Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/P0OxtFmFtiDHTNn92xY_JpRRpYE.roa
File:                     P0OxtFmFtiDHTNn92xY_JpRRpYE.roa (raw, json)
Hash identifier:          h10jqpGcyY8uvsflw6sG4XOOrO1TLnvlhnWmFY3FNAM=
Subject key identifier:   3F:43:B1:B4:59:85:B6:20:C7:4C:D9:FD:DB:16:3F:26:94:51:A5:81
Certificate issuer:       /CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
Certificate serial:       018CC9BBF6298C3A973FD580A17D232A0880
Authority key identifier: 53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/P0OxtFmFtiDHTNn92xY_JpRRpYE.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58051
IP address blocks:        185.221.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f6:29:8c:3a:97:3f:d5:80:a1:7d:23:2a:08:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f43b1b45985b620c74cd9fddb163f269451a581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:29:c2:26:0c:27:0f:cc:83:84:3b:b6:39:5f:
                    4a:16:52:0f:ce:94:b4:80:ff:f5:7c:44:a4:6a:d8:
                    13:b1:0f:c3:18:ff:f2:e9:ef:69:81:f1:3a:f3:c4:
                    fa:0e:4d:5b:d5:94:19:fe:bb:80:22:d2:67:d0:6b:
                    dc:67:7f:bf:77:41:ca:1f:1d:aa:dd:e5:aa:04:2f:
                    6e:c7:db:f2:f3:dc:15:74:1a:33:d7:be:dd:cf:54:
                    77:ce:73:86:6b:c4:cb:45:cf:9e:51:f6:7a:43:32:
                    47:24:5f:fc:e7:e8:d4:a9:eb:4f:ed:21:73:aa:05:
                    c9:f9:42:15:7e:d0:4b:25:c3:6a:39:43:e4:13:ec:
                    e5:2f:fa:e0:cc:50:51:26:be:60:70:df:7e:36:a6:
                    f9:40:1e:c6:70:3e:67:77:cf:02:f9:8a:79:50:38:
                    4f:49:b5:5e:29:a4:cf:1f:b0:53:82:e0:15:15:67:
                    23:73:57:69:bd:99:8d:a5:05:23:be:8f:ab:60:d1:
                    4c:b5:26:97:13:f4:e9:13:7f:c1:25:8c:97:80:e8:
                    63:13:aa:63:34:8d:38:28:9f:2b:89:85:c9:32:78:
                    08:b0:a9:78:fd:07:30:c4:d5:2e:49:4d:8f:5c:f6:
                    dc:b7:46:a5:e9:20:d3:d7:48:c9:2a:e7:66:9f:84:
                    83:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:43:B1:B4:59:85:B6:20:C7:4C:D9:FD:DB:16:3F:26:94:51:A5:81
            X509v3 Authority Key Identifier:
                keyid:53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/P0OxtFmFtiDHTNn92xY_JpRRpYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d8:14:e1:2f:59:4c:4b:98:15:40:23:01:90:26:28:22:38:
         00:89:75:e0:8d:b9:43:ff:76:e4:f7:3a:63:d6:3a:2d:3f:1f:
         bd:eb:59:c2:53:21:bd:97:01:61:32:bf:1e:35:ca:4f:b9:53:
         2e:be:07:d5:a2:c6:e8:b3:4e:ae:44:d0:bf:df:40:74:26:d8:
         4a:e1:6f:9b:8e:59:67:6f:28:f1:fb:96:56:56:8b:ea:77:20:
         df:bf:85:c1:63:89:14:db:43:0c:c7:94:50:eb:26:e4:7f:da:
         45:2e:bc:56:9a:f3:09:3d:cc:e3:82:19:b1:4a:09:d6:20:8d:
         20:e0:73:7a:f0:da:3c:d5:f7:e7:52:4d:26:bc:9c:84:15:e0:
         96:bf:f9:ca:c3:5a:eb:94:9d:a7:a1:88:9d:d7:45:a3:c1:84:
         7e:39:a1:d2:6f:7f:db:32:b4:fe:59:7b:11:8b:d3:0d:96:c4:
         06:25:dc:5c:ff:71:47:fe:5b:64:06:ff:4e:69:f7:fe:14:4d:
         02:91:12:3d:60:89:8a:70:90:3a:dd:49:35:fb:09:7a:d1:d1:
         ea:65:a7:a8:db:f0:18:df:d5:8f:c5:e8:80:12:29:92:39:cf:
         cc:cc:88:2a:69:dd:b6:f2:21:a1:3e:2a:89:a4:0e:8c:be:78:
         49:4e:61:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/YpjDqXP9WAoX0jKgiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjQ3YTcyNWM3NjhkNGRlNzhmYjMxYmI0MGZlMTZlYmEx
OWYyMGQwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQzYjFiNDU5ODViNjIwYzc0Y2Q5ZmRkYjE2M2YyNjk0NTFhNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCnCJgwnD8yDhDu2OV9KFlIPzpS0
gP/1fESkatgTsQ/DGP/y6e9pgfE688T6Dk1b1ZQZ/ruAItJn0GvcZ3+/d0HKHx2q
3eWqBC9ux9vy89wVdBoz177dz1R3znOGa8TLRc+eUfZ6QzJHJF/85+jUqetP7SFz
qgXJ+UIVftBLJcNqOUPkE+zlL/rgzFBRJr5gcN9+Nqb5QB7GcD5nd88C+Yp5UDhP
SbVeKaTPH7BTguAVFWcjc1dpvZmNpQUjvo+rYNFMtSaXE/TpE3/BJYyXgOhjE6pj
NI04KJ8riYXJMngIsKl4/QcwxNUuSU2PXPbct0al6SDT10jJKudmn4SDMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9DsbRZhbYgx0zZ/dsWPyaUUaWBMB8GA1UdIwQY
MBaAFFP0enJcdo1N54+zG7QP4W66GfINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMt
NTc0NzEzODQ1ZGJjLzEvUDBPeHRGbUZ0aURIVE5uOTJ4WV9KcFJScFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMtNTc0NzEzODQ1ZGJj
LzEvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0/MA0G
CSqGSIb3DQEBCwUAA4IBAQCK2BThL1lMS5gVQCMBkCYoIjgAiXXgjblD/3bk9zpj
1jotPx+961nCUyG9lwFhMr8eNcpPuVMuvgfVosbos06uRNC/30B0JthK4W+bjlln
byjx+5ZWVovqdyDfv4XBY4kU20MMx5RQ6ybkf9pFLrxWmvMJPczjghmxSgnWII0g
4HN68No81ffnUk0mvJyEFeCWv/nKw1rrlJ2noYid10WjwYR+OaHSb3/bMrT+WXsR
i9MNlsQGJdxc/3FH/ltkBv9Oaff+FE0CkRI9YImKcJA63Uk1+wl60dHqZaeo2/AY
39WPxeiAEimSOc/MzIgqad228iGhPiqJpA6MvnhJTmH6
-----END CERTIFICATE-----