Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/1-dvDKQatG6LmsS2Gtl2Z0jXN0q4.roa
File:                     1-dvDKQatG6LmsS2Gtl2Z0jXN0q4.roa (raw, json)
Hash identifier:          OCwcRLqLzU9MoTPH0YxVzqGg6rAnP7Th744fLfnYz98=
Subject key identifier:   F9:DB:C3:29:06:AD:1B:A2:E6:B1:2D:86:B6:5D:99:D2:35:CD:D2:AE
Certificate issuer:       /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial:       018CC7956A34583403E3353756C2E16FB8AC
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/1-dvDKQatG6LmsS2Gtl2Z0jXN0q4.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34804
IP address blocks:        85.159.224.0/24 maxlen: 24
                          85.159.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6a:34:58:34:03:e3:35:37:56:c2:e1:6f:b8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9dbc32906ad1ba2e6b12d86b65d99d235cdd2ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:78:af:c7:77:fa:ed:cc:ef:79:ec:9d:19:f2:
                    ae:65:6d:f0:f8:a3:b7:f2:15:78:0f:8d:47:42:42:
                    5f:ab:0c:56:c9:ea:cf:0d:c4:78:10:71:ac:a6:82:
                    8e:71:8f:ed:fb:99:66:a8:34:fb:6f:c7:0b:4c:b5:
                    90:f1:29:8e:95:57:cc:de:51:19:20:2f:05:54:68:
                    45:08:f3:8f:28:19:1b:88:65:43:e4:1f:bb:88:0f:
                    b5:8c:ba:a3:7c:b8:2e:5e:f8:ec:43:ce:3c:2b:89:
                    35:8c:60:3f:c1:6c:e5:bd:c6:75:3e:fc:98:37:1b:
                    87:5f:5a:3e:3c:31:ce:5c:84:67:55:18:81:5b:49:
                    64:d7:d9:79:24:89:d1:20:eb:39:b5:40:67:61:7f:
                    70:45:03:86:0e:5f:2c:36:dc:72:3f:d9:ce:63:12:
                    97:90:37:12:5b:a4:0d:fc:99:8d:e3:49:09:02:3c:
                    18:45:ed:f2:a7:9d:12:f3:03:e3:02:e8:de:b8:e9:
                    f0:da:3f:ef:ca:fb:ee:67:d2:ac:a4:9b:11:92:bd:
                    3a:1c:83:bf:22:61:95:45:12:e4:f9:65:e9:59:70:
                    76:cb:e8:47:56:0c:1a:6b:35:37:21:5e:a2:a1:b0:
                    7e:eb:cc:81:23:82:ab:b6:0e:11:85:d3:16:42:00:
                    96:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DB:C3:29:06:AD:1B:A2:E6:B1:2D:86:B6:5D:99:D2:35:CD:D2:AE
            X509v3 Authority Key Identifier:
                keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/1-dvDKQatG6LmsS2Gtl2Z0jXN0q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.224.0/24
                  85.159.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6e:39:64:10:a0:7b:b7:6d:a4:7a:73:d4:ac:59:c4:91:bf:
         5b:77:d4:b2:27:0b:8e:25:16:4e:a3:e6:d7:8e:ed:d2:c2:b0:
         40:6c:ae:47:e1:7b:1d:d9:b1:91:7b:cc:6c:1a:15:a8:34:12:
         2a:75:50:90:d0:ee:5c:16:ac:59:d8:35:cd:f9:bb:f5:92:be:
         7a:16:3f:aa:97:75:cc:98:e3:c6:1c:6e:fc:e6:82:59:69:4d:
         79:03:b1:9e:84:a3:82:b8:64:0e:6c:e3:92:54:b5:a8:6c:6d:
         7a:75:04:ac:b8:ec:e0:96:89:16:4f:9a:c7:53:73:f2:ea:e8:
         f0:82:9b:cd:9d:4a:ad:18:2d:e0:35:cd:47:a3:cc:30:b3:a6:
         4d:b7:d9:1b:5c:03:fd:b5:66:f2:3e:44:36:2c:79:2a:64:61:
         e5:f0:c0:99:8f:fe:2b:d5:2d:d8:d0:fa:b1:58:c4:43:1e:2c:
         2f:2f:da:85:d8:7e:36:a0:25:1f:f0:7b:59:59:95:90:f3:7a:
         13:77:db:21:32:4e:a1:ed:ab:bc:de:b3:ed:84:4c:20:aa:c2:
         7c:f4:53:3e:1b:08:e9:ee:3f:b3:92:f2:fe:85:96:01:4f:ab:
         59:8e:98:48:73:ec:50:5e:3a:a5:8f:ce:c3:05:9e:92:1a:fa:
         06:c1:81:a9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzHlWo0WDQD4zU3VsLhb7isMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWRiYzMyOTA2YWQxYmEyZTZiMTJkODZiNjVkOTlkMjM1Y2RkMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3ivx3f67czveeydGfKuZW3w+KO3
8hV4D41HQkJfqwxWyerPDcR4EHGspoKOcY/t+5lmqDT7b8cLTLWQ8SmOlVfM3lEZ
IC8FVGhFCPOPKBkbiGVD5B+7iA+1jLqjfLguXvjsQ848K4k1jGA/wWzlvcZ1PvyY
NxuHX1o+PDHOXIRnVRiBW0lk19l5JInRIOs5tUBnYX9wRQOGDl8sNtxyP9nOYxKX
kDcSW6QN/JmN40kJAjwYRe3yp50S8wPjAujeuOnw2j/vyvvuZ9KspJsRkr06HIO/
ImGVRRLk+WXpWXB2y+hHVgwaazU3IV6iobB+68yBI4Krtg4RhdMWQgCWdQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPnbwykGrRui5rEthrZdmdI1zdKuMB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvMS1kdkRLUWF0RzZMbXNTMkd0bDJaMGpYTjBxNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzcvNTllOGMzLTYyNmItNGVjZS04ZTM5LWRmNzkzYTk0MGJh
Yi8xL0hqYmVKNWRISjZvQVJyUHB5TkJpUm5SVUVsVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFWf4AME
AFWf4zANBgkqhkiG9w0BAQsFAAOCAQEAk245ZBCge7dtpHpz1KxZxJG/W3fUsicL
jiUWTqPm147t0sKwQGyuR+F7HdmxkXvMbBoVqDQSKnVQkNDuXBasWdg1zfm79ZK+
ehY/qpd1zJjjxhxu/OaCWWlNeQOxnoSjgrhkDmzjklS1qGxtenUErLjs4JaJFk+a
x1Nz8uro8IKbzZ1KrRgt4DXNR6PMMLOmTbfZG1wD/bVm8j5ENix5KmRh5fDAmY/+
K9Ut2ND6sVjEQx4sLy/ahdh+NqAlH/B7WVmVkPN6E3fbITJOoe2rvN6z7YRMIKrC
fPRTPhsI6e4/s5Ly/oWWAU+rWY6YSHPsUF46pY/OwwWekhr6BsGBqQ==
-----END CERTIFICATE-----