBqx38go+DVkRKb2MVbuMB8GA1UdIwQY
MBaAFEwricPFej4paqQGHpYoQL566PAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEN1Snc4VjZQaWxxcEFZZWxpaEF2bnJvOEJnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83MjE1NWEtZDEwOS00YzJkLWI5NzQt
MTEyOGU1Y2U2YTViLzEvMS1nbFFRTEpJR3JIZnlDajROV1JFcHZZeFZ1NC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvNzIxNTVhLWQxMDktNGMyZC1iOTc0LTExMjhlNWNlNmE1
Yi8xL1RDdUp3OFY2UGlscXBBWWVsaWhBdm5ybzhCZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVXqajAN
BgkqhkiG9w0BAQsFAAOCAQEAl170NwGbZNb1HDD9sCtHrlchb55uuWrYUPFe2PIr
sZC8y+d2/xVc9ZsMozonh3JgnB8PbMilcyuzj1LMdlRVwoyb7fArPqZHXJNJRuIQ
6s50pHNoqFCUDEDAtqYTISnnTQJiCnmd8CUsNsHm601WIpmg2mEyTh/pgqPsOSFB
aQ3rqCK95qST9V2O4fo3l7NXWAKZKKFBhBanNTFK8gu28JEBa9JPmRKflLMgUmEU
ey7TVgRR2/2rJe9x8ayVFxpLE+WsFGRQlI9qwvEprfC3re4oEj0W84J18mWTSoiO
Bvn849w9HmcuLnnH9Z/Iwxmcus76TRIxMq/wrt0lmPlT6g==
-----END CERTIFICATE-----