Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/aF8xljunAZ5tpumaiY2cJrXcWYs.roa
File:                     aF8xljunAZ5tpumaiY2cJrXcWYs.roa (raw, json)
Hash identifier:          tdrB4h3Zl3focldbONvSLxYXIeYSR3UGsdfQOOAzZxQ=
Subject key identifier:   68:5F:31:96:3B:A7:01:9E:6D:A6:E9:9A:89:8D:9C:26:B5:DC:59:8B
Certificate issuer:       /CN=17999e211914a68db83eaf3f7fd384c53e747455
Certificate serial:       018CC5DC431BD152FB8A3F98AAB569750578
Authority key identifier: 17:99:9E:21:19:14:A6:8D:B8:3E:AF:3F:7F:D3:84:C5:3E:74:74:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5meIRkUpo24Pq8_f9OExT50dFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/aF8xljunAZ5tpumaiY2cJrXcWYs.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211037
IP address blocks:        185.21.134.0/24 maxlen: 24
                          2a04:4480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/F5meIRkUpo24Pq8_f9OExT50dFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/F5meIRkUpo24Pq8_f9OExT50dFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5meIRkUpo24Pq8_f9OExT50dFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:43:1b:d1:52:fb:8a:3f:98:aa:b5:69:75:05:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17999e211914a68db83eaf3f7fd384c53e747455
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=685f31963ba7019e6da6e99a898d9c26b5dc598b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d7:33:04:2d:f7:70:22:f9:d5:5e:e0:4f:e8:
                    52:36:0d:8a:a8:41:db:27:c9:90:ba:cb:4e:7c:9f:
                    fb:73:42:3d:5e:6d:d9:59:ae:fb:97:ec:ce:8c:69:
                    9a:25:09:b7:ae:06:4d:d9:f6:11:23:05:c2:d4:24:
                    a4:e3:0e:ba:08:95:11:7c:59:e0:96:62:d6:a1:fc:
                    65:14:60:ff:07:43:24:e9:6c:35:c5:3d:bc:e4:e9:
                    e8:f9:05:63:ba:dd:cd:75:40:46:79:e4:c2:1f:10:
                    1d:09:76:4c:09:56:89:d0:ec:55:a6:ec:58:2b:cd:
                    a6:b9:1f:63:23:08:42:27:b7:53:31:ee:e6:19:83:
                    99:7d:f6:5c:8a:dd:58:01:59:6c:96:2a:a5:94:f5:
                    f9:df:40:e7:c6:72:a2:e8:36:4f:ae:90:af:58:44:
                    06:28:8c:d9:d6:fd:27:45:53:e1:20:72:54:6f:66:
                    02:e0:7d:07:dc:47:7a:48:41:76:0e:68:8e:fd:21:
                    33:e5:59:78:05:e1:a6:18:40:00:12:8b:b8:8d:51:
                    76:bc:4b:25:9c:b2:98:22:2c:30:a8:d8:f2:15:ba:
                    a4:ae:b4:9a:dc:55:1c:99:30:b8:de:89:57:e6:9c:
                    78:e0:ae:ab:cf:9e:5e:d6:8d:d4:c0:84:1e:bd:53:
                    8d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5F:31:96:3B:A7:01:9E:6D:A6:E9:9A:89:8D:9C:26:B5:DC:59:8B
            X509v3 Authority Key Identifier:
                keyid:17:99:9E:21:19:14:A6:8D:B8:3E:AF:3F:7F:D3:84:C5:3E:74:74:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5meIRkUpo24Pq8_f9OExT50dFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/aF8xljunAZ5tpumaiY2cJrXcWYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea117a-412a-49e2-890f-4bb43ba3cde3/1/F5meIRkUpo24Pq8_f9OExT50dFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.134.0/24
                IPv6:
                  2a04:4480::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:6d:c8:b9:d1:d3:c0:e2:ba:1f:97:1f:fb:db:0f:c8:99:c2:
         fb:3a:9e:d2:53:82:00:80:72:86:c2:2e:2a:a8:dc:f1:6c:ef:
         33:88:35:53:7e:da:e0:d9:d6:de:3b:43:11:69:7e:39:51:35:
         67:10:c2:4b:fe:3e:a3:c9:ac:b7:96:c3:cb:6d:a4:43:44:17:
         ba:4a:3a:5d:4f:46:30:ae:2d:87:8f:d4:b9:c5:28:2c:e5:be:
         a1:f2:ec:7f:62:e9:8d:33:6e:42:5f:66:04:04:94:70:b7:f7:
         9e:80:6f:9f:6b:92:91:8d:d1:e9:c7:61:85:2f:38:cd:5b:29:
         c4:bf:ac:e7:bb:d8:b5:c4:c6:d5:ce:44:8e:95:b8:af:b0:77:
         0f:c1:32:02:51:34:66:56:7a:8b:28:1a:d9:03:5b:ee:89:e7:
         1c:61:b4:fd:2e:6b:45:e8:91:9d:f6:8b:b6:55:b6:f5:84:26:
         93:e4:af:07:93:24:ab:46:be:1c:10:33:b2:81:fe:6b:39:0e:
         aa:1f:d0:83:f4:b9:a2:61:71:e3:68:ce:c5:45:5f:c9:db:b5:
         39:13:2a:a6:3b:3e:9a:df:b6:28:0c:e6:42:4f:63:05:72:71:
         27:68:8e:d2:97:f0:85:49:d4:87:df:8e:d5:94:7d:51:f5:8f:
         d3:8e:c2:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3EMb0VL7ij+YqrVpdQV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTk5ZTIxMTkxNGE2OGRiODNlYWYzZjdmZDM4NGM1M2U3
NDc0NTUwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODVmMzE5NjNiYTcwMTllNmRhNmU5OWE4OThkOWMyNmI1ZGM1OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndczBC33cCL51V7gT+hSNg2KqEHb
J8mQustOfJ/7c0I9Xm3ZWa77l+zOjGmaJQm3rgZN2fYRIwXC1CSk4w66CJURfFng
lmLWofxlFGD/B0Mk6Ww1xT285Ono+QVjut3NdUBGeeTCHxAdCXZMCVaJ0OxVpuxY
K82muR9jIwhCJ7dTMe7mGYOZffZcit1YAVlsliqllPX530DnxnKi6DZPrpCvWEQG
KIzZ1v0nRVPhIHJUb2YC4H0H3Ed6SEF2DmiO/SEz5Vl4BeGmGEAAEou4jVF2vEsl
nLKYIiwwqNjyFbqkrrSa3FUcmTC43olX5px44K6rz55e1o3UwIQevVONUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGhfMZY7pwGebabpmomNnCa13FmLMB8GA1UdIwQY
MBaAFBeZniEZFKaNuD6vP3/ThMU+dHRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVtZUlSa1VwbzI0UHE4X2Y5T0V4VDUwZEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lYTExN2EtNDEyYS00OWUyLTg5MGYt
NGJiNDNiYTNjZGUzLzEvYUY4eGxqdW5BWjV0cHVtYWlZMmNKclhjV1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lYTExN2EtNDEyYS00OWUyLTg5MGYtNGJiNDNiYTNjZGUz
LzEvRjVtZUlSa1VwbzI0UHE4X2Y5T0V4VDUwZEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRWGMA0E
AgACMAcDBQAqBESAMA0GCSqGSIb3DQEBCwUAA4IBAQCpbci50dPA4roflx/72w/I
mcL7Op7SU4IAgHKGwi4qqNzxbO8ziDVTftrg2dbeO0MRaX45UTVnEMJL/j6jyay3
lsPLbaRDRBe6SjpdT0Ywri2Hj9S5xSgs5b6h8ux/YumNM25CX2YEBJRwt/eegG+f
a5KRjdHpx2GFLzjNWynEv6znu9i1xMbVzkSOlbivsHcPwTICUTRmVnqLKBrZA1vu
ieccYbT9LmtF6JGd9ou2Vbb1hCaT5K8HkySrRr4cEDOygf5rOQ6qH9CD9LmiYXHj
aM7FRV/J27U5EyqmOz6a37YoDOZCT2MFcnEnaI7Sl/CFSdSH347VlH1R9Y/TjsKv
-----END CERTIFICATE-----