Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/emVE3TWvPI4mjfy2k9dAVHXNYRY.roa
File:                     emVE3TWvPI4mjfy2k9dAVHXNYRY.roa (raw, json)
Hash identifier:          vCYA7gO/ILKKHL/FyHAM8xgc9Q8kYxoSTahsd+W6wUU=
Subject key identifier:   7A:65:44:DD:35:AF:3C:8E:26:8D:FC:B6:93:D7:40:54:75:CD:61:16
Certificate issuer:       /CN=a2d5c7ae7e45c00734efbcc913a1b1ea3e964b40
Certificate serial:       018FE20BAEF406175E864FA61542BFEBE32B
Authority key identifier: A2:D5:C7:AE:7E:45:C0:07:34:EF:BC:C9:13:A1:B1:EA:3E:96:4B:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/otXHrn5FwAc077zJE6Gx6j6WS0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/emVE3TWvPI4mjfy2k9dAVHXNYRY.roa
Signing time:             Tue 04 Jun 2024 06:59:27 +0000
ROA not before:           Tue 04 Jun 2024 06:59:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        185.117.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/otXHrn5FwAc077zJE6Gx6j6WS0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/otXHrn5FwAc077zJE6Gx6j6WS0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/otXHrn5FwAc077zJE6Gx6j6WS0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:0b:ae:f4:06:17:5e:86:4f:a6:15:42:bf:eb:e3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2d5c7ae7e45c00734efbcc913a1b1ea3e964b40
        Validity
            Not Before: Jun  4 06:59:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a6544dd35af3c8e268dfcb693d7405475cd6116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fe:7e:fc:32:7a:ea:0f:2b:9e:9b:24:b7:7c:
                    b8:9a:d6:06:2e:9c:42:b2:14:6d:4a:84:31:12:8d:
                    7a:1c:85:d1:40:30:48:f2:38:d1:79:8c:79:db:bb:
                    5a:d5:b1:3e:ec:f4:1f:97:86:2b:9d:47:7a:8b:c8:
                    37:ff:48:58:69:07:3a:7d:65:cc:74:2e:47:03:18:
                    70:26:d3:dd:86:6d:14:4f:ce:c4:22:4e:f5:c4:ff:
                    52:71:28:31:87:a6:f5:b0:b6:cd:81:f6:f9:5d:5f:
                    55:8a:2b:63:1a:41:f9:4d:bf:73:bb:03:5d:3c:32:
                    0b:65:c4:03:01:9d:36:b1:ae:b0:fc:40:8f:dc:0c:
                    ce:94:c0:e4:8c:08:e1:d2:0e:15:01:ff:34:70:34:
                    a1:b2:dc:6d:d6:b8:1e:e2:92:98:29:5c:42:a5:a5:
                    3a:ea:19:ec:4c:36:f5:48:d4:0a:4d:6a:89:be:f5:
                    0b:6a:60:0b:98:10:88:1b:6c:68:e4:89:fa:9d:58:
                    73:5c:e3:12:9f:56:7b:be:6a:e5:e6:1a:26:0b:0e:
                    ca:16:06:e6:0d:90:fd:ad:6c:64:20:d3:c5:46:f5:
                    e9:0d:e3:02:8a:92:a8:7b:2f:b7:5e:35:16:54:d4:
                    13:94:04:17:73:42:51:be:55:ba:ef:62:2b:61:e4:
                    8e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:65:44:DD:35:AF:3C:8E:26:8D:FC:B6:93:D7:40:54:75:CD:61:16
            X509v3 Authority Key Identifier:
                keyid:A2:D5:C7:AE:7E:45:C0:07:34:EF:BC:C9:13:A1:B1:EA:3E:96:4B:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/otXHrn5FwAc077zJE6Gx6j6WS0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/emVE3TWvPI4mjfy2k9dAVHXNYRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/50f34c-338d-4fce-8193-ec16735a3382/1/otXHrn5FwAc077zJE6Gx6j6WS0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:32:72:e2:b6:f6:00:10:38:03:c3:fc:8a:5d:69:82:c0:01:
         bb:d7:46:c6:d7:ac:29:1b:83:e4:00:c5:d7:b7:67:3f:f7:9e:
         2d:1a:a8:46:69:db:0f:fb:ab:1b:ae:fe:1d:51:c9:a9:e5:b8:
         e1:be:bc:60:ce:87:65:17:2a:54:5c:b4:36:e0:c6:3c:7b:0e:
         b0:22:17:fc:25:bc:b8:ae:99:d5:f0:d7:91:95:7f:46:4c:ca:
         24:b4:65:ec:da:b4:78:8a:f2:4a:07:2e:59:07:04:af:69:17:
         e7:3b:ab:97:3f:66:7d:9f:a0:f9:55:89:80:4b:aa:04:8d:5f:
         24:5e:e8:9e:6f:28:46:6e:5b:e7:72:7f:f9:46:90:e3:47:8b:
         46:46:28:8c:78:33:0d:a3:39:5c:cd:c8:bd:8b:75:94:80:58:
         3f:11:e0:bf:31:9f:e4:c6:2b:89:f7:37:02:87:bf:91:da:ec:
         b3:fe:74:73:a8:10:77:0d:f8:f1:4a:77:5c:0f:65:38:e4:2b:
         32:83:05:f0:42:82:a5:8d:aa:c5:98:3f:e2:a7:7d:3f:b9:c2:
         cb:f1:38:35:00:5b:a8:4b:4e:fb:b3:35:65:d1:f6:73:ac:09:
         81:ec:c5:4f:8a:9f:76:3c:ac:ea:06:7b:7c:8f:15:70:55:ad:
         4b:44:a3:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/iC670Bhdehk+mFUK/6+MrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZDVjN2FlN2U0NWMwMDczNGVmYmNjOTEzYTFiMWVhM2U5
NjRiNDAwHhcNMjQwNjA0MDY1OTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTY1NDRkZDM1YWYzYzhlMjY4ZGZjYjY5M2Q3NDA1NDc1Y2Q2MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyv5+/DJ66g8rnpskt3y4mtYGLpxC
shRtSoQxEo16HIXRQDBI8jjReYx527ta1bE+7PQfl4YrnUd6i8g3/0hYaQc6fWXM
dC5HAxhwJtPdhm0UT87EIk71xP9ScSgxh6b1sLbNgfb5XV9ViitjGkH5Tb9zuwNd
PDILZcQDAZ02sa6w/ECP3AzOlMDkjAjh0g4VAf80cDShstxt1rge4pKYKVxCpaU6
6hnsTDb1SNQKTWqJvvULamALmBCIG2xo5In6nVhzXOMSn1Z7vmrl5homCw7KFgbm
DZD9rWxkINPFRvXpDeMCipKoey+3XjUWVNQTlAQXc0JRvlW672IrYeSOAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHplRN01rzyOJo38tpPXQFR1zWEWMB8GA1UdIwQY
MBaAFKLVx65+RcAHNO+8yROhseo+lktAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3RYSHJuNUZ3QWMwNzd6SkU2R3g2ajZXUzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81MGYzNGMtMzM4ZC00ZmNlLTgxOTMt
ZWMxNjczNWEzMzgyLzEvZW1WRTNUV3ZQSTRtamZ5Mms5ZEFWSFhOWVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81MGYzNGMtMzM4ZC00ZmNlLTgxOTMtZWMxNjczNWEzMzgy
LzEvb3RYSHJuNUZ3QWMwNzd6SkU2R3g2ajZXUzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCAMnLitvYAEDgDw/yKXWmCwAG710bG16wpG4PkAMXX
t2c/954tGqhGadsP+6sbrv4dUcmp5bjhvrxgzodlFypUXLQ24MY8ew6wIhf8Jby4
rpnV8NeRlX9GTMoktGXs2rR4ivJKBy5ZBwSvaRfnO6uXP2Z9n6D5VYmAS6oEjV8k
XuiebyhGblvncn/5RpDjR4tGRiiMeDMNozlczci9i3WUgFg/EeC/MZ/kxiuJ9zcC
h7+R2uyz/nRzqBB3DfjxSndcD2U45CsygwXwQoKljarFmD/ip30/ucLL8Tg1AFuo
S077szVl0fZzrAmB7MVPip92PKzqBnt8jxVwVa1LRKNf
-----END CERTIFICATE-----