Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/cLtxP9SauzgQ5rTzBkbCaZZdefY.roa
File:                     cLtxP9SauzgQ5rTzBkbCaZZdefY.roa (raw, json)
Hash identifier:          AAVRl1diRH6nGcr5XzrSB5GXTgLC5uB2UyZByM5tBJ8=
Subject key identifier:   70:BB:71:3F:D4:9A:BB:38:10:E6:B4:F3:06:46:C2:69:96:5D:79:F6
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       018CCA99DC6B74B20EFE904DD08DDB8DDFEE
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/cLtxP9SauzgQ5rTzBkbCaZZdefY.roa
Signing time:             Tue 02 Jan 2024 14:35:30 +0000
ROA not before:           Tue 02 Jan 2024 14:35:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        185.247.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:dc:6b:74:b2:0e:fe:90:4d:d0:8d:db:8d:df:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Jan  2 14:35:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70bb713fd49abb3810e6b4f30646c269965d79f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e8:93:84:17:a6:88:72:77:2d:8b:68:1a:2f:
                    9c:f8:fd:ee:cb:93:81:12:31:27:55:53:31:5b:a8:
                    67:b4:66:ce:96:b4:4e:6e:85:e2:93:75:8c:b8:e3:
                    e2:c3:50:bd:44:57:90:6c:8c:31:28:2b:8f:dd:e7:
                    b7:de:be:86:d5:61:e1:3e:d7:1b:25:fc:5c:b5:38:
                    79:03:45:82:d6:2d:0b:14:5c:9d:bf:01:1e:7d:6c:
                    7a:2a:40:63:95:c8:87:c3:49:95:a7:a8:a0:02:6b:
                    59:af:07:39:97:13:33:44:fe:fb:24:ca:24:e4:84:
                    23:0f:4a:88:9f:45:e5:00:ee:bf:ba:25:a7:32:4f:
                    6e:e1:6a:92:24:12:ea:4e:be:15:1e:c7:e5:4a:cc:
                    74:e8:43:ce:51:3e:00:d3:a3:e5:53:3b:fe:3f:aa:
                    71:da:bf:9c:7f:19:6d:5f:33:59:21:1f:8f:de:2a:
                    f9:79:1f:b1:8e:d6:f7:2a:18:b9:8b:f8:b6:cb:33:
                    a7:14:06:ec:fb:0e:e8:92:f0:81:6d:a6:9f:ac:02:
                    5c:c4:e3:9a:7c:7a:0a:10:fb:db:ca:10:13:8f:d6:
                    d6:dc:c5:d2:b1:80:52:66:8e:ed:3a:43:fd:fd:1e:
                    09:75:66:49:b7:b0:c1:0b:8e:ce:b4:26:82:0d:25:
                    34:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:BB:71:3F:D4:9A:BB:38:10:E6:B4:F3:06:46:C2:69:96:5D:79:F6
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/cLtxP9SauzgQ5rTzBkbCaZZdefY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b8:dc:b2:06:07:92:83:0c:92:8d:81:53:f4:2a:78:9b:58:
         bd:10:15:cf:a5:87:a0:80:a6:24:8e:13:15:ef:79:ff:66:c4:
         9c:ae:42:fa:b7:f7:45:b3:3d:c8:06:15:b1:6f:32:57:6b:0e:
         cb:8e:5c:b1:ba:87:93:ee:4d:62:ca:85:af:a5:3b:38:bc:db:
         fb:30:aa:4c:e0:15:57:4b:95:e2:f3:84:73:b1:da:8b:55:f9:
         fa:b6:b3:05:44:a8:2d:44:02:71:03:65:8e:c0:cb:07:92:13:
         2c:40:ae:5f:f7:e2:0e:cc:90:b0:8c:57:22:73:c2:f3:5a:b6:
         03:d0:dd:a8:dc:e8:33:f9:5d:fc:8b:66:b7:13:30:1f:25:79:
         7e:05:2c:df:61:e0:40:4b:97:03:8d:bb:25:74:c8:b1:6d:f8:
         33:73:8b:36:1e:83:0a:b8:24:08:ed:32:7a:4c:64:78:1e:a6:
         4c:62:c2:46:83:cb:38:ae:ed:51:db:ca:1c:fe:89:41:0b:bf:
         d1:41:24:56:15:4f:b0:43:c4:85:8b:33:33:f4:82:33:c8:73:
         c3:a5:55:aa:f2:22:e4:98:16:65:1f:b1:15:7a:a0:df:76:99:
         10:a9:43:f2:e6:69:51:7e:e6:16:86:d1:6d:57:04:f2:65:77:
         ff:5b:93:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmdxrdLIO/pBN0I3bjd/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjQwMTAyMTQzNTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGJiNzEzZmQ0OWFiYjM4MTBlNmI0ZjMwNjQ2YzI2OTk2NWQ3OWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOiThBemiHJ3LYtoGi+c+P3uy5OB
EjEnVVMxW6hntGbOlrROboXik3WMuOPiw1C9RFeQbIwxKCuP3ee33r6G1WHhPtcb
JfxctTh5A0WC1i0LFFydvwEefWx6KkBjlciHw0mVp6igAmtZrwc5lxMzRP77JMok
5IQjD0qIn0XlAO6/uiWnMk9u4WqSJBLqTr4VHsflSsx06EPOUT4A06PlUzv+P6px
2r+cfxltXzNZIR+P3ir5eR+xjtb3Khi5i/i2yzOnFAbs+w7okvCBbaafrAJcxOOa
fHoKEPvbyhATj9bW3MXSsYBSZo7tOkP9/R4JdWZJt7DBC47OtCaCDSU0sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC7cT/Umrs4EOa08wZGwmmWXXn2MB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvY0x0eFA5U2F1emdRNXJUekJrYkNhWlpkZWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufc9MA0G
CSqGSIb3DQEBCwUAA4IBAQBZuNyyBgeSgwySjYFT9Cp4m1i9EBXPpYeggKYkjhMV
73n/ZsScrkL6t/dFsz3IBhWxbzJXaw7LjlyxuoeT7k1iyoWvpTs4vNv7MKpM4BVX
S5Xi84RzsdqLVfn6trMFRKgtRAJxA2WOwMsHkhMsQK5f9+IOzJCwjFcic8LzWrYD
0N2o3Ogz+V38i2a3EzAfJXl+BSzfYeBAS5cDjbsldMixbfgzc4s2HoMKuCQI7TJ6
TGR4HqZMYsJGg8s4ru1R28oc/olBC7/RQSRWFU+wQ8SFizMz9IIzyHPDpVWq8iLk
mBZlH7EVeqDfdpkQqUPy5mlRfuYWhtFtVwTyZXf/W5NC
-----END CERTIFICATE-----