Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/sETIY9UJ-QS9Wgm_eHozMkangfk.roa
File:                     sETIY9UJ-QS9Wgm_eHozMkangfk.roa (raw, json)
Hash identifier:          cZfUht8/esXyeal5WIWVKZQ6F5ZVn7Euy49JCLUtU2U=
Subject key identifier:   B0:44:C8:63:D5:09:F9:04:BD:5A:09:BF:78:7A:33:32:46:A7:81:F9
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC42534C5FE13E42A8935D614B670E0F0
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/sETIY9UJ-QS9Wgm_eHozMkangfk.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207540
IP address blocks:        185.216.138.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:34:c5:fe:13:e4:2a:89:35:d6:14:b6:70:e0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b044c863d509f904bd5a09bf787a333246a781f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:77:0f:72:e2:e1:61:3c:16:ce:27:19:e5:a0:
                    7e:63:76:e5:02:8c:83:0a:a6:81:87:8f:b6:26:60:
                    0b:48:b4:e4:33:f6:c8:90:d9:8e:0b:69:f1:e6:2c:
                    28:9c:51:7d:f3:9f:bf:89:ee:5b:41:67:e3:30:dd:
                    be:83:fa:29:ef:de:74:c9:b2:06:6f:b1:83:11:cd:
                    45:1b:50:70:0a:c8:8c:bd:2b:e4:80:21:9e:d4:09:
                    22:a5:1a:0a:c7:35:f6:33:29:5f:6f:b3:68:ee:b4:
                    79:f4:a6:c7:38:c6:f6:65:6f:85:5f:f4:05:ad:7d:
                    63:b6:48:fc:d6:70:1d:21:4a:4b:be:e5:81:b2:1c:
                    4b:66:fb:36:d4:c4:45:85:91:e8:53:b6:c2:25:91:
                    4f:6c:5a:0a:f7:ca:59:69:43:ca:43:a7:0f:3d:36:
                    ac:1d:3c:f2:d2:da:e6:55:5e:0e:0f:fc:ec:ed:7d:
                    3a:2f:4a:a9:b9:30:5c:4a:5e:41:71:27:69:14:1d:
                    ee:9b:99:23:1c:6d:28:e5:a7:f2:f6:04:6a:55:b1:
                    ea:56:32:59:5d:38:03:f5:d8:0a:8f:63:c4:d7:8a:
                    21:2c:0f:1b:6e:83:ef:ac:93:93:54:79:62:e8:df:
                    5a:cb:0e:16:e2:8a:98:f1:b9:c6:0b:0e:66:9e:37:
                    7a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:44:C8:63:D5:09:F9:04:BD:5A:09:BF:78:7A:33:32:46:A7:81:F9
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/sETIY9UJ-QS9Wgm_eHozMkangfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:6b:2b:e3:51:69:7c:ce:b2:a2:ac:cb:ef:50:e2:f0:88:40:
         ec:c3:d3:0a:b1:c8:d5:1e:04:ab:52:f1:05:1b:38:2a:11:77:
         2e:9e:1f:29:95:99:b5:2b:c9:25:4c:fe:be:b1:8c:3d:eb:f1:
         a3:3d:a1:54:d6:9f:97:62:28:c6:c2:db:e5:65:6e:82:65:dc:
         a7:bb:ce:74:7f:1e:9f:47:3b:61:d8:da:cf:1f:12:cb:b2:30:
         b1:48:17:4c:11:4e:c6:66:0f:1c:ef:29:47:e2:7e:bb:6f:4e:
         c2:23:d3:de:de:0d:a8:a3:c9:db:75:de:e5:a6:2d:29:bc:38:
         92:ba:65:7d:f5:f7:1a:bf:4d:6e:86:a6:5e:af:21:a2:4a:37:
         58:90:a4:0b:8d:0d:e4:2a:00:f7:74:3d:18:a8:ee:7d:7c:e1:
         37:28:7e:07:4b:cc:aa:f3:c0:84:8e:73:01:1c:3c:f0:55:ec:
         77:5e:a3:b7:95:d8:35:b8:b8:91:af:eb:a8:fa:80:48:27:9f:
         2e:d2:60:30:89:cc:cf:9f:74:44:56:f4:39:67:e9:66:f2:05:
         7e:f7:e3:97:ba:50:d8:fc:22:cc:44:2d:50:f5:7d:b9:7c:cb:
         79:0b:24:fc:82:71:c4:4c:e0:9f:93:d3:10:dc:f1:6e:d4:c5:
         17:33:06:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTTF/hPkKok11hS2cODwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ0Yzg2M2Q1MDlmOTA0YmQ1YTA5YmY3ODdhMzMzMjQ2YTc4MWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHcPcuLhYTwWzicZ5aB+Y3blAoyD
CqaBh4+2JmALSLTkM/bIkNmOC2nx5iwonFF985+/ie5bQWfjMN2+g/op7950ybIG
b7GDEc1FG1BwCsiMvSvkgCGe1AkipRoKxzX2Mylfb7No7rR59KbHOMb2ZW+FX/QF
rX1jtkj81nAdIUpLvuWBshxLZvs21MRFhZHoU7bCJZFPbFoK98pZaUPKQ6cPPTas
HTzy0trmVV4OD/zs7X06L0qpuTBcSl5BcSdpFB3um5kjHG0o5afy9gRqVbHqVjJZ
XTgD9dgKj2PE14ohLA8bboPvrJOTVHli6N9ayw4W4oqY8bnGCw5mnjd6GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBEyGPVCfkEvVoJv3h6MzJGp4H5MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvc0VUSVk5VUotUVM5V2dtX2VIb3pNa2FuZ2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudiKMA0G
CSqGSIb3DQEBCwUAA4IBAQAZayvjUWl8zrKirMvvUOLwiEDsw9MKscjVHgSrUvEF
GzgqEXcunh8plZm1K8klTP6+sYw96/GjPaFU1p+XYijGwtvlZW6CZdynu850fx6f
Rzth2NrPHxLLsjCxSBdMEU7GZg8c7ylH4n67b07CI9Pe3g2oo8nbdd7lpi0pvDiS
umV99fcav01uhqZeryGiSjdYkKQLjQ3kKgD3dD0YqO59fOE3KH4HS8yq88CEjnMB
HDzwVex3XqO3ldg1uLiRr+uo+oBIJ58u0mAwiczPn3REVvQ5Z+lm8gV+9+OXulDY
/CLMRC1Q9X25fMt5CyT8gnHETOCfk9MQ3PFu1MUXMwa+
-----END CERTIFICATE-----