Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/i2561KdGxn9uVtdlar_i2okMTDo.roa
File:                     i2561KdGxn9uVtdlar_i2okMTDo.roa (raw, json)
Hash identifier:          8XW6rw4AG4okvKef/O31sLIUHQOg+70yMvTc2KspYG0=
Subject key identifier:   8B:6E:7A:D4:A7:46:C6:7F:6E:56:D7:65:6A:BF:E2:DA:89:0C:4C:3A
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       018CC801DB8D17F995B0DCECB9CE1F69D89A
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/i2561KdGxn9uVtdlar_i2okMTDo.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201084
IP address blocks:        185.43.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:db:8d:17:f9:95:b0:dc:ec:b9:ce:1f:69:d8:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b6e7ad4a746c67f6e56d7656abfe2da890c4c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:29:26:58:b9:ae:f9:5a:49:31:8a:56:d5:9a:
                    da:9a:5c:3c:bb:bc:a2:a7:b8:ef:0a:b1:f5:51:83:
                    97:25:af:9c:6b:2b:68:3a:33:84:1c:aa:21:a0:fd:
                    52:3c:b1:be:ee:8a:e4:5a:42:a0:69:c2:4f:2e:21:
                    8a:6b:b4:c1:ef:7a:63:ab:96:9f:53:23:8d:40:21:
                    44:23:ad:3a:20:b0:69:da:d2:27:90:b9:e9:ac:53:
                    d3:c5:30:a7:d4:99:8a:08:d3:0d:4b:cb:6a:29:8d:
                    ca:5c:3e:3f:57:c3:7d:73:cc:17:02:0e:a0:ec:06:
                    cf:ec:11:c2:ed:74:01:04:63:a0:9d:cc:68:11:81:
                    4a:18:cc:22:d6:24:d0:44:c0:bd:e0:6f:d5:46:c5:
                    6d:bd:07:00:ea:8e:11:dc:13:d1:1b:10:84:f4:2f:
                    f2:3e:69:6b:b9:a4:58:42:89:91:ed:68:6d:05:3a:
                    4e:fb:e2:c6:3d:99:9d:59:d1:2e:26:03:42:2e:8f:
                    78:18:6c:79:44:01:6e:71:7d:36:a2:d7:1c:e8:66:
                    08:4d:e1:c7:c1:ee:0c:c7:0c:d0:8f:24:aa:19:7d:
                    ab:54:b6:04:7c:1b:70:ba:f4:47:01:3e:e8:9d:c4:
                    b6:4f:b7:a9:52:d8:54:6a:26:56:05:66:53:0e:fb:
                    a9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6E:7A:D4:A7:46:C6:7F:6E:56:D7:65:6A:BF:E2:DA:89:0C:4C:3A
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/i2561KdGxn9uVtdlar_i2okMTDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:3c:db:53:8f:b7:d3:1e:b6:e9:6f:51:79:2b:b6:06:d7:3f:
         bc:3a:3f:c9:9f:2a:17:a0:e9:87:f7:a8:6f:0d:98:66:69:6a:
         f3:05:46:47:2d:41:04:47:63:df:8b:5f:8f:69:55:93:a7:0f:
         a5:f8:2e:b9:3f:ab:5c:3b:c5:50:7d:45:20:55:79:ef:50:30:
         88:87:b9:77:33:54:ff:76:7a:30:37:e6:fc:4a:92:c8:3e:5c:
         85:1f:cf:c1:f8:4b:cf:95:21:4a:e9:14:82:6d:f8:fa:d0:36:
         23:be:36:c6:c0:91:b2:44:e5:70:f9:74:54:89:7c:6d:22:9d:
         3f:31:b7:0b:dc:19:82:90:85:88:15:9e:30:93:ec:3d:9c:89:
         f5:41:2d:eb:04:d5:a6:53:26:c5:c0:2a:9e:4c:f4:56:e5:fe:
         83:62:56:cd:91:fc:7b:d9:de:34:93:40:3e:ab:88:4f:55:be:
         b6:0b:de:56:9e:4f:36:20:79:65:76:3e:24:b4:98:f8:a4:f4:
         0c:f0:3d:34:06:6b:98:b7:c4:00:bb:13:f3:10:34:26:53:9d:
         50:31:d6:f2:ba:4b:f9:7f:1d:22:df:5b:13:77:61:0e:22:56:
         69:87:1e:5e:24:49:d2:d1:d0:07:af:25:69:61:2b:68:b5:44:
         18:30:42:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAduNF/mVsNzsuc4fadiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZlN2FkNGE3NDZjNjdmNmU1NmQ3NjU2YWJmZTJkYTg5MGM0YzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnykmWLmu+VpJMYpW1Zramlw8u7yi
p7jvCrH1UYOXJa+caytoOjOEHKohoP1SPLG+7orkWkKgacJPLiGKa7TB73pjq5af
UyONQCFEI606ILBp2tInkLnprFPTxTCn1JmKCNMNS8tqKY3KXD4/V8N9c8wXAg6g
7AbP7BHC7XQBBGOgncxoEYFKGMwi1iTQRMC94G/VRsVtvQcA6o4R3BPRGxCE9C/y
PmlruaRYQomR7WhtBTpO++LGPZmdWdEuJgNCLo94GGx5RAFucX02otcc6GYITeHH
we4MxwzQjySqGX2rVLYEfBtwuvRHAT7oncS2T7epUthUaiZWBWZTDvupSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItuetSnRsZ/blbXZWq/4tqJDEw6MB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEvaTI1NjFLZEd4bjl1VnRkbGFyX2kyb2tNVERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuStEMA0G
CSqGSIb3DQEBCwUAA4IBAQCPPNtTj7fTHrbpb1F5K7YG1z+8Oj/JnyoXoOmH96hv
DZhmaWrzBUZHLUEER2Pfi1+PaVWTpw+l+C65P6tcO8VQfUUgVXnvUDCIh7l3M1T/
dnowN+b8SpLIPlyFH8/B+EvPlSFK6RSCbfj60DYjvjbGwJGyROVw+XRUiXxtIp0/
MbcL3BmCkIWIFZ4wk+w9nIn1QS3rBNWmUybFwCqeTPRW5f6DYlbNkfx72d40k0A+
q4hPVb62C95Wnk82IHlldj4ktJj4pPQM8D00BmuYt8QAuxPzEDQmU51QMdbyukv5
fx0i31sTd2EOIlZphx5eJEnS0dAHryVpYStotUQYMEJ4
-----END CERTIFICATE-----