Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1rSEcxSJI3Vqp99PWh7sJqbp0mI.roa
File:                     1rSEcxSJI3Vqp99PWh7sJqbp0mI.roa (raw, json)
Hash identifier:          k5gn4yfULZ2xeDivsMHe5nuaS1M7y4pXBi/lwQrW7q8=
Subject key identifier:   D6:B4:84:73:14:89:23:75:6A:A7:DF:4F:5A:1E:EC:26:A6:E9:D2:62
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       018CC794316561B1AE3A9C7ED58F3A35069A
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1rSEcxSJI3Vqp99PWh7sJqbp0mI.roa
Signing time:             Tue 02 Jan 2024 00:30:27 +0000
ROA not before:           Tue 02 Jan 2024 00:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54113
IP address blocks:        185.221.87.0/24 maxlen: 24
                          2a0d:8000:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:31:65:61:b1:ae:3a:9c:7e:d5:8f:3a:35:06:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Jan  2 00:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6b48473148923756aa7df4f5a1eec26a6e9d262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:37:f2:be:4f:d4:ee:cd:1f:c3:e6:a0:58:da:
                    f4:9e:03:fb:90:57:ab:14:60:a5:01:c6:ce:75:0d:
                    a3:a9:0f:06:68:8e:2a:bf:fc:4e:e2:5d:65:de:93:
                    83:16:37:e1:5b:b5:f3:31:ef:07:8b:27:09:e0:ad:
                    5d:97:e6:da:26:3f:e7:dc:26:1d:b1:d1:07:d7:5e:
                    21:71:03:bd:4e:3b:a5:d1:c9:7a:13:e0:93:e5:b7:
                    4d:eb:26:de:c6:a6:d4:30:5e:32:d7:a6:87:e6:cc:
                    d1:80:f6:2f:b3:44:fe:27:d6:49:ee:c2:ab:ca:0d:
                    96:df:55:3f:51:2a:84:f3:58:0b:10:7d:0d:aa:6c:
                    21:37:49:81:e6:d1:e7:85:56:fe:46:bb:bf:c5:df:
                    1b:d8:8c:77:c4:09:d5:32:a2:f7:a5:9f:66:6b:c6:
                    73:78:f7:e7:65:b9:85:b2:45:a9:03:d2:75:b0:82:
                    45:88:9d:1e:ee:33:30:5b:d9:d7:92:f9:8f:a6:32:
                    bd:37:ea:c1:ad:0b:87:72:29:ce:c3:87:92:37:8d:
                    03:80:80:c9:f2:03:2c:d2:2c:94:e9:6e:e9:6c:8b:
                    ba:87:5b:f2:01:6b:46:99:7e:d3:00:ef:b3:dd:bb:
                    81:83:78:98:31:1b:5a:2a:9a:f1:9f:60:2d:74:fa:
                    a7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B4:84:73:14:89:23:75:6A:A7:DF:4F:5A:1E:EC:26:A6:E9:D2:62
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1rSEcxSJI3Vqp99PWh7sJqbp0mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.87.0/24
                IPv6:
                  2a0d:8000:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:f1:87:f0:a2:6a:df:04:d4:8f:dc:ee:7d:ff:10:7a:e1:f7:
         87:fb:73:5e:eb:05:2c:ca:82:a5:48:c7:4f:a7:6a:b2:9c:5f:
         62:c9:53:74:41:bc:49:8a:0d:12:dd:61:89:10:92:9d:5b:61:
         1e:5c:78:c5:6b:c0:7a:22:34:44:b7:75:4c:2f:51:e8:a2:fe:
         27:f6:82:b5:fb:a5:b6:2e:6f:22:cc:c6:d5:ff:8a:63:2c:22:
         73:aa:51:e8:f6:4a:87:c0:61:40:a1:eb:7f:97:56:06:ce:9f:
         85:2e:cd:c8:bf:20:43:80:41:a7:30:9f:f9:0f:d9:4a:5d:7f:
         dc:29:d2:62:28:d6:a7:7f:12:d2:55:ca:81:4c:33:7d:28:36:
         b9:0d:95:7e:c5:4a:30:38:46:df:fa:96:23:c8:f2:f7:4c:c8:
         8a:21:1a:13:9b:cf:e4:d1:01:86:9a:77:90:2b:b5:96:74:56:
         30:b5:1a:72:32:89:31:e8:4a:64:bc:4d:7c:fa:89:6e:01:57:
         3a:7b:0b:a3:52:68:4d:de:ef:54:ec:54:58:ab:ef:78:96:e0:
         0f:27:01:fd:52:e7:2a:a8:77:a9:42:e4:db:25:b3:0f:44:c8:
         89:df:94:b4:4a:f3:64:df:c1:a8:f1:d9:7b:27:ae:8c:d1:2d:
         6b:2b:08:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlDFlYbGuOpx+1Y86NQaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwMTAyMDAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmI0ODQ3MzE0ODkyMzc1NmFhN2RmNGY1YTFlZWMyNmE2ZTlkMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDfyvk/U7s0fw+agWNr0ngP7kFer
FGClAcbOdQ2jqQ8GaI4qv/xO4l1l3pODFjfhW7XzMe8HiycJ4K1dl+baJj/n3CYd
sdEH114hcQO9Tjul0cl6E+CT5bdN6ybexqbUMF4y16aH5szRgPYvs0T+J9ZJ7sKr
yg2W31U/USqE81gLEH0NqmwhN0mB5tHnhVb+Rru/xd8b2Ix3xAnVMqL3pZ9ma8Zz
ePfnZbmFskWpA9J1sIJFiJ0e7jMwW9nXkvmPpjK9N+rBrQuHcinOw4eSN40DgIDJ
8gMs0iyU6W7pbIu6h1vyAWtGmX7TAO+z3buBg3iYMRtaKprxn2AtdPqnDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNa0hHMUiSN1aqffT1oe7Cam6dJiMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvMXJTRWN4U0pJM1ZxcDk5UFdoN3NKcWJwMG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAud1XMA8E
AgACMAkDBwAqDYAAAAEwDQYJKoZIhvcNAQELBQADggEBAATxh/Ciat8E1I/c7n3/
EHrh94f7c17rBSzKgqVIx0+narKcX2LJU3RBvEmKDRLdYYkQkp1bYR5ceMVrwHoi
NES3dUwvUeii/if2grX7pbYubyLMxtX/imMsInOqUej2SofAYUCh63+XVgbOn4Uu
zci/IEOAQacwn/kP2Updf9wp0mIo1qd/EtJVyoFMM30oNrkNlX7FSjA4Rt/6liPI
8vdMyIohGhObz+TRAYaad5ArtZZ0VjC1GnIyiTHoSmS8TXz6iW4BVzp7C6NSaE3e
71TsVFir73iW4A8nAf1S5yqod6lC5Nslsw9EyInflLRK82Tfwajx2XsnrozRLWsr
CN8=
-----END CERTIFICATE-----