Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/1-yDeptPK9dfxbEe1zalWderyFEI.roa
File:                     1-yDeptPK9dfxbEe1zalWderyFEI.roa (raw, json)
Hash identifier:          I/BYSGh3st8TNUnUFW/fxtOzYlnSsGwJrKRFq2DG8M8=
Subject key identifier:   FB:20:DE:A6:D3:CA:F5:D7:F1:6C:47:B5:CD:A9:56:75:EA:F2:14:42
Certificate issuer:       /CN=613d23f2121327d917d708d8fe153382455959a8
Certificate serial:       018CC94D6F815DD90B3CD8DC1FECE3EF58C7
Authority key identifier: 61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/1-yDeptPK9dfxbEe1zalWderyFEI.roa
Signing time:             Tue 02 Jan 2024 08:32:24 +0000
ROA not before:           Tue 02 Jan 2024 08:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.209.208.0/24 maxlen: 24
                          185.209.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:6f:81:5d:d9:0b:3c:d8:dc:1f:ec:e3:ef:58:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613d23f2121327d917d708d8fe153382455959a8
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb20dea6d3caf5d7f16c47b5cda95675eaf21442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:45:44:36:d8:d6:ee:91:ed:f6:02:65:28:f3:
                    78:37:e6:c7:f0:e2:6c:39:85:71:6b:9e:2a:80:e1:
                    c6:a8:f8:ff:e8:1f:dc:39:f3:3b:64:0c:bc:28:3b:
                    1e:b5:29:32:50:df:22:fa:0b:4e:54:96:1d:89:f1:
                    64:7d:29:b9:15:16:9a:33:24:ff:cc:22:50:28:8b:
                    00:24:e2:df:50:ff:29:61:f7:d7:de:ff:80:04:b8:
                    49:ab:19:63:42:dd:28:95:f3:0e:2e:78:39:21:7e:
                    be:08:20:ca:21:25:06:a8:78:fa:da:07:e0:d0:75:
                    8b:c6:2a:d5:84:b8:25:4c:61:f2:76:cc:ce:36:48:
                    14:10:eb:ff:b8:3d:6c:8e:b8:13:7b:ee:1f:f9:67:
                    fa:39:62:73:45:87:3a:89:80:cf:a8:b7:83:b4:f7:
                    cc:4c:21:47:f0:88:ec:57:28:75:cf:6d:ff:c0:08:
                    c7:c9:a9:6b:0e:f9:3f:6d:12:b7:2a:69:0f:84:da:
                    90:4a:ab:66:02:dd:5c:c0:c0:27:54:fc:89:4f:2b:
                    3e:68:ef:aa:16:f2:c6:f9:eb:69:8e:c5:55:dd:84:
                    85:9b:d2:d1:e8:58:de:1a:e2:bb:58:d2:d7:1e:86:
                    8e:44:05:5b:38:f5:f7:08:54:20:57:20:d4:bc:18:
                    79:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:20:DE:A6:D3:CA:F5:D7:F1:6C:47:B5:CD:A9:56:75:EA:F2:14:42
            X509v3 Authority Key Identifier:
                keyid:61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/1-yDeptPK9dfxbEe1zalWderyFEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:c7:33:11:3d:cc:10:ef:b1:ab:b0:da:da:f8:ac:e4:19:ea:
         cd:67:7f:76:d2:68:87:e0:8b:41:c8:47:42:48:46:17:7d:e9:
         2c:a1:72:45:c8:59:80:17:06:00:5e:a5:a0:31:f3:65:11:0b:
         bc:e2:23:07:bc:67:f8:57:cd:4b:25:59:2e:17:a2:6d:35:83:
         ad:46:b3:6a:c9:41:30:4c:a3:f9:70:6f:64:89:56:9f:ed:55:
         20:5c:80:7e:05:09:c6:e7:c7:80:32:d4:2c:bf:74:80:ea:0e:
         30:3c:ac:89:6b:d2:55:9d:d8:76:de:67:10:64:76:22:68:3c:
         1b:8b:bd:cb:5c:a2:19:3b:a5:7b:63:9f:c1:63:1f:ea:12:0c:
         6b:20:88:e0:30:90:ae:b2:8c:db:c5:70:37:27:f0:27:c5:91:
         6c:92:24:31:65:8a:2f:58:11:d2:7f:ed:00:55:83:9e:2a:31:
         42:19:6d:12:f3:41:d5:5a:79:58:49:d4:b1:22:74:b5:c0:d1:
         6c:99:46:e3:01:ff:e6:de:90:5b:6e:98:b0:18:5f:59:2d:38:
         0b:55:61:b1:96:f2:4a:65:f7:cc:f4:6b:d5:c2:3d:4c:b2:d3:
         78:08:94:f2:41:3d:e9:ae:06:c5:64:26:65:ba:12:5c:67:2b:
         ca:16:a6:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTW+BXdkLPNjcH+zj71jHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxM2QyM2YyMTIxMzI3ZDkxN2Q3MDhkOGZlMTUzMzgyNDU1
OTU5YTgwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjIwZGVhNmQzY2FmNWQ3ZjE2YzQ3YjVjZGE5NTY3NWVhZjIxNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkVENtjW7pHt9gJlKPN4N+bH8OJs
OYVxa54qgOHGqPj/6B/cOfM7ZAy8KDsetSkyUN8i+gtOVJYdifFkfSm5FRaaMyT/
zCJQKIsAJOLfUP8pYffX3v+ABLhJqxljQt0olfMOLng5IX6+CCDKISUGqHj62gfg
0HWLxirVhLglTGHydszONkgUEOv/uD1sjrgTe+4f+Wf6OWJzRYc6iYDPqLeDtPfM
TCFH8IjsVyh1z23/wAjHyalrDvk/bRK3KmkPhNqQSqtmAt1cwMAnVPyJTys+aO+q
FvLG+etpjsVV3YSFm9LR6FjeGuK7WNLXHoaORAVbOPX3CFQgVyDUvBh5qQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsg3qbTyvXX8WxHtc2pVnXq8hRCMB8GA1UdIwQY
MBaAFGE9I/ISEyfZF9cI2P4VM4JFWVmoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQt
N2E2MDViYTQwYzFlLzEvMS15RGVwdFBLOWRmeGJFZTF6YWxXZGVyeUZFSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzAvZmNlNmJlLTA4OTYtNDQ4Ny1hYTM0LTdhNjA1YmE0MGMx
ZS8xL1lUMGo4aElUSjlrWDF3allfaFV6Z2tWWldhZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbnR0DAN
BgkqhkiG9w0BAQsFAAOCAQEAC8czET3MEO+xq7Da2vis5BnqzWd/dtJoh+CLQchH
QkhGF33pLKFyRchZgBcGAF6loDHzZRELvOIjB7xn+FfNSyVZLheibTWDrUazaslB
MEyj+XBvZIlWn+1VIFyAfgUJxufHgDLULL90gOoOMDysiWvSVZ3Ydt5nEGR2Img8
G4u9y1yiGTule2OfwWMf6hIMayCI4DCQrrKM28VwNyfwJ8WRbJIkMWWKL1gR0n/t
AFWDnioxQhltEvNB1Vp5WEnUsSJ0tcDRbJlG4wH/5t6QW26YsBhfWS04C1VhsZby
SmX3zPRr1cI9TLLTeAiU8kE96a4GxWQmZboSXGcryham3w==
-----END CERTIFICATE-----