Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/N7jc_-UwG0He_UI7UPF4CSv8WrM.roa
File:                     N7jc_-UwG0He_UI7UPF4CSv8WrM.roa (raw, json)
Hash identifier:          q0xsX4ohT7ePtc6+9uBVyHfygE4TSg/PbTnLZGFdYLw=
Subject key identifier:   37:B8:DC:FF:E5:30:1B:41:DE:FD:42:3B:50:F1:78:09:2B:FC:5A:B3
Certificate issuer:       /CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
Certificate serial:       018CC86F5B9238E1F49BDA48570162F6FCE6
Authority key identifier: 17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/N7jc_-UwG0He_UI7UPF4CSv8WrM.roa
Signing time:             Tue 02 Jan 2024 04:29:50 +0000
ROA not before:           Tue 02 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42985
IP address blocks:        85.116.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5b:92:38:e1:f4:9b:da:48:57:01:62:f6:fc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
        Validity
            Not Before: Jan  2 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37b8dcffe5301b41defd423b50f178092bfc5ab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e6:b1:9a:35:a4:dd:df:ad:e8:27:5f:91:b6:
                    1f:3e:d7:62:bf:8c:0a:72:f0:c9:f4:d4:b4:46:9c:
                    a8:73:3d:89:fc:d3:1b:14:87:be:54:ba:9d:c2:c5:
                    a7:8c:b5:ae:08:16:ce:2d:c2:11:55:69:d5:58:de:
                    1a:e0:51:b9:e3:d3:65:7c:ba:8e:8a:10:55:2c:0b:
                    f0:c7:25:1c:38:be:7c:c2:9a:a5:76:48:20:88:c4:
                    60:35:bd:c4:4f:5b:7a:44:2c:29:58:e5:43:41:38:
                    91:75:9a:59:14:20:10:01:e1:fd:b0:58:63:f0:06:
                    0f:ca:a1:5f:39:7c:e3:e4:7b:04:d7:3f:bf:71:6d:
                    b1:5e:c8:c1:9e:9e:e0:83:de:0f:46:36:b9:74:89:
                    12:3d:2f:cc:88:01:45:69:6f:b0:96:98:2c:d5:71:
                    d5:45:67:40:ce:20:45:c2:a9:5e:2b:d6:a3:c9:86:
                    de:bf:d3:83:98:66:0d:4b:e1:d5:63:c0:8c:5e:3b:
                    a6:a6:23:8a:1a:c9:05:e7:14:e4:a3:dd:c1:d4:10:
                    90:1c:ad:dc:a4:3b:87:0a:91:ca:3b:1c:b0:da:ed:
                    14:74:bd:f8:a4:03:80:0b:e9:52:d7:19:ad:93:fd:
                    7f:92:23:05:e2:c5:84:dc:d4:30:27:5c:07:80:6c:
                    8c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B8:DC:FF:E5:30:1B:41:DE:FD:42:3B:50:F1:78:09:2B:FC:5A:B3
            X509v3 Authority Key Identifier:
                keyid:17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/N7jc_-UwG0He_UI7UPF4CSv8WrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:43:aa:46:a7:69:75:87:71:ea:74:d6:42:ce:f3:0c:3a:8d:
         74:a5:8d:ce:08:5a:34:23:d8:78:52:2a:43:32:b0:d6:cf:9f:
         c1:f1:d0:a6:e2:60:c4:3a:dd:ec:04:6f:71:2b:23:ee:b8:1a:
         09:70:1c:d9:8a:5d:2c:cc:1e:5f:04:66:24:6d:b4:8b:2a:1a:
         38:80:d8:1d:de:80:0b:a4:0e:a6:96:bd:d3:66:a7:f3:fc:78:
         25:46:fd:6e:9d:59:7f:1a:42:c7:3e:2d:f5:05:c8:e6:a8:5f:
         20:6e:7e:27:aa:96:e1:c8:53:87:83:c2:2f:30:98:b1:29:50:
         ea:fd:0c:9b:e8:89:d2:db:66:22:07:f6:b0:65:cf:38:59:9c:
         d2:6c:9b:17:fa:76:91:51:9e:54:b1:86:cd:6c:53:ed:67:8c:
         b0:8a:83:63:82:18:5a:bc:84:bb:67:44:7c:3e:61:ef:7c:2d:
         43:e2:a4:fc:8a:d2:32:3a:b6:56:57:49:61:fd:45:b2:68:89:
         19:84:20:91:fa:dc:83:a0:4b:5a:1b:d9:34:bf:90:67:62:95:
         88:c0:e8:9a:a0:42:b6:95:d4:81:4c:99:36:69:98:02:23:33:
         ce:a9:1b:3e:79:9e:cc:15:5a:62:3e:eb:e1:87:15:d9:21:82:
         fe:a2:49:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1uSOOH0m9pIVwFi9vzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGJkNWFjZjFmOWM3NWQxOGExZjc1MDMxMTE0YzQ4ZjBi
MjMzNjMwHhcNMjQwMTAyMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I4ZGNmZmU1MzAxYjQxZGVmZDQyM2I1MGYxNzgwOTJiZmM1YWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuaxmjWk3d+t6CdfkbYfPtdiv4wK
cvDJ9NS0Rpyocz2J/NMbFIe+VLqdwsWnjLWuCBbOLcIRVWnVWN4a4FG549NlfLqO
ihBVLAvwxyUcOL58wpqldkggiMRgNb3ET1t6RCwpWOVDQTiRdZpZFCAQAeH9sFhj
8AYPyqFfOXzj5HsE1z+/cW2xXsjBnp7gg94PRja5dIkSPS/MiAFFaW+wlpgs1XHV
RWdAziBFwqleK9ajyYbev9ODmGYNS+HVY8CMXjumpiOKGskF5xTko93B1BCQHK3c
pDuHCpHKOxyw2u0UdL34pAOAC+lS1xmtk/1/kiMF4sWE3NQwJ1wHgGyM/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDe43P/lMBtB3v1CO1DxeAkr/FqzMB8GA1UdIwQY
MBaAFBfb1azx+cddGKH3UDERTEjwsjNjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQt
NTgxZGI4N2M4MjFlLzEvTjdqY18tVXdHMEhlX1VJN1VQRjRDU3Y4V3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQtNTgxZGI4N2M4MjFl
LzEvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXT/MA0G
CSqGSIb3DQEBCwUAA4IBAQBXQ6pGp2l1h3HqdNZCzvMMOo10pY3OCFo0I9h4UipD
MrDWz5/B8dCm4mDEOt3sBG9xKyPuuBoJcBzZil0szB5fBGYkbbSLKho4gNgd3oAL
pA6mlr3TZqfz/HglRv1unVl/GkLHPi31BcjmqF8gbn4nqpbhyFOHg8IvMJixKVDq
/Qyb6InS22YiB/awZc84WZzSbJsX+naRUZ5UsYbNbFPtZ4ywioNjghhavIS7Z0R8
PmHvfC1D4qT8itIyOrZWV0lh/UWyaIkZhCCR+tyDoEtaG9k0v5BnYpWIwOiaoEK2
ldSBTJk2aZgCIzPOqRs+eZ7MFVpiPuvhhxXZIYL+okmr
-----END CERTIFICATE-----