Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/z35bDiUY0Zls4qD9_ery_qPDQRI.roa
File:                     z35bDiUY0Zls4qD9_ery_qPDQRI.roa (raw, json)
Hash identifier:          hoVIMDMSIDz9VCwGUfSdeWmUMT2NbQ035yaUHhy8fvc=
Subject key identifier:   CF:7E:5B:0E:25:18:D1:99:6C:E2:A0:FD:FD:EA:F2:FE:A3:C3:41:12
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D2D685CF57CADF0634F67DBC70BF0
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/z35bDiUY0Zls4qD9_ery_qPDQRI.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204221
IP address blocks:        185.101.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2d:68:5c:f5:7c:ad:f0:63:4f:67:db:c7:0b:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7e5b0e2518d1996ce2a0fdfdeaf2fea3c34112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:48:ae:d3:1b:bc:13:e3:95:8a:1a:3a:60:00:
                    33:4a:c8:c8:52:54:67:68:ba:ac:e1:f8:df:1e:22:
                    f2:d3:0d:3b:3b:23:f9:d7:fd:c0:29:bc:33:77:4e:
                    9f:c4:14:37:d7:27:2b:12:97:33:2a:20:e3:f2:78:
                    57:2b:00:e7:03:01:5c:30:e7:ab:ac:7d:ab:d4:d6:
                    42:40:43:c0:cf:fc:59:b4:a9:60:67:95:b5:dd:b7:
                    f1:43:53:82:9f:6c:3f:f6:31:44:7e:a9:a9:34:11:
                    0f:81:d3:db:4e:26:ca:76:53:90:63:8a:67:dc:3f:
                    85:4b:f2:ce:d3:ff:51:5b:33:fd:9b:20:5b:4f:e5:
                    d4:c4:d9:ff:5e:74:14:4d:1d:41:9d:70:f1:a7:42:
                    74:67:aa:a9:33:3f:48:ba:5c:4b:15:2a:78:55:6d:
                    3f:dd:cb:df:01:df:06:b0:e3:14:67:27:dc:87:78:
                    f7:11:65:94:b9:38:1c:be:36:36:44:33:8b:9a:ec:
                    60:81:d7:a3:37:ce:56:05:02:4a:10:cb:59:e5:29:
                    17:01:67:48:ec:ad:d4:29:b7:00:e0:19:69:49:24:
                    e8:91:27:3c:aa:83:f8:f9:b8:00:13:45:4c:96:f5:
                    46:3c:48:c4:b3:5d:09:15:e1:cd:06:c2:a0:a4:f1:
                    b4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7E:5B:0E:25:18:D1:99:6C:E2:A0:FD:FD:EA:F2:FE:A3:C3:41:12
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/z35bDiUY0Zls4qD9_ery_qPDQRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:75:28:8f:b7:b3:4a:00:e9:27:90:d1:13:5b:5a:93:70:7a:
         49:1e:bb:72:1a:5b:3f:34:55:b2:f5:a3:42:a6:89:44:ab:91:
         7e:52:bd:07:57:20:2e:a2:8c:c0:97:14:31:6f:8b:a8:78:a8:
         41:31:fb:47:e4:50:f2:5a:50:ff:32:54:02:7a:6b:ab:e3:41:
         3f:7b:94:ba:b9:5c:88:7a:1b:cf:82:2d:20:91:f3:23:98:b9:
         72:ae:27:f0:a2:98:a2:fb:bc:c0:c5:5e:7e:62:cc:a0:e7:cf:
         c0:07:14:73:a8:10:e0:3e:c3:b9:c4:e2:2c:88:44:30:be:2a:
         3b:58:97:2a:60:d4:71:1a:3f:92:a4:df:3a:62:af:24:0a:78:
         de:d8:5f:28:49:e8:b2:7e:a4:30:ea:cd:44:d8:22:d9:86:3d:
         46:77:ca:40:90:f7:22:b3:1d:ad:d7:21:22:a8:2c:1e:78:e5:
         c5:1b:e6:9e:67:1a:34:6d:2d:2e:2c:dc:e5:76:cf:e9:61:ed:
         e6:74:1b:5f:0c:95:de:d2:b3:03:8f:ec:38:08:44:ca:1a:9d:
         9a:8f:b1:c4:7c:fa:1e:bf:9d:c9:60:fc:9d:84:ce:d2:df:93:
         73:25:eb:6c:7c:8b:f7:e2:0c:38:e8:4e:bf:f2:23:6a:9a:e7:
         2f:dd:53:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS1oXPV8rfBjT2fbxwvwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdlNWIwZTI1MThkMTk5NmNlMmEwZmRmZGVhZjJmZWEzYzM0MTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Eiu0xu8E+OViho6YAAzSsjIUlRn
aLqs4fjfHiLy0w07OyP51/3AKbwzd06fxBQ31ycrEpczKiDj8nhXKwDnAwFcMOer
rH2r1NZCQEPAz/xZtKlgZ5W13bfxQ1OCn2w/9jFEfqmpNBEPgdPbTibKdlOQY4pn
3D+FS/LO0/9RWzP9myBbT+XUxNn/XnQUTR1BnXDxp0J0Z6qpMz9IulxLFSp4VW0/
3cvfAd8GsOMUZyfch3j3EWWUuTgcvjY2RDOLmuxggdejN85WBQJKEMtZ5SkXAWdI
7K3UKbcA4BlpSSTokSc8qoP4+bgAE0VMlvVGPEjEs10JFeHNBsKgpPG00QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9+Ww4lGNGZbOKg/f3q8v6jw0ESMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvejM1YkRpVVkwWmxzNHFEOV9lcnlfcVBEUVJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWVqMA0G
CSqGSIb3DQEBCwUAA4IBAQBIdSiPt7NKAOknkNETW1qTcHpJHrtyGls/NFWy9aNC
polEq5F+Ur0HVyAuoozAlxQxb4uoeKhBMftH5FDyWlD/MlQCemur40E/e5S6uVyI
ehvPgi0gkfMjmLlyrifwopii+7zAxV5+Ysyg58/ABxRzqBDgPsO5xOIsiEQwvio7
WJcqYNRxGj+SpN86Yq8kCnje2F8oSeiyfqQw6s1E2CLZhj1Gd8pAkPcisx2t1yEi
qCweeOXFG+aeZxo0bS0uLNzlds/pYe3mdBtfDJXe0rMDj+w4CETKGp2aj7HEfPoe
v53JYPydhM7S35NzJetsfIv34gw46E6/8iNqmucv3VMW
-----END CERTIFICATE-----