Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/350991ZO19OoaGbmPUg6hnLbaCQ.roa
File:                     350991ZO19OoaGbmPUg6hnLbaCQ.roa (raw, json)
Hash identifier:          e2YI5lLl6zRxt03iORbzo09fpH9YKXhrezwyiC6aaiE=
Subject key identifier:   DF:9D:3D:F7:56:4E:D7:D3:A8:68:66:E6:3D:48:3A:86:72:DB:68:24
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018E7ADECB2F778C8A76091938DA517E5E02
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/350991ZO19OoaGbmPUg6hnLbaCQ.roa
Signing time:             Tue 26 Mar 2024 13:06:45 +0000
ROA not before:           Tue 26 Mar 2024 13:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        85.209.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7a:de:cb:2f:77:8c:8a:76:09:19:38:da:51:7e:5e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Mar 26 13:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df9d3df7564ed7d3a86866e63d483a8672db6824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a4:2e:16:3f:70:85:88:37:b2:f7:02:c5:ae:
                    58:c1:ef:9c:5b:a1:15:17:5d:e3:a8:fc:0e:8b:cc:
                    cb:17:9b:37:61:7d:3c:f7:6f:ad:42:51:fa:33:03:
                    56:4f:7c:3e:83:36:37:3c:e5:4c:cf:64:0e:93:08:
                    11:ce:95:24:f1:ff:b1:1d:e4:e7:7c:c8:cc:cc:5a:
                    be:71:e4:4a:95:3b:d0:af:bb:26:91:66:3e:3b:d6:
                    10:03:21:65:e2:c4:b7:40:79:97:be:2d:46:a0:dd:
                    2a:5d:8b:43:f1:cf:b8:2b:ac:72:da:27:ca:eb:d7:
                    39:26:ae:f9:a1:f7:ff:dc:d9:c0:b9:bf:03:3e:b6:
                    25:dd:7e:6e:71:e3:32:e0:3c:dd:94:52:15:86:33:
                    54:9b:5f:1e:bf:3c:eb:6c:c4:c9:fc:05:0b:40:3f:
                    24:3c:9a:5b:3f:36:4c:f8:98:5e:e9:d8:7c:8e:e9:
                    f8:39:cf:fa:23:7a:5d:78:17:53:77:f4:cf:ab:0e:
                    c0:d0:ca:64:79:7a:3f:e6:61:99:33:44:77:5f:47:
                    b6:53:b6:02:41:5b:4a:95:78:f9:e8:38:06:1d:d2:
                    4f:eb:e5:a9:ca:7d:65:55:89:fe:13:e0:da:57:da:
                    57:28:bd:62:fd:dc:b2:f7:f0:87:60:74:cc:ac:f1:
                    20:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9D:3D:F7:56:4E:D7:D3:A8:68:66:E6:3D:48:3A:86:72:DB:68:24
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/350991ZO19OoaGbmPUg6hnLbaCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:3d:dc:54:ee:8a:16:3a:ae:9a:07:3c:cd:1f:bf:b6:27:99:
         b1:b9:bd:88:52:c7:09:88:7b:4f:aa:1f:37:e2:57:0f:25:e6:
         29:17:62:39:6b:d8:b6:3d:c5:ed:7e:5b:f5:5e:c8:b7:cf:ce:
         80:d6:df:72:6f:06:35:ae:2e:04:78:b2:be:fd:ad:5f:29:ca:
         f5:cd:4d:08:5b:76:44:3e:1b:6f:cc:45:4e:3e:e3:76:49:7a:
         1b:31:8e:99:e8:f7:c9:43:77:c6:b9:7b:7a:8d:92:dc:00:d1:
         00:f7:b0:a7:41:a7:b1:6d:5d:b9:9a:5c:ad:ae:d0:e1:a8:ec:
         a0:92:44:87:75:5e:24:9a:29:a7:10:dd:a8:12:9e:2c:d3:3a:
         e5:d7:88:54:7f:0c:83:3f:42:d9:08:69:c0:57:a9:3c:86:71:
         66:f5:c8:02:a7:f2:c5:c2:56:d4:cd:26:5d:92:a7:61:0a:d7:
         5c:a1:7b:67:a4:8d:ce:0c:98:4c:7f:db:a2:96:e4:9f:56:96:
         84:ee:a4:fc:20:54:c8:2d:9e:14:01:8e:35:4d:21:75:51:e6:
         f0:f1:81:36:05:25:2c:cd:aa:ae:43:6e:93:ed:f9:41:05:a2:
         48:a6:ef:8d:d9:1d:46:8d:80:9b:b4:9b:06:b0:5c:09:3b:0e:
         b1:bd:6d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY563ssvd4yKdgkZONpRfl4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMzI2MTMwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlkM2RmNzU2NGVkN2QzYTg2ODY2ZTYzZDQ4M2E4NjcyZGI2ODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaQuFj9whYg3svcCxa5Ywe+cW6EV
F13jqPwOi8zLF5s3YX0892+tQlH6MwNWT3w+gzY3POVMz2QOkwgRzpUk8f+xHeTn
fMjMzFq+ceRKlTvQr7smkWY+O9YQAyFl4sS3QHmXvi1GoN0qXYtD8c+4K6xy2ifK
69c5Jq75off/3NnAub8DPrYl3X5uceMy4DzdlFIVhjNUm18evzzrbMTJ/AULQD8k
PJpbPzZM+Jhe6dh8jun4Oc/6I3pdeBdTd/TPqw7A0MpkeXo/5mGZM0R3X0e2U7YC
QVtKlXj56DgGHdJP6+Wpyn1lVYn+E+DaV9pXKL1i/dyy9/CHYHTMrPEgyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+dPfdWTtfTqGhm5j1IOoZy22gkMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMzUwOTkxWk8xOU9vYUdibVBVZzZobkxiYUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGjMA0G
CSqGSIb3DQEBCwUAA4IBAQDNPdxU7ooWOq6aBzzNH7+2J5mxub2IUscJiHtPqh83
4lcPJeYpF2I5a9i2PcXtflv1Xsi3z86A1t9ybwY1ri4EeLK+/a1fKcr1zU0IW3ZE
PhtvzEVOPuN2SXobMY6Z6PfJQ3fGuXt6jZLcANEA97CnQaexbV25mlytrtDhqOyg
kkSHdV4kmimnEN2oEp4s0zrl14hUfwyDP0LZCGnAV6k8hnFm9cgCp/LFwlbUzSZd
kqdhCtdcoXtnpI3ODJhMf9uiluSfVpaE7qT8IFTILZ4UAY41TSF1Uebw8YE2BSUs
zaquQ26T7flBBaJIpu+N2R1GjYCbtJsGsFwJOw6xvW3v
-----END CERTIFICATE-----