Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/2bA0U3MAp1ekUpJPNZpxrHhCBFo.roa
File:                     2bA0U3MAp1ekUpJPNZpxrHhCBFo.roa (raw, json)
Hash identifier:          99x2yQSepSjyIsHZevPb6hHXIeiNPea2fS73X7YnSG8=
Subject key identifier:   D9:B0:34:53:73:00:A7:57:A4:52:92:4F:35:9A:71:AC:78:42:04:5A
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B9462C2320DC99826697AAB5655DA2
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/2bA0U3MAp1ekUpJPNZpxrHhCBFo.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207879
IP address blocks:        85.187.45.0/24 maxlen: 24
                          185.242.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:46:2c:23:20:dc:99:82:66:97:aa:b5:65:5d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9b034537300a757a452924f359a71ac7842045a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4a:98:2f:8a:f2:cf:71:59:5c:10:a8:6e:7a:
                    a6:01:26:1b:77:b7:7c:bd:c9:f6:35:ff:66:75:0a:
                    36:85:78:c5:67:8b:18:af:da:46:59:73:7e:21:d4:
                    b1:5b:3a:d0:28:7c:3a:f6:13:1d:1a:07:db:24:b0:
                    b0:02:7a:38:88:04:17:8b:9a:ab:4f:0c:8a:f9:00:
                    a9:fc:57:f9:09:69:8b:7e:47:89:26:67:c3:3e:28:
                    18:d0:52:1e:9b:f7:4d:e6:d8:7b:3d:d1:40:5d:44:
                    59:df:29:33:77:f4:46:54:4c:11:16:21:9d:bb:e7:
                    e1:22:c5:19:8a:1a:c6:a8:27:6e:87:70:e3:89:3a:
                    be:8d:da:fc:d1:05:0b:1b:42:7a:ed:64:66:5d:48:
                    d5:cf:f1:46:af:7e:b4:40:2e:8a:cb:11:0e:08:29:
                    29:4b:d5:ba:34:51:31:44:a0:e4:a5:60:c0:1e:00:
                    11:c5:a8:9e:e0:45:3e:b8:4f:ec:03:7b:4e:83:45:
                    68:d0:2c:93:3d:2a:94:7c:be:af:61:d1:dd:58:0a:
                    93:56:57:0b:3e:d3:84:6e:58:32:6b:04:fd:7a:94:
                    1d:56:fb:2b:2e:36:91:a5:64:cd:13:5d:7e:5c:29:
                    98:4f:35:75:2c:49:ed:90:95:3a:41:a3:57:1f:c4:
                    77:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B0:34:53:73:00:A7:57:A4:52:92:4F:35:9A:71:AC:78:42:04:5A
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/2bA0U3MAp1ekUpJPNZpxrHhCBFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.45.0/24
                  185.242.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:88:ff:9e:1c:22:ee:7d:4e:38:49:d7:ef:73:9a:04:e6:2b:
         af:6b:7f:50:64:96:d5:68:7f:df:99:61:06:95:f9:a0:64:1b:
         04:37:5a:c5:02:52:b9:6a:2b:fe:11:97:3e:99:7c:d5:20:14:
         00:c8:e3:30:bf:b7:0a:0a:07:39:33:f3:fe:e7:bf:bf:19:87:
         f3:72:86:2c:33:68:0b:56:d0:86:b6:f9:fa:aa:3d:3b:1e:f8:
         98:ad:03:6c:b9:28:c3:05:b2:52:79:6f:26:f9:63:f7:6c:54:
         7f:6e:57:90:46:02:48:15:37:54:3d:83:41:b9:9d:1e:e7:63:
         a1:f4:a5:8d:46:ed:00:3d:30:5b:b1:a4:5b:33:01:c1:9e:be:
         0e:4d:9e:95:8f:b1:6a:68:3b:f1:95:72:8b:b1:74:56:25:cd:
         cd:a7:65:4c:b3:d5:cf:52:a9:44:b5:74:5e:d6:4a:cc:9d:7a:
         82:5a:da:5c:29:37:71:5b:68:40:ca:ae:62:d9:c9:55:9c:0e:
         7e:ef:9d:83:cc:34:f2:22:bb:86:23:da:cf:88:02:61:90:8b:
         3a:27:37:04:7a:06:e2:eb:2c:49:cd:77:aa:c2:0a:14:47:81:
         d2:51:d4:31:2a:d1:5f:3a:5e:51:c1:a2:24:f7:54:95:4c:0f:
         90:1a:d1:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuUYsIyDcmYJml6q1ZV2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWIwMzQ1MzczMDBhNzU3YTQ1MjkyNGYzNTlhNzFhYzc4NDIwNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUqYL4ryz3FZXBCobnqmASYbd7d8
vcn2Nf9mdQo2hXjFZ4sYr9pGWXN+IdSxWzrQKHw69hMdGgfbJLCwAno4iAQXi5qr
TwyK+QCp/Ff5CWmLfkeJJmfDPigY0FIem/dN5th7PdFAXURZ3ykzd/RGVEwRFiGd
u+fhIsUZihrGqCduh3DjiTq+jdr80QULG0J67WRmXUjVz/FGr360QC6KyxEOCCkp
S9W6NFExRKDkpWDAHgARxaie4EU+uE/sA3tOg0Vo0CyTPSqUfL6vYdHdWAqTVlcL
PtOEblgyawT9epQdVvsrLjaRpWTNE11+XCmYTzV1LEntkJU6QaNXH8R3BQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNmwNFNzAKdXpFKSTzWacax4QgRaMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvMmJBMFUzTUFwMWVrVXBKUE5acHhySGhDQkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVbstAwQA
ufKrMA0GCSqGSIb3DQEBCwUAA4IBAQDUiP+eHCLufU44Sdfvc5oE5iuva39QZJbV
aH/fmWEGlfmgZBsEN1rFAlK5aiv+EZc+mXzVIBQAyOMwv7cKCgc5M/P+57+/GYfz
coYsM2gLVtCGtvn6qj07HviYrQNsuSjDBbJSeW8m+WP3bFR/bleQRgJIFTdUPYNB
uZ0e52Oh9KWNRu0APTBbsaRbMwHBnr4OTZ6Vj7FqaDvxlXKLsXRWJc3Np2VMs9XP
UqlEtXRe1krMnXqCWtpcKTdxW2hAyq5i2clVnA5+752DzDTyIruGI9rPiAJhkIs6
JzcEegbi6yxJzXeqwgoUR4HSUdQxKtFfOl5RwaIk91SVTA+QGtGc
-----END CERTIFICATE-----