Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/APi0i-j_bBG9LSEQofhbd4DaEsw.roa
File:                     APi0i-j_bBG9LSEQofhbd4DaEsw.roa (raw, json)
Hash identifier:          IJUdGD9JyIzQE37qoxBxrRtdqt7HbsA9LMXG84gdxfE=
Subject key identifier:   00:F8:B4:8B:E8:FF:6C:11:BD:2D:21:10:A1:F8:5B:77:80:DA:12:CC
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018CC6B81350B23A68E4242E5368F8309563
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/APi0i-j_bBG9LSEQofhbd4DaEsw.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202060
IP address blocks:        185.41.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:13:50:b2:3a:68:e4:24:2e:53:68:f8:30:95:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00f8b48be8ff6c11bd2d2110a1f85b7780da12cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:10:42:bf:82:50:bc:d5:78:bf:80:42:38:c2:
                    43:ff:3c:dc:19:18:56:41:e1:20:48:5a:8c:23:18:
                    cd:00:56:b9:ef:f2:33:0e:1d:32:d0:fa:31:65:a6:
                    f3:c3:01:49:6d:b2:ec:4b:29:08:8b:f0:56:1e:c6:
                    c0:99:65:1a:b8:9d:7d:22:61:4c:3e:80:67:e9:c2:
                    e4:58:84:e2:de:d4:90:8d:59:45:88:01:6c:23:e6:
                    01:31:79:a4:06:0d:3a:fa:64:50:9b:ac:02:32:30:
                    53:6a:ed:4f:0e:4e:cf:ba:fb:34:69:2d:fb:2a:7d:
                    a8:af:0e:19:7f:64:29:44:0c:3d:10:28:4e:93:5f:
                    fb:8d:c6:04:b9:b0:5b:ab:a7:b2:47:98:db:58:c1:
                    cb:0d:6e:70:a7:f5:1b:cb:3a:4f:1c:82:6a:19:6b:
                    8b:b7:b0:ee:f9:7d:45:aa:7b:cb:dc:c9:a6:8a:0c:
                    c8:59:6b:db:45:f5:4d:27:eb:61:bc:d2:a4:14:ca:
                    86:eb:7e:ab:67:eb:38:82:53:64:09:1c:d6:0c:a2:
                    ca:78:44:26:61:db:f0:55:cb:bf:4c:f2:c4:ee:42:
                    3d:a5:ac:da:7c:68:50:a6:30:12:bf:47:e5:b8:2b:
                    7a:41:22:d0:79:9c:d9:e4:7a:4b:b7:cc:64:4c:d0:
                    1a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F8:B4:8B:E8:FF:6C:11:BD:2D:21:10:A1:F8:5B:77:80:DA:12:CC
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/APi0i-j_bBG9LSEQofhbd4DaEsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3a:d2:01:b0:62:15:96:71:12:ea:8d:4b:df:82:e0:b6:dd:
         2f:fa:5b:25:33:7a:9e:50:9d:83:64:d2:22:60:70:c5:72:8e:
         77:25:78:07:2f:a2:7d:6f:67:1b:fc:69:be:db:f3:bf:28:93:
         7d:f4:17:a6:bd:a1:f6:c0:00:c2:78:8d:47:d3:57:1a:27:f2:
         80:39:3a:e6:d2:25:58:03:dd:34:84:83:69:c4:b4:bc:16:40:
         8c:bf:4c:bc:4e:f4:32:74:52:c6:c4:f2:c0:79:9f:78:87:c5:
         74:04:6b:67:4f:0b:b6:3f:99:87:f5:4f:08:af:ea:14:c5:a9:
         a9:6e:7e:cc:fd:7d:b7:2d:2b:28:ab:df:96:9a:8f:e2:6d:ec:
         83:1a:b0:76:8a:40:df:6b:40:c9:85:68:fd:69:b5:3b:e8:41:
         f3:29:06:30:a2:73:82:84:da:7c:4e:eb:48:d2:d0:10:f3:87:
         60:a3:0b:56:b6:e5:f4:09:62:d2:5e:46:45:ee:62:65:b6:ed:
         82:bb:db:5b:76:21:63:b9:e0:6d:0e:f4:d9:2e:28:dd:cf:12:
         c6:06:a0:f6:23:9d:f4:8a:57:71:16:e3:b4:9a:da:06:81:ab:
         75:28:35:42:7e:2f:c5:ba:f9:e9:eb:f5:92:e3:26:97:56:bc:
         1c:aa:4b:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuBNQsjpo5CQuU2j4MJVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY4YjQ4YmU4ZmY2YzExYmQyZDIxMTBhMWY4NWI3NzgwZGExMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRBCv4JQvNV4v4BCOMJD/zzcGRhW
QeEgSFqMIxjNAFa57/IzDh0y0PoxZabzwwFJbbLsSykIi/BWHsbAmWUauJ19ImFM
PoBn6cLkWITi3tSQjVlFiAFsI+YBMXmkBg06+mRQm6wCMjBTau1PDk7Puvs0aS37
Kn2orw4Zf2QpRAw9EChOk1/7jcYEubBbq6eyR5jbWMHLDW5wp/UbyzpPHIJqGWuL
t7Du+X1FqnvL3MmmigzIWWvbRfVNJ+thvNKkFMqG636rZ+s4glNkCRzWDKLKeEQm
YdvwVcu/TPLE7kI9pazafGhQpjASv0fluCt6QSLQeZzZ5HpLt8xkTNAaswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAD4tIvo/2wRvS0hEKH4W3eA2hLMMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvQVBpMGktal9iQkc5TFNFUW9maGJkNERhRXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSnzMA0G
CSqGSIb3DQEBCwUAA4IBAQAdOtIBsGIVlnES6o1L34Lgtt0v+lslM3qeUJ2DZNIi
YHDFco53JXgHL6J9b2cb/Gm+2/O/KJN99BemvaH2wADCeI1H01caJ/KAOTrm0iVY
A900hINpxLS8FkCMv0y8TvQydFLGxPLAeZ94h8V0BGtnTwu2P5mH9U8Ir+oUxamp
bn7M/X23LSsoq9+Wmo/ibeyDGrB2ikDfa0DJhWj9abU76EHzKQYwonOChNp8TutI
0tAQ84dgowtWtuX0CWLSXkZF7mJltu2Cu9tbdiFjueBtDvTZLijdzxLGBqD2I530
ildxFuO0mtoGgat1KDVCfi/Fuvnp6/WS4yaXVrwcqkug
-----END CERTIFICATE-----