Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/xy4S0F2z_B3U_WTTyev2HtpNig8.roa
File:                     xy4S0F2z_B3U_WTTyev2HtpNig8.roa (raw, json)
Hash identifier:          7XQoRRVC0KYLUIJTd+wZfgUfS6tflR9z0G+klYr0K4s=
Subject key identifier:   C7:2E:12:D0:5D:B3:FC:1D:D4:FD:64:D3:C9:EB:F6:1E:DA:4D:8A:0F
Certificate issuer:       /CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
Certificate serial:       018CC42533F42B875F1C0C669D29119C7254
Authority key identifier: 8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/xy4S0F2z_B3U_WTTyev2HtpNig8.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.34.191.0/24 maxlen: 24
                          185.34.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:33:f4:2b:87:5f:1c:0c:66:9d:29:11:9c:72:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c72e12d05db3fc1dd4fd64d3c9ebf61eda4d8a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7c:c9:47:37:63:ef:09:c7:7a:8a:52:96:7c:
                    3c:8c:fb:52:7a:22:fb:e1:6f:75:b3:48:bc:00:10:
                    e5:dc:27:b5:f3:8a:d1:df:0e:33:c6:cd:b6:ef:30:
                    e4:7f:9c:5f:a3:6b:7a:33:ca:5f:8a:b4:dd:1c:10:
                    5e:e8:4e:c7:e9:33:eb:6e:fa:77:78:59:c5:70:c1:
                    80:e2:d1:73:7a:ef:2e:f1:fd:33:e6:2e:b4:47:72:
                    fb:43:a8:29:fd:7f:3d:cc:12:41:82:4a:f4:ce:53:
                    46:92:a4:5a:d5:2f:7d:3e:d5:45:76:1a:5f:a4:0d:
                    2a:b0:d6:ea:b0:7f:6e:a0:ec:43:ad:91:f0:1a:55:
                    41:a3:d5:87:b4:05:88:74:6d:26:df:68:16:2b:47:
                    8d:7b:ec:52:c0:e3:97:83:1c:d6:5c:4a:b0:31:24:
                    c4:c0:5b:ab:26:e8:68:5a:f9:d2:ad:a9:b9:fc:1d:
                    f5:ea:11:17:ed:3d:a9:f6:8e:a3:17:be:e5:21:6e:
                    93:28:8c:52:f3:c4:af:a1:0f:e8:30:e0:f4:af:43:
                    2d:70:9c:f3:77:56:c0:fc:4a:51:1f:2a:23:dd:80:
                    24:96:74:79:0f:5c:e1:bd:75:ca:9a:46:bc:85:90:
                    af:83:e2:5d:df:9b:9f:91:77:ac:1e:9c:aa:02:98:
                    ea:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2E:12:D0:5D:B3:FC:1D:D4:FD:64:D3:C9:EB:F6:1E:DA:4D:8A:0F
            X509v3 Authority Key Identifier:
                keyid:8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/xy4S0F2z_B3U_WTTyev2HtpNig8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.188.0/24
                  185.34.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:03:39:ea:6b:5e:e5:20:b7:2b:da:84:5a:20:bd:6f:02:17:
         76:77:aa:2d:51:6b:be:01:45:c0:4a:7c:96:ff:bc:4d:94:3c:
         40:d5:21:94:ba:bd:68:88:e3:db:91:d3:ea:d7:fe:a8:21:f6:
         66:f4:11:62:d7:6c:48:9a:81:ee:3f:0a:b1:4f:45:94:1d:ca:
         99:e5:1c:21:f6:a1:f4:55:fb:64:d9:47:cd:e5:ec:ea:4a:67:
         8b:15:a4:23:c0:db:9f:96:35:0a:b9:43:22:9d:94:cf:fb:29:
         74:38:e0:ec:be:40:7c:2b:a9:b9:91:38:e4:8c:65:80:c8:ee:
         a7:89:e6:b1:4a:ab:c2:75:67:61:1f:53:b7:bf:d3:f5:32:31:
         09:82:12:00:1d:dc:c2:98:d7:cc:ab:60:83:38:58:c6:51:56:
         e8:27:8b:20:9e:57:31:81:65:ff:93:27:21:89:64:8b:50:40:
         2e:c4:a0:1f:cb:86:c0:51:f1:c2:33:a9:51:06:ad:8d:35:17:
         b1:03:55:fc:19:98:da:a6:c9:af:9c:33:09:fd:9d:2b:75:de:
         e9:cf:6a:a9:df:61:6c:af:e8:70:5c:6a:dc:6b:85:05:af:6d:
         70:6a:7c:a9:d2:2d:b6:4b:e2:6e:5f:13:97:5c:02:88:f9:3b:
         7a:ba:41:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJTP0K4dfHAxmnSkRnHJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2Y3OGJhMDI3NWQxZDNiNjQ5MmE4ZTlkNjEwNjEzYzAz
MDZhMTcwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJlMTJkMDVkYjNmYzFkZDRmZDY0ZDNjOWViZjYxZWRhNGQ4YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXzJRzdj7wnHeopSlnw8jPtSeiL7
4W91s0i8ABDl3Ce184rR3w4zxs227zDkf5xfo2t6M8pfirTdHBBe6E7H6TPrbvp3
eFnFcMGA4tFzeu8u8f0z5i60R3L7Q6gp/X89zBJBgkr0zlNGkqRa1S99PtVFdhpf
pA0qsNbqsH9uoOxDrZHwGlVBo9WHtAWIdG0m32gWK0eNe+xSwOOXgxzWXEqwMSTE
wFurJuhoWvnSram5/B316hEX7T2p9o6jF77lIW6TKIxS88SvoQ/oMOD0r0MtcJzz
d1bA/EpRHyoj3YAklnR5D1zhvXXKmka8hZCvg+Jd35ufkXesHpyqApjq7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMcuEtBds/wd1P1k08nr9h7aTYoPMB8GA1UdIwQY
MBaAFI7PeLoCddHTtkkqjp1hBhPAMGoXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQt
MmJiZjhmYWEwMGNhLzEveHk0UzBGMnpfQjNVX1dUVHlldjJIdHBOaWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQtMmJiZjhmYWEwMGNh
LzEvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSK8AwQA
uSK/MA0GCSqGSIb3DQEBCwUAA4IBAQBgAznqa17lILcr2oRaIL1vAhd2d6otUWu+
AUXASnyW/7xNlDxA1SGUur1oiOPbkdPq1/6oIfZm9BFi12xImoHuPwqxT0WUHcqZ
5Rwh9qH0Vftk2UfN5ezqSmeLFaQjwNufljUKuUMinZTP+yl0OODsvkB8K6m5kTjk
jGWAyO6nieaxSqvCdWdhH1O3v9P1MjEJghIAHdzCmNfMq2CDOFjGUVboJ4sgnlcx
gWX/kychiWSLUEAuxKAfy4bAUfHCM6lRBq2NNRexA1X8GZjapsmvnDMJ/Z0rdd7p
z2qp32Fsr+hwXGrca4UFr21wanyp0i22S+JuXxOXXAKI+Tt6ukG8
-----END CERTIFICATE-----