Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OSETxdZFptfT4s9Jsvj0njh4MlQ.roa
File:                     OSETxdZFptfT4s9Jsvj0njh4MlQ.roa (raw, json)
Hash identifier:          hNjZ8tvu0AvlvepUF/Q+yp++qMjxLWPFW71l1fvVXOc=
Subject key identifier:   39:21:13:C5:D6:45:A6:D7:D3:E2:CF:49:B2:F8:F4:9E:38:78:32:54
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0192356DEA7461764666137F1850FA589508
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OSETxdZFptfT4s9Jsvj0njh4MlQ.roa
Signing time:             Fri 27 Sep 2024 21:40:48 +0000
ROA not before:           Fri 27 Sep 2024 21:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.113.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:35:6d:ea:74:61:76:46:66:13:7f:18:50:fa:58:95:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Sep 27 21:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=392113c5d645a6d7d3e2cf49b2f8f49e38783254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1e:83:d8:8a:c1:b0:9f:1d:b8:bf:7a:63:87:
                    d7:7b:26:dc:c1:d4:88:f8:72:06:ba:f9:ad:08:e5:
                    8a:44:57:e5:8c:28:61:b9:73:fe:a5:58:dc:e2:18:
                    a5:73:21:58:2d:0f:54:91:07:2e:89:f6:0d:50:a5:
                    fd:e9:50:f2:fb:29:e0:03:2d:36:2c:00:91:62:5e:
                    d9:b0:ec:5c:e4:bb:20:fa:5e:f4:00:46:77:ed:d0:
                    14:e9:45:a6:32:ae:12:f0:3e:7b:80:c7:61:19:80:
                    24:8e:f8:30:67:51:dc:e9:95:73:e3:2e:a7:d0:4f:
                    4f:b0:b6:98:3a:9d:5a:17:fb:c0:65:64:2f:43:c8:
                    d2:12:aa:5b:03:e3:b9:c4:aa:8b:c7:19:0b:42:4b:
                    41:56:a0:9e:12:34:4f:fb:50:54:5d:a2:96:20:cc:
                    ef:7a:f7:df:de:f2:0d:c9:82:63:9e:80:48:e0:f2:
                    ee:7e:42:28:b8:e0:f0:aa:dc:c0:77:12:25:ef:fb:
                    3d:8d:9d:c4:11:01:d8:4f:65:b6:06:a5:0f:c8:ae:
                    16:61:e4:27:9c:85:38:bf:60:18:e6:4f:48:07:c9:
                    5f:c4:b3:fa:3f:7e:15:74:bf:2e:14:e1:d2:d3:0e:
                    81:a1:39:9e:c5:1b:be:22:37:ea:2c:51:1f:1e:04:
                    d0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:21:13:C5:D6:45:A6:D7:D3:E2:CF:49:B2:F8:F4:9E:38:78:32:54
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/OSETxdZFptfT4s9Jsvj0njh4MlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:40:60:08:df:de:bc:c2:a2:1b:1f:ea:7d:a0:21:58:23:0c:
         55:6b:f9:b7:8f:ad:25:a3:02:96:ed:69:af:b2:1b:80:89:e1:
         5a:53:01:21:52:37:b2:22:f1:32:72:bb:4d:a8:2c:97:23:da:
         f4:7a:7b:74:94:cc:92:2e:4c:47:9b:55:65:d1:fa:38:98:cd:
         15:89:c6:02:86:79:e1:68:40:1a:df:77:a3:be:b4:f0:dc:a1:
         1c:95:9f:22:31:01:f5:30:33:50:8b:62:e2:d9:ea:04:03:59:
         66:69:42:52:56:b3:2a:61:d4:5d:d4:39:12:3f:14:66:f4:b7:
         00:82:49:23:15:00:01:17:df:cb:f9:bf:40:1b:f0:b1:88:e9:
         a3:20:0b:e5:4e:8d:bb:80:58:4e:15:11:0a:e5:fd:ef:20:70:
         13:92:a4:ab:8b:4b:f1:99:b0:12:d1:4a:13:fa:fe:fa:95:2d:
         90:76:1c:41:c3:48:c5:ab:e6:f8:bd:8c:c9:cc:d9:71:89:01:
         08:10:14:0a:14:b1:f8:a0:e9:4f:4f:88:af:cc:5f:d7:0e:6b:
         41:33:a0:92:bc:81:70:b9:12:8b:0d:21:3e:61:e8:49:04:24:
         75:a0:47:b1:12:59:0b:d7:43:f6:c2:84:2c:9f:9d:47:e7:a8:
         96:fd:32:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI1bep0YXZGZhN/GFD6WJUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwOTI3MjE0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTIxMTNjNWQ2NDVhNmQ3ZDNlMmNmNDliMmY4ZjQ5ZTM4NzgzMjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvh6D2IrBsJ8duL96Y4fXeybcwdSI
+HIGuvmtCOWKRFfljChhuXP+pVjc4hilcyFYLQ9UkQcuifYNUKX96VDy+yngAy02
LACRYl7ZsOxc5Lsg+l70AEZ37dAU6UWmMq4S8D57gMdhGYAkjvgwZ1Hc6ZVz4y6n
0E9PsLaYOp1aF/vAZWQvQ8jSEqpbA+O5xKqLxxkLQktBVqCeEjRP+1BUXaKWIMzv
evff3vINyYJjnoBI4PLufkIouODwqtzAdxIl7/s9jZ3EEQHYT2W2BqUPyK4WYeQn
nIU4v2AY5k9IB8lfxLP6P34VdL8uFOHS0w6BoTmexRu+IjfqLFEfHgTQNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkhE8XWRabX0+LPSbL49J44eDJUMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvT1NFVHhkWkZwdGZUNHM5SnN2ajBuamg0TWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXH6MA0G
CSqGSIb3DQEBCwUAA4IBAQAkQGAI3968wqIbH+p9oCFYIwxVa/m3j60lowKW7Wmv
shuAieFaUwEhUjeyIvEycrtNqCyXI9r0ent0lMySLkxHm1Vl0fo4mM0VicYChnnh
aEAa33ejvrTw3KEclZ8iMQH1MDNQi2Li2eoEA1lmaUJSVrMqYdRd1DkSPxRm9LcA
gkkjFQABF9/L+b9AG/CxiOmjIAvlTo27gFhOFREK5f3vIHATkqSri0vxmbAS0UoT
+v76lS2QdhxBw0jFq+b4vYzJzNlxiQEIEBQKFLH4oOlPT4ivzF/XDmtBM6CSvIFw
uRKLDSE+YehJBCR1oEexElkL10P2woQsn51H56iW/TJs
-----END CERTIFICATE-----