Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/jN6jU32Jh9SRwO7GK4Gwq0erO5Y.roa
File:                     jN6jU32Jh9SRwO7GK4Gwq0erO5Y.roa (raw, json)
Hash identifier:          IVEOvpAPMqeuXx/ahYTvB3I3FIazWgE5K1/5S4srxSo=
Subject key identifier:   8C:DE:A3:53:7D:89:87:D4:91:C0:EE:C6:2B:81:B0:AB:47:AB:3B:96
Certificate issuer:       /CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
Certificate serial:       018CCA295C1A4B5D48E2575C4468C0E6EDCA
Authority key identifier: F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/jN6jU32Jh9SRwO7GK4Gwq0erO5Y.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8218
IP address blocks:        164.138.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5c:1a:4b:5d:48:e2:57:5c:44:68:c0:e6:ed:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cdea3537d8987d491c0eec62b81b0ab47ab3b96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:4f:60:70:38:8e:b6:67:56:c2:19:5f:b6:24:
                    65:15:5f:06:05:f2:6a:64:0f:a5:74:c2:61:94:a6:
                    95:e3:9f:94:76:f2:20:76:ab:c6:e3:5c:46:c1:41:
                    75:93:89:a3:dc:e5:62:8e:b9:d0:67:f7:45:bc:b4:
                    29:42:0a:8c:3b:1c:92:11:4f:3b:f7:cc:55:f1:57:
                    37:60:c7:40:82:d0:8d:02:51:bc:dd:df:f1:8c:0f:
                    0d:c5:79:74:36:62:f7:2e:e5:25:d2:b2:d1:e4:c4:
                    1f:33:15:b3:84:2d:0a:00:b8:2a:07:d0:7b:90:df:
                    13:12:78:11:1f:5c:c4:19:08:82:f3:d2:d3:5f:01:
                    86:10:f2:2a:bb:5e:b7:a5:f8:16:21:3e:44:9b:40:
                    2e:15:84:bd:a6:56:79:94:4b:74:30:ee:27:5c:10:
                    60:75:ec:60:83:b4:4a:c4:f7:c4:e2:ef:d0:8d:64:
                    86:b8:e6:b2:83:2a:32:9e:18:41:b6:0e:c3:29:8a:
                    84:5c:a8:c3:38:6e:3f:8f:0c:9d:da:b3:7f:7d:0e:
                    53:17:76:fd:60:e4:62:d9:b9:52:af:33:1a:a2:d6:
                    06:f4:ff:6f:df:8e:16:b2:6d:a8:f3:7c:3d:af:f7:
                    2f:4b:1c:e2:68:20:0f:12:90:ac:70:b0:72:ec:49:
                    71:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DE:A3:53:7D:89:87:D4:91:C0:EE:C6:2B:81:B0:AB:47:AB:3B:96
            X509v3 Authority Key Identifier:
                keyid:F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/jN6jU32Jh9SRwO7GK4Gwq0erO5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:4d:5e:07:34:34:f3:84:7e:e8:f9:89:37:cb:38:98:74:eb:
         7d:fe:c6:fd:2e:1d:66:47:ee:9a:d6:36:56:d6:d3:e3:f5:b6:
         71:3c:a1:1b:86:35:62:03:74:94:dc:05:d6:a0:2a:af:e6:9c:
         c1:36:72:f3:2f:84:15:ad:cb:11:2e:32:6b:51:44:8c:43:1c:
         16:6c:18:6e:7f:1d:b4:74:a5:d4:5b:77:cb:b6:be:2a:45:8f:
         9b:6d:2c:83:d0:5d:51:7d:ed:3b:c3:80:a3:32:ff:64:69:79:
         90:f4:b4:1b:13:3e:2b:ce:5b:38:2a:d9:4c:8e:2d:f5:a5:7e:
         74:64:22:89:14:bb:e2:c7:d3:d2:15:08:36:f9:e4:90:40:13:
         72:d7:57:11:41:ec:2c:fc:bb:5c:77:72:d1:b8:d9:53:0d:76:
         86:eb:02:4a:9f:4f:5f:0c:40:8c:2e:e9:bd:c2:77:81:c6:2a:
         cd:36:33:8a:fc:21:df:d6:a2:ce:ea:78:0d:ab:84:94:6b:7d:
         4a:80:f0:fd:43:11:5d:de:a6:46:07:5f:44:5f:e9:05:00:2f:
         ac:f0:f8:97:7a:92:98:ea:59:6c:dd:57:60:a4:cd:45:73:c9:
         26:7a:83:9e:5b:bd:06:bf:83:df:37:76:57:9b:1a:fe:7d:8f:
         ec:80:51:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKVwaS11I4ldcRGjA5u3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzOTRhNDY0NzI4YjgyODU2ZGMyYjk1NWNjYWU5YWI1YmE2
NTM5YzgwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RlYTM1MzdkODk4N2Q0OTFjMGVlYzYyYjgxYjBhYjQ3YWIzYjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA709gcDiOtmdWwhlftiRlFV8GBfJq
ZA+ldMJhlKaV45+UdvIgdqvG41xGwUF1k4mj3OVijrnQZ/dFvLQpQgqMOxySEU87
98xV8Vc3YMdAgtCNAlG83d/xjA8NxXl0NmL3LuUl0rLR5MQfMxWzhC0KALgqB9B7
kN8TEngRH1zEGQiC89LTXwGGEPIqu163pfgWIT5Em0AuFYS9plZ5lEt0MO4nXBBg
dexgg7RKxPfE4u/QjWSGuOaygyoynhhBtg7DKYqEXKjDOG4/jwyd2rN/fQ5TF3b9
YORi2blSrzMaotYG9P9v344Wsm2o83w9r/cvSxziaCAPEpCscLBy7ElxmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzeo1N9iYfUkcDuxiuBsKtHqzuWMB8GA1UdIwQY
MBaAFPOUpGRyi4KFbcK5VcyumrW6ZTnIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgt
ZjI2NjRkMTkyMWQzLzEvak42alUzMkpoOVNSd083R0s0R3dxMGVyTzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgtZjI2NjRkMTkyMWQz
LzEvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApIr2MA0G
CSqGSIb3DQEBCwUAA4IBAQAgTV4HNDTzhH7o+Yk3yziYdOt9/sb9Lh1mR+6a1jZW
1tPj9bZxPKEbhjViA3SU3AXWoCqv5pzBNnLzL4QVrcsRLjJrUUSMQxwWbBhufx20
dKXUW3fLtr4qRY+bbSyD0F1Rfe07w4CjMv9kaXmQ9LQbEz4rzls4KtlMji31pX50
ZCKJFLvix9PSFQg2+eSQQBNy11cRQews/Ltcd3LRuNlTDXaG6wJKn09fDECMLum9
wneBxirNNjOK/CHf1qLO6ngNq4SUa31KgPD9QxFd3qZGB19EX+kFAC+s8PiXepKY
6lls3VdgpM1Fc8kmeoOeW70Gv4PfN3ZXmxr+fY/sgFEo
-----END CERTIFICATE-----