Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/DkxvlWO6S_Zbp4zmIsOzxsdJW60.roa
File:                     DkxvlWO6S_Zbp4zmIsOzxsdJW60.roa (raw, json)
Hash identifier:          049z9ji52FW6LDKpEWWaAaiY8FXw8PZ6lCSQ3j4jtQs=
Subject key identifier:   0E:4C:6F:95:63:BA:4B:F6:5B:A7:8C:E6:22:C3:B3:C6:C7:49:5B:AD
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B94532F6A8A38A7B1455DF451D25D3
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/DkxvlWO6S_Zbp4zmIsOzxsdJW60.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206045
IP address blocks:        85.187.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:45:32:f6:a8:a3:8a:7b:14:55:df:45:1d:25:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e4c6f9563ba4bf65ba78ce622c3b3c6c7495bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ef:34:1e:6e:bf:d7:83:17:2d:17:22:51:22:
                    09:b3:88:2d:c2:04:86:6a:2e:5e:fa:7a:70:4e:d6:
                    5e:6e:e5:a6:bb:e5:28:1d:00:5a:27:ec:9e:72:87:
                    30:d4:3a:bd:f2:0a:cb:53:4f:e2:bf:53:d6:42:f7:
                    f4:11:d4:15:d3:1e:66:8a:5b:aa:db:5b:ff:05:ef:
                    d8:f1:54:64:37:90:26:e8:39:b9:eb:b5:01:97:32:
                    79:bf:1c:dd:a9:65:49:17:1a:92:d9:41:18:81:99:
                    94:c7:88:68:08:d1:0c:48:5a:8e:74:69:cc:7e:b6:
                    57:4e:38:27:14:05:93:52:79:3b:a7:09:c6:2a:29:
                    82:e7:88:4d:53:8c:4d:00:8d:ef:b5:c5:eb:c4:ce:
                    e2:3e:00:de:e8:09:f0:bc:a2:16:7e:60:94:d9:34:
                    b7:ac:fe:30:18:4e:37:a6:3b:95:6a:d1:64:1d:88:
                    2d:77:9f:b4:93:db:45:45:a2:14:26:6a:4b:af:1d:
                    e5:bd:c4:64:ba:1a:b6:ab:89:c5:0d:27:5c:4e:03:
                    d6:29:1b:2c:af:a6:e9:2f:74:be:53:2b:df:70:07:
                    d0:67:f0:b6:69:1d:22:43:8d:0f:cf:03:a3:04:2c:
                    ce:1a:2a:90:f1:d8:59:bf:b1:cb:0f:39:76:7d:88:
                    80:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4C:6F:95:63:BA:4B:F6:5B:A7:8C:E6:22:C3:B3:C6:C7:49:5B:AD
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/DkxvlWO6S_Zbp4zmIsOzxsdJW60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b6:22:c3:f3:4e:57:90:f8:2a:41:0f:b7:a2:66:d7:34:fc:
         09:68:0a:c3:0b:99:9a:ae:b2:ab:5e:6c:bf:f3:c8:a5:11:99:
         7a:d2:49:76:b3:f7:83:28:ce:1a:3f:81:40:ea:91:14:31:74:
         a3:30:2b:78:9a:43:72:71:71:62:ca:95:92:82:37:c2:4f:51:
         cf:9f:9e:41:8f:a6:52:69:99:0c:33:ea:45:0a:a5:d2:34:92:
         f7:0d:e4:7c:06:14:83:a6:87:c9:04:13:c7:3a:5c:da:70:5e:
         84:42:f3:e6:28:6a:66:f2:4d:0b:49:db:58:29:d5:8e:ad:bb:
         03:c8:98:5b:39:25:8e:83:d2:03:c8:74:e5:58:c0:f3:27:4e:
         6a:74:d9:96:32:0c:86:84:f3:a7:70:7a:89:b4:43:a7:cc:41:
         96:6b:10:c4:99:f8:ec:74:b1:ec:7f:50:3d:27:12:93:14:e8:
         43:6f:3c:2f:80:42:ff:10:74:6b:0a:ac:09:27:16:35:4e:e1:
         ea:62:6a:95:c7:88:42:90:42:c1:4c:33:02:2a:e0:8e:27:c7:
         34:a2:98:8a:b1:34:b4:2f:6a:1c:39:0a:8d:63:9a:48:0a:56:
         02:f9:c5:2a:06:8b:7a:86:d0:fd:08:9d:97:66:7b:0c:db:36:
         af:b5:61:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUUy9qijinsUVd9FHSXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTRjNmY5NTYzYmE0YmY2NWJhNzhjZTYyMmMzYjNjNmM3NDk1YmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+80Hm6/14MXLRciUSIJs4gtwgSG
ai5e+npwTtZebuWmu+UoHQBaJ+yecocw1Dq98grLU0/iv1PWQvf0EdQV0x5miluq
21v/Be/Y8VRkN5Am6Dm567UBlzJ5vxzdqWVJFxqS2UEYgZmUx4hoCNEMSFqOdGnM
frZXTjgnFAWTUnk7pwnGKimC54hNU4xNAI3vtcXrxM7iPgDe6AnwvKIWfmCU2TS3
rP4wGE43pjuVatFkHYgtd5+0k9tFRaIUJmpLrx3lvcRkuhq2q4nFDSdcTgPWKRss
r6bpL3S+UyvfcAfQZ/C2aR0iQ40PzwOjBCzOGiqQ8dhZv7HLDzl2fYiAFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5Mb5Vjukv2W6eM5iLDs8bHSVutMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvRGt4dmxXTzZTX1picDR6bUlzT3p4c2RKVzYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVbsJMA0G
CSqGSIb3DQEBCwUAA4IBAQA7tiLD805XkPgqQQ+3ombXNPwJaArDC5marrKrXmy/
88ilEZl60kl2s/eDKM4aP4FA6pEUMXSjMCt4mkNycXFiypWSgjfCT1HPn55Bj6ZS
aZkMM+pFCqXSNJL3DeR8BhSDpofJBBPHOlzacF6EQvPmKGpm8k0LSdtYKdWOrbsD
yJhbOSWOg9IDyHTlWMDzJ05qdNmWMgyGhPOncHqJtEOnzEGWaxDEmfjsdLHsf1A9
JxKTFOhDbzwvgEL/EHRrCqwJJxY1TuHqYmqVx4hCkELBTDMCKuCOJ8c0opiKsTS0
L2ocOQqNY5pIClYC+cUqBot6htD9CJ2XZnsM2zavtWES
-----END CERTIFICATE-----