Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/1n6WtssH9LMHR7CBNlKGRAwI7Oc.roa
File:                     1n6WtssH9LMHR7CBNlKGRAwI7Oc.roa (raw, json)
Hash identifier:          JAgsS6xyQZ82zrSC9+KNirl7dtcfgzaUBodOlnbT2RY=
Subject key identifier:   D6:7E:96:B6:CB:07:F4:B3:07:47:B0:81:36:52:86:44:0C:08:EC:E7
Certificate issuer:       /CN=971aeeea8798f76ec9a434e75637ecd881092ec2
Certificate serial:       018CC9BB31CD3E3796AF55CB7D57356E6436
Authority key identifier: 97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/1n6WtssH9LMHR7CBNlKGRAwI7Oc.roa
Signing time:             Tue 02 Jan 2024 10:32:17 +0000
ROA not before:           Tue 02 Jan 2024 10:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202699
IP address blocks:        185.117.8.0/24 maxlen: 24
                          185.117.11.0/24 maxlen: 24
                          185.117.9.0/24 maxlen: 24
                          185.117.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:31:cd:3e:37:96:af:55:cb:7d:57:35:6e:64:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971aeeea8798f76ec9a434e75637ecd881092ec2
        Validity
            Not Before: Jan  2 10:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d67e96b6cb07f4b30747b081365286440c08ece7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c1:7e:c6:3a:21:ca:06:e7:55:f4:7a:77:50:
                    95:28:fe:8b:ea:b0:84:16:82:dd:b7:90:e2:95:06:
                    50:3c:70:5a:fe:f7:b7:31:a9:c3:93:6d:7e:56:0d:
                    0a:cc:28:02:34:07:5e:f3:75:54:be:83:1c:b2:b4:
                    08:fa:5c:26:00:b2:e3:a4:bb:b9:6a:4a:f6:36:07:
                    bf:cc:57:13:8b:fd:3b:37:cc:ca:18:ca:7b:a5:7f:
                    a9:21:0b:d5:c2:df:f5:46:94:8a:9b:71:6f:22:78:
                    0c:27:6a:a7:81:e0:f7:ed:af:3c:15:45:d1:44:74:
                    f4:02:7f:e3:3d:e7:da:b6:22:25:80:50:08:3b:ea:
                    ee:22:52:c5:fe:6d:06:c4:64:55:17:5d:87:98:63:
                    d1:da:fa:07:e4:19:ea:9e:92:31:cf:21:63:36:d6:
                    80:a3:e3:65:00:22:e0:77:53:c6:78:6a:9a:6a:aa:
                    42:a3:7b:e1:19:24:f0:56:51:16:d4:09:49:8e:62:
                    61:f8:4c:91:ae:21:d4:76:6b:d2:56:4f:21:a8:1b:
                    22:7e:ff:c1:70:58:6e:04:5d:72:30:1d:14:62:4c:
                    54:7a:96:03:a0:7d:f2:2d:b0:84:1b:2b:a3:51:11:
                    0d:1f:00:9f:ab:55:42:8b:58:68:a2:48:f3:8b:6e:
                    a6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:7E:96:B6:CB:07:F4:B3:07:47:B0:81:36:52:86:44:0C:08:EC:E7
            X509v3 Authority Key Identifier:
                keyid:97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/1n6WtssH9LMHR7CBNlKGRAwI7Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:67:21:2b:9d:6a:1e:65:91:1b:fe:be:c1:81:30:76:03:14:
         58:15:e0:d0:0a:a1:24:a5:b6:20:eb:04:75:7c:e3:58:99:0e:
         07:e7:76:1d:10:e0:d8:7f:53:e0:db:be:e0:69:8f:0d:71:ef:
         d1:3e:6d:fe:76:fd:6d:05:6a:0c:9d:8f:a4:9f:1e:77:a4:ad:
         ba:ec:a0:56:f2:1b:d0:cb:9e:97:e7:30:55:52:94:68:b8:ca:
         d1:4d:6d:2e:fe:ca:12:39:a2:7d:61:f4:ff:77:2f:d9:af:db:
         97:1d:14:ab:39:1e:50:88:a5:d2:31:ed:e5:2c:b0:3c:56:0e:
         6f:4b:83:4e:df:14:56:32:60:52:20:fe:b7:68:e4:37:d1:59:
         bb:6e:8f:96:c0:37:57:f7:1c:b9:3e:3a:f4:d6:e0:5e:ea:ec:
         8d:e8:8b:ac:77:6c:16:03:82:f9:88:7d:e1:ca:c4:c0:1c:94:
         a4:3a:ab:96:c6:a2:ca:fd:4d:fa:3e:a5:f9:5e:a1:d3:2f:ee:
         ba:fa:06:59:91:16:17:f3:f1:b4:38:31:ad:d0:38:86:1c:e4:
         3d:f6:0b:f9:28:b2:4b:7e:40:cf:cf:c2:47:f5:96:76:01:c0:
         0e:f7:9c:75:fa:07:48:84:63:a4:f9:12:81:3f:11:9a:61:71:
         cf:b7:f6:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuzHNPjeWr1XLfVc1bmQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWFlZWVhODc5OGY3NmVjOWE0MzRlNzU2MzdlY2Q4ODEw
OTJlYzIwHhcNMjQwMTAyMTAzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjdlOTZiNmNiMDdmNGIzMDc0N2IwODEzNjUyODY0NDBjMDhlY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcF+xjohygbnVfR6d1CVKP6L6rCE
FoLdt5DilQZQPHBa/ve3ManDk21+Vg0KzCgCNAde83VUvoMcsrQI+lwmALLjpLu5
akr2Nge/zFcTi/07N8zKGMp7pX+pIQvVwt/1RpSKm3FvIngMJ2qngeD37a88FUXR
RHT0An/jPefatiIlgFAIO+ruIlLF/m0GxGRVF12HmGPR2voH5BnqnpIxzyFjNtaA
o+NlACLgd1PGeGqaaqpCo3vhGSTwVlEW1AlJjmJh+EyRriHUdmvSVk8hqBsifv/B
cFhuBF1yMB0UYkxUepYDoH3yLbCEGyujURENHwCfq1VCi1hookjzi26m0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ+lrbLB/SzB0ewgTZShkQMCOznMB8GA1UdIwQY
MBaAFJca7uqHmPduyaQ051Y37NiBCS7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4Njkt
YmRmNTVkYjRhOTBhLzEvMW42V3Rzc0g5TE1IUjdDQk5sS0dSQXdJN09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4NjktYmRmNTVkYjRhOTBh
LzEvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXUIMA0G
CSqGSIb3DQEBCwUAA4IBAQCHZyErnWoeZZEb/r7BgTB2AxRYFeDQCqEkpbYg6wR1
fONYmQ4H53YdEODYf1Pg277gaY8Nce/RPm3+dv1tBWoMnY+knx53pK267KBW8hvQ
y56X5zBVUpRouMrRTW0u/soSOaJ9YfT/dy/Zr9uXHRSrOR5QiKXSMe3lLLA8Vg5v
S4NO3xRWMmBSIP63aOQ30Vm7bo+WwDdX9xy5Pjr01uBe6uyN6Iusd2wWA4L5iH3h
ysTAHJSkOquWxqLK/U36PqX5XqHTL+66+gZZkRYX8/G0ODGt0DiGHOQ99gv5KLJL
fkDPz8JH9ZZ2AcAO95x1+gdIhGOk+RKBPxGaYXHPt/bP
-----END CERTIFICATE-----