Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KBTSSCEN7mOGE0AUFVynJt-PbG0.roa
File:                     KBTSSCEN7mOGE0AUFVynJt-PbG0.roa (raw, json)
Hash identifier:          4oFud3dAl/cpYLntObmI+8ugV1LZ9Vu7l3PuDiWugqg=
Subject key identifier:   28:14:D2:48:21:0D:EE:63:86:13:40:14:15:5C:A7:26:DF:8F:6C:6D
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B93A1902036D6BCA2436A53CCE99C0
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KBTSSCEN7mOGE0AUFVynJt-PbG0.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57705
IP address blocks:        85.187.43.0/24 maxlen: 24
                          85.187.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3a:19:02:03:6d:6b:ca:24:36:a5:3c:ce:99:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2814d248210dee6386134014155ca726df8f6c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:85:61:fa:fd:77:53:f0:78:8e:a2:f0:df:c7:
                    e4:f5:ca:e6:51:e9:76:d8:64:45:9c:c9:6f:50:67:
                    a1:dc:d6:4d:ea:50:3b:bf:5b:18:ad:3f:70:9f:9d:
                    a9:9f:86:2a:2b:be:7f:04:97:59:6b:df:08:01:2e:
                    42:50:0e:05:c2:08:54:32:67:6d:f4:b5:f0:e9:a9:
                    91:ef:8d:e7:d4:b2:35:b7:84:83:1d:4c:a9:e7:c1:
                    9d:14:0a:2f:7e:27:3f:5a:c4:34:27:c7:a7:80:12:
                    67:fa:c9:a4:86:d8:2a:e4:f8:9e:18:bc:a6:d1:06:
                    c0:32:c6:34:42:41:d2:84:6a:73:6c:2e:1b:9b:74:
                    24:b5:f1:06:7a:1d:51:4b:ff:df:a8:cb:a9:70:a6:
                    64:f9:fe:ca:72:29:74:74:ef:52:c0:10:15:44:aa:
                    a3:dc:09:b9:4c:68:2c:d5:53:1f:37:7c:ef:b9:a3:
                    f6:9f:cf:16:c4:04:41:94:2d:e3:84:ee:d4:b6:9d:
                    94:1b:f8:50:e6:38:34:75:3a:66:41:58:d6:0f:c5:
                    f0:84:2c:10:0b:d4:d4:47:9e:b0:42:cf:91:ad:57:
                    ff:55:41:30:fb:9b:26:a2:e5:b6:17:a9:17:d2:bd:
                    ca:7e:29:f9:a2:70:85:dc:31:6e:cc:d2:f6:86:6c:
                    be:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:14:D2:48:21:0D:EE:63:86:13:40:14:15:5C:A7:26:DF:8F:6C:6D
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/KBTSSCEN7mOGE0AUFVynJt-PbG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.17.0/24
                  85.187.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:19:71:98:ab:68:c2:cf:0e:67:67:4b:f4:89:aa:b9:39:9c:
         5d:e8:74:04:bc:18:e4:47:3a:8c:96:02:f5:2a:62:0d:16:1c:
         41:53:74:94:8f:4f:77:04:bf:33:25:f5:b4:75:19:3f:bc:01:
         d1:b6:e5:60:63:83:78:df:4e:42:33:8b:1a:cf:b6:66:b4:4b:
         d9:f0:1e:2a:69:1d:a8:45:7f:7e:f7:6e:0d:18:5b:57:f9:5a:
         3e:b5:75:1d:c0:92:a3:6b:28:c6:51:ce:6a:f0:00:82:4b:c8:
         15:b9:e4:28:3c:eb:6f:1e:80:b0:ba:94:7f:7a:e9:ad:90:90:
         a8:c0:03:ce:4e:09:7f:1f:1f:b3:b2:9c:30:81:69:5b:cd:71:
         1c:05:07:91:ee:98:4f:24:01:21:46:3c:f5:5f:59:60:20:72:
         98:b3:62:dc:81:c4:cb:05:a1:60:fc:15:8f:a3:ec:8c:d8:26:
         c2:34:c4:34:a1:77:9c:ff:3c:d1:d4:d2:29:4f:41:ac:7c:50:
         e0:74:a9:eb:35:56:70:59:4c:9e:cd:71:ef:07:c2:30:16:b3:
         45:28:b9:4c:8a:b6:b3:86:c0:d5:30:71:69:7d:72:54:4a:29:
         93:7d:f7:d6:5c:66:a0:26:3a:10:1a:a4:a6:c2:53:f3:e1:80:
         65:50:74:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuToZAgNta8okNqU8zpnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE0ZDI0ODIxMGRlZTYzODYxMzQwMTQxNTVjYTcyNmRmOGY2YzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YVh+v13U/B4jqLw38fk9crmUel2
2GRFnMlvUGeh3NZN6lA7v1sYrT9wn52pn4YqK75/BJdZa98IAS5CUA4FwghUMmdt
9LXw6amR743n1LI1t4SDHUyp58GdFAovfic/WsQ0J8engBJn+smkhtgq5PieGLym
0QbAMsY0QkHShGpzbC4bm3QktfEGeh1RS//fqMupcKZk+f7Kcil0dO9SwBAVRKqj
3Am5TGgs1VMfN3zvuaP2n88WxARBlC3jhO7Utp2UG/hQ5jg0dTpmQVjWD8XwhCwQ
C9TUR56wQs+RrVf/VUEw+5smouW2F6kX0r3Kfin5onCF3DFuzNL2hmy+CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCgU0kghDe5jhhNAFBVcpybfj2xtMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvS0JUU1NDRU43bU9HRTBBVUZWeW5KdC1QYkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVbsRAwQA
VbsrMA0GCSqGSIb3DQEBCwUAA4IBAQCvGXGYq2jCzw5nZ0v0iaq5OZxd6HQEvBjk
RzqMlgL1KmINFhxBU3SUj093BL8zJfW0dRk/vAHRtuVgY4N4305CM4saz7ZmtEvZ
8B4qaR2oRX9+924NGFtX+Vo+tXUdwJKjayjGUc5q8ACCS8gVueQoPOtvHoCwupR/
eumtkJCowAPOTgl/Hx+zspwwgWlbzXEcBQeR7phPJAEhRjz1X1lgIHKYs2LcgcTL
BaFg/BWPo+yM2CbCNMQ0oXec/zzR1NIpT0GsfFDgdKnrNVZwWUyezXHvB8IwFrNF
KLlMirazhsDVMHFpfXJUSimTfffWXGagJjoQGqSmwlPz4YBlUHSy
-----END CERTIFICATE-----