Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/1FS0VoSubdhEQ399wLCks4MOU_E.roa
File:                     1FS0VoSubdhEQ399wLCks4MOU_E.roa (raw, json)
Hash identifier:          w6duaT7EU6ALdQ3N1EX0bnDAcmcAmWDqE1ULKZhch9o=
Subject key identifier:   D4:54:B4:56:84:AE:6D:D8:44:43:7F:7D:C0:B0:A4:B3:83:0E:53:F1
Certificate issuer:       /CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
Certificate serial:       018CC86F5A746272E0667783C6638C539608
Authority key identifier: 17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/1FS0VoSubdhEQ399wLCks4MOU_E.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34699
IP address blocks:        85.116.224.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5a:74:62:72:e0:66:77:83:c6:63:8c:53:96:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d454b45684ae6dd844437f7dc0b0a4b3830e53f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d6:0b:26:c0:cb:8f:7e:52:32:79:88:33:03:
                    ba:35:27:15:43:5a:9e:ab:42:66:1f:2b:8f:75:b9:
                    cb:0f:87:71:58:cf:95:bc:11:2f:c2:6d:c0:f8:3c:
                    4a:7b:a6:be:e8:b6:c8:3b:7c:d9:c7:c1:ac:31:8c:
                    59:72:ae:72:78:bf:82:72:1c:2b:a9:8f:49:43:4a:
                    e8:2c:fe:f6:48:d3:cf:ce:96:0a:f1:92:e5:98:7d:
                    14:44:12:09:c6:f5:54:f4:dd:27:8c:50:a2:64:0f:
                    70:48:5c:e6:86:59:84:94:6c:73:bb:75:f4:30:ef:
                    2c:bd:2a:f0:66:19:09:59:ad:75:42:65:45:ea:97:
                    8e:e0:53:2a:3d:26:42:28:55:3e:08:b6:f5:72:c5:
                    6c:5a:48:1d:ca:23:e4:90:5d:48:5e:60:3c:3b:db:
                    9d:e3:4d:43:5e:1d:89:7d:2d:35:d0:97:a5:87:1a:
                    91:3c:3b:3f:5f:07:51:56:67:5a:4d:7d:35:f6:5f:
                    66:4d:9e:a7:77:d4:44:75:15:1b:2a:b5:db:4e:2b:
                    53:12:c9:3b:f7:27:2f:7c:0b:d7:f4:ec:39:92:c9:
                    c4:40:b9:7a:bc:07:0c:15:45:f8:fb:47:6f:24:cc:
                    f0:7d:2c:be:9a:a6:d6:da:4e:c5:c8:85:04:3a:cc:
                    1a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:54:B4:56:84:AE:6D:D8:44:43:7F:7D:C0:B0:A4:B3:83:0E:53:F1
            X509v3 Authority Key Identifier:
                keyid:17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/1FS0VoSubdhEQ399wLCks4MOU_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         69:e7:28:ea:06:ac:dc:42:70:b8:7e:0c:3f:cb:9c:f0:e8:a6:
         17:7c:ba:7f:57:26:19:49:b0:b0:99:0c:53:0a:64:63:bf:cc:
         ed:e2:bc:21:7e:77:28:20:31:53:8a:44:3d:6e:c7:aa:b0:93:
         fb:18:89:9d:c0:e5:eb:8d:ad:b7:12:47:1b:cf:82:5e:f5:e1:
         27:69:4e:91:f7:18:de:49:27:fa:3f:b5:e6:23:9e:88:d2:31:
         a8:74:46:21:16:1d:a4:b0:76:dc:7b:c2:1e:e4:e9:12:fb:1e:
         ef:b5:f4:66:f7:ec:58:c4:ef:d5:68:f7:45:f0:63:9d:cf:e9:
         42:c5:38:f1:bf:df:da:74:e1:f2:ba:c5:8e:94:77:e9:b9:66:
         76:0d:a1:d1:95:75:10:29:4d:e8:93:d5:2d:a9:a3:fd:1e:84:
         56:92:4f:24:36:47:46:b6:e0:77:ce:3b:3d:e2:73:23:00:bd:
         4b:a4:c7:98:5c:b3:b3:46:60:2a:e0:d7:91:da:1f:b3:ba:04:
         73:bd:7f:3b:d9:a8:81:8f:91:ea:d9:78:e7:d0:ed:9d:cd:31:
         8c:04:2d:af:29:76:a3:27:05:eb:ff:e6:0e:43:a3:ef:07:39:
         52:2d:9a:d2:aa:7d:9e:c4:fb:82:9e:1f:09:fb:49:98:e1:58:
         1c:09:f3:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1p0YnLgZneDxmOMU5YIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGJkNWFjZjFmOWM3NWQxOGExZjc1MDMxMTE0YzQ4ZjBi
MjMzNjMwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU0YjQ1Njg0YWU2ZGQ4NDQ0MzdmN2RjMGIwYTRiMzgzMGU1M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtYLJsDLj35SMnmIMwO6NScVQ1qe
q0JmHyuPdbnLD4dxWM+VvBEvwm3A+DxKe6a+6LbIO3zZx8GsMYxZcq5yeL+Cchwr
qY9JQ0roLP72SNPPzpYK8ZLlmH0URBIJxvVU9N0njFCiZA9wSFzmhlmElGxzu3X0
MO8svSrwZhkJWa11QmVF6peO4FMqPSZCKFU+CLb1csVsWkgdyiPkkF1IXmA8O9ud
401DXh2JfS010JelhxqRPDs/XwdRVmdaTX019l9mTZ6nd9REdRUbKrXbTitTEsk7
9ycvfAvX9Ow5ksnEQLl6vAcMFUX4+0dvJMzwfSy+mqbW2k7FyIUEOswatwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRUtFaErm3YREN/fcCwpLODDlPxMB8GA1UdIwQY
MBaAFBfb1azx+cddGKH3UDERTEjwsjNjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQt
NTgxZGI4N2M4MjFlLzEvMUZTMFZvU3ViZGhFUTM5OXdMQ2tzNE1PVV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQtNTgxZGI4N2M4MjFl
LzEvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVXTgMA0G
CSqGSIb3DQEBCwUAA4IBAQBp5yjqBqzcQnC4fgw/y5zw6KYXfLp/VyYZSbCwmQxT
CmRjv8zt4rwhfncoIDFTikQ9bseqsJP7GImdwOXrja23Ekcbz4Je9eEnaU6R9xje
SSf6P7XmI56I0jGodEYhFh2ksHbce8Ie5OkS+x7vtfRm9+xYxO/VaPdF8GOdz+lC
xTjxv9/adOHyusWOlHfpuWZ2DaHRlXUQKU3ok9UtqaP9HoRWkk8kNkdGtuB3zjs9
4nMjAL1LpMeYXLOzRmAq4NeR2h+zugRzvX872aiBj5Hq2Xjn0O2dzTGMBC2vKXaj
JwXr/+YOQ6PvBzlSLZrSqn2exPuCnh8J+0mY4VgcCfOP
-----END CERTIFICATE-----