Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/v3sJnKUEG8k9hhi7g_PRR5O5S3Q.roa
File:                     v3sJnKUEG8k9hhi7g_PRR5O5S3Q.roa (raw, json)
Hash identifier:          COYTauiPmssLhpskoehqlb1hGjlkYxtqPD9W1Rz2ljo=
Subject key identifier:   BF:7B:09:9C:A5:04:1B:C9:3D:86:18:BB:83:F3:D1:47:93:B9:4B:74
Certificate issuer:       /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial:       018CC64AE43BCE36542D4D88DB8F2304759A
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/v3sJnKUEG8k9hhi7g_PRR5O5S3Q.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207579
IP address blocks:        185.210.194.0/24 maxlen: 24
                          62.122.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e4:3b:ce:36:54:2d:4d:88:db:8f:23:04:75:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf7b099ca5041bc93d8618bb83f3d14793b94b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:11:fd:ea:32:30:24:40:6c:88:51:6d:df:9e:
                    b0:2a:b1:8a:62:17:ec:de:36:54:f2:29:39:d0:bc:
                    29:01:96:78:62:82:32:66:e4:db:27:2a:04:a5:5e:
                    66:ef:8f:82:2c:18:a5:92:09:59:a0:31:80:f9:b2:
                    1e:8f:c7:45:ae:eb:15:df:3d:b6:aa:c0:6a:2d:28:
                    e0:92:a5:7f:12:3e:de:6d:d8:2e:97:4f:7e:5a:9c:
                    ae:e4:61:c3:c4:fe:b0:b2:ed:45:21:02:62:c0:5c:
                    20:5b:aa:10:36:ca:c8:09:7c:ce:bb:a7:0d:18:16:
                    95:95:22:65:04:57:7a:e5:4a:7e:5f:92:7f:23:34:
                    ed:e4:f5:28:10:64:23:d6:f8:36:92:dc:43:d7:63:
                    d0:c0:a5:b8:90:a2:45:66:d6:01:98:71:92:5a:a5:
                    94:ec:e0:04:8a:c5:d0:22:6f:71:b9:73:1f:58:11:
                    47:18:b3:92:2d:52:7f:7b:7b:bd:0a:71:b5:f1:06:
                    ff:c8:f3:3b:07:44:51:44:6c:e8:13:a5:de:7f:a7:
                    28:53:dd:b2:a7:7e:41:01:a3:23:cd:ee:42:5b:32:
                    a1:de:24:e1:55:36:0e:ab:ae:63:7c:b4:98:a4:16:
                    ca:47:b9:d5:2b:dd:dc:c3:ac:03:a6:fb:02:29:58:
                    ee:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:7B:09:9C:A5:04:1B:C9:3D:86:18:BB:83:F3:D1:47:93:B9:4B:74
            X509v3 Authority Key Identifier:
                keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/v3sJnKUEG8k9hhi7g_PRR5O5S3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.229.0/24
                  185.210.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:c1:59:1c:b9:e7:84:fe:aa:dd:c3:e2:56:38:5d:55:14:dd:
         38:07:d7:d7:c0:a9:77:83:ac:67:f5:b8:4e:18:d8:e6:70:1a:
         ae:7d:36:68:9c:a2:ff:b2:33:da:a4:86:77:f5:ba:b5:1b:fd:
         e1:2a:17:3c:b5:56:d2:b4:2f:38:7e:e9:73:4d:d4:a9:6b:51:
         95:ff:59:e0:ed:08:e4:0a:ff:01:c7:17:e7:8e:7b:26:eb:e1:
         23:1b:36:bb:50:92:4c:bf:86:3e:d9:07:3d:be:fb:6c:53:bb:
         63:74:0f:d5:00:0d:f8:22:15:ea:66:00:87:64:c6:19:cf:27:
         01:52:0f:ce:b3:b3:01:e3:db:92:48:03:56:ad:23:46:e9:21:
         71:6c:1b:62:dd:08:a6:97:12:57:01:a0:7a:9d:84:60:46:0d:
         f2:75:04:ef:f1:db:9a:f8:75:86:a9:44:2e:a6:6b:b6:c0:79:
         5b:c4:92:2e:bc:ae:83:07:28:b5:e8:86:c5:be:61:41:f2:23:
         5d:75:f4:ec:ac:5b:a1:f2:1f:05:a7:c7:0f:ab:5f:ab:08:e0:
         78:16:8f:bd:86:75:cd:41:2a:12:be:6d:80:c0:90:ed:2c:52:
         fd:2a:cd:ec:41:b4:87:d2:bc:57:5a:aa:ff:25:fd:82:aa:d0:
         ff:f2:48:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSuQ7zjZULU2I248jBHWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjdiMDk5Y2E1MDQxYmM5M2Q4NjE4YmI4M2YzZDE0NzkzYjk0Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxH96jIwJEBsiFFt356wKrGKYhfs
3jZU8ik50LwpAZZ4YoIyZuTbJyoEpV5m74+CLBilkglZoDGA+bIej8dFrusV3z22
qsBqLSjgkqV/Ej7ebdgul09+Wpyu5GHDxP6wsu1FIQJiwFwgW6oQNsrICXzOu6cN
GBaVlSJlBFd65Up+X5J/IzTt5PUoEGQj1vg2ktxD12PQwKW4kKJFZtYBmHGSWqWU
7OAEisXQIm9xuXMfWBFHGLOSLVJ/e3u9CnG18Qb/yPM7B0RRRGzoE6Xef6coU92y
p35BAaMjze5CWzKh3iThVTYOq65jfLSYpBbKR7nVK93cw6wDpvsCKVjuLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL97CZylBBvJPYYYu4Pz0UeTuUt0MB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvdjNzSm5LVUVHOGs5aGhpN2dfUFJSNU81UzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPnrlAwQA
udLCMA0GCSqGSIb3DQEBCwUAA4IBAQCtwVkcueeE/qrdw+JWOF1VFN04B9fXwKl3
g6xn9bhOGNjmcBqufTZonKL/sjPapIZ39bq1G/3hKhc8tVbStC84fulzTdSpa1GV
/1ng7QjkCv8Bxxfnjnsm6+EjGza7UJJMv4Y+2Qc9vvtsU7tjdA/VAA34IhXqZgCH
ZMYZzycBUg/Os7MB49uSSANWrSNG6SFxbBti3QimlxJXAaB6nYRgRg3ydQTv8dua
+HWGqUQupmu2wHlbxJIuvK6DByi16IbFvmFB8iNddfTsrFuh8h8Fp8cPq1+rCOB4
Fo+9hnXNQSoSvm2AwJDtLFL9Ks3sQbSH0rxXWqr/Jf2CqtD/8ki8
-----END CERTIFICATE-----