Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/kj0SFZ_BfU8FClGavebXLuxYFVs.roa
File:                     kj0SFZ_BfU8FClGavebXLuxYFVs.roa (raw, json)
Hash identifier:          god+78ecWGJ1OhsSOmPELhKeE4Vd+WuVoVWWbJI+6So=
Subject key identifier:   92:3D:12:15:9F:C1:7D:4F:05:0A:51:9A:BD:E6:D7:2E:EC:58:15:5B
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       01914532D84D50FB92609BECF261341CCA07
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/kj0SFZ_BfU8FClGavebXLuxYFVs.roa
Signing time:             Mon 12 Aug 2024 06:07:25 +0000
ROA not before:           Mon 12 Aug 2024 06:07:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208767
IP address blocks:        212.230.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:32:d8:4d:50:fb:92:60:9b:ec:f2:61:34:1c:ca:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Aug 12 06:07:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=923d12159fc17d4f050a519abde6d72eec58155b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:bc:97:3d:64:6c:19:f1:5b:9c:62:81:d9:90:
                    58:d1:e6:8f:cb:50:ae:54:ed:c8:08:28:bc:5b:d7:
                    ea:7f:b3:e9:4d:1a:5c:d7:d1:c3:f3:46:f9:43:51:
                    93:00:21:33:bf:35:db:c1:36:d2:d7:b8:24:21:51:
                    d0:f9:c6:21:23:f5:cb:63:19:7e:a4:c6:b3:bc:b0:
                    3b:55:32:3c:97:33:49:fd:c7:84:90:8a:53:53:21:
                    5f:fc:41:77:23:25:24:ba:0a:86:e4:f0:7b:30:08:
                    2a:41:91:a6:13:5b:7b:69:70:64:c0:25:bf:59:a2:
                    28:e5:59:40:e8:fc:ee:83:e4:46:a8:61:87:e8:e9:
                    1a:00:97:8f:00:ef:ca:e4:d7:d9:2e:75:c3:8f:e1:
                    ab:0d:7f:51:f6:b9:d5:9c:c3:6c:a3:ca:01:4f:6e:
                    b7:cb:0a:00:c0:ed:34:b9:06:d9:c4:1b:96:07:6f:
                    72:7d:1e:7b:6d:b7:c1:32:a3:f0:18:58:9c:a2:10:
                    ff:c2:f2:7e:3a:54:11:64:9e:02:59:0b:fd:8c:dc:
                    03:75:b4:f6:34:d1:47:2c:8f:6a:b1:52:eb:db:08:
                    15:f2:7c:d0:30:d4:70:6d:d0:fd:65:31:e9:11:f9:
                    40:51:b5:e6:61:31:f9:e8:00:85:7f:fd:19:ed:b2:
                    d4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3D:12:15:9F:C1:7D:4F:05:0A:51:9A:BD:E6:D7:2E:EC:58:15:5B
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/kj0SFZ_BfU8FClGavebXLuxYFVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.230.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:2b:3d:04:59:e5:2f:c8:3b:71:09:0f:cb:18:03:92:eb:a4:
         2a:04:5a:24:c9:2e:1f:d4:80:5f:9a:c7:10:bf:e5:47:7b:13:
         64:d8:1b:61:a8:f6:3a:8b:d7:3a:8d:5c:a9:10:46:75:b7:2e:
         ec:9c:e1:49:b5:bd:35:c6:79:42:66:96:d5:4a:f0:52:fe:b7:
         57:da:fd:a7:24:05:d8:7c:d0:2d:83:46:94:e1:f6:aa:a7:ac:
         4e:b5:ea:da:2f:c8:fe:c3:ea:94:a9:57:57:e7:ad:e4:8a:97:
         2e:51:f1:50:db:99:db:d2:a1:64:dd:f8:90:d8:49:63:97:e6:
         86:79:95:79:73:35:5b:54:c4:98:83:d1:21:d2:3d:7b:22:be:
         8f:f8:c3:c3:d7:cd:5d:37:71:17:cf:32:46:2f:39:14:63:63:
         cb:39:5b:9e:b3:22:b0:02:a8:fe:6c:1e:e5:b7:76:05:b1:82:
         08:7a:50:71:ab:99:60:5d:7b:40:6f:9f:c5:5e:a1:6b:d3:c3:
         eb:35:cb:71:5b:4b:d3:cc:9f:1f:df:cd:f1:82:09:e3:df:7f:
         98:56:0f:bc:bc:d3:3d:f8:e6:69:c9:80:fa:23:07:bc:1e:11:
         d6:22:67:ab:45:aa:46:37:7c:d8:df:16:fd:11:8b:66:9e:3c:
         01:c2:cd:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFFMthNUPuSYJvs8mE0HMoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjQwODEyMDYwNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNkMTIxNTlmYzE3ZDRmMDUwYTUxOWFiZGU2ZDcyZWVjNTgxNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LyXPWRsGfFbnGKB2ZBY0eaPy1Cu
VO3ICCi8W9fqf7PpTRpc19HD80b5Q1GTACEzvzXbwTbS17gkIVHQ+cYhI/XLYxl+
pMazvLA7VTI8lzNJ/ceEkIpTUyFf/EF3IyUkugqG5PB7MAgqQZGmE1t7aXBkwCW/
WaIo5VlA6Pzug+RGqGGH6OkaAJePAO/K5NfZLnXDj+GrDX9R9rnVnMNso8oBT263
ywoAwO00uQbZxBuWB29yfR57bbfBMqPwGFicohD/wvJ+OlQRZJ4CWQv9jNwDdbT2
NNFHLI9qsVLr2wgV8nzQMNRwbdD9ZTHpEflAUbXmYTH56ACFf/0Z7bLUhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJI9EhWfwX1PBQpRmr3m1y7sWBVbMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEva2owU0ZaX0JmVThGQ2xHYXZlYlhMdXhZRlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1OajMA0G
CSqGSIb3DQEBCwUAA4IBAQAKKz0EWeUvyDtxCQ/LGAOS66QqBFokyS4f1IBfmscQ
v+VHexNk2BthqPY6i9c6jVypEEZ1ty7snOFJtb01xnlCZpbVSvBS/rdX2v2nJAXY
fNAtg0aU4faqp6xOteraL8j+w+qUqVdX563kipcuUfFQ25nb0qFk3fiQ2Eljl+aG
eZV5czVbVMSYg9Eh0j17Ir6P+MPD181dN3EXzzJGLzkUY2PLOVuesyKwAqj+bB7l
t3YFsYIIelBxq5lgXXtAb5/FXqFr08PrNctxW0vTzJ8f383xggnj33+YVg+8vNM9
+OZpyYD6Iwe8HhHWImerRapGN3zY3xb9EYtmnjwBws0y
-----END CERTIFICATE-----