Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/OqtWDcAhrLASpFpcoujNWs-aVVs.roa
File:                     OqtWDcAhrLASpFpcoujNWs-aVVs.roa (raw, json)
Hash identifier:          rHalOR5zS+xZnQpcM9u0Nrs0zadVSqFH0MJjfbI6ULQ=
Subject key identifier:   3A:AB:56:0D:C0:21:AC:B0:12:A4:5A:5C:A2:E8:CD:5A:CF:9A:55:5B
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B93FCA97D28BBDE10E2C09563684CC
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/OqtWDcAhrLASpFpcoujNWs-aVVs.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199173
IP address blocks:        85.187.218.0/23 maxlen: 23
                          85.187.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3f:ca:97:d2:8b:bd:e1:0e:2c:09:56:36:84:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aab560dc021acb012a45a5ca2e8cd5acf9a555b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d0:a1:ad:fd:a7:2d:b3:5a:e9:85:87:f5:6d:
                    85:d8:7b:e9:41:d0:2b:8c:3c:d2:92:d0:65:08:20:
                    05:bc:d9:2f:f7:88:77:ce:8c:be:94:fd:60:b8:31:
                    8e:b6:1a:7a:04:f2:fa:13:53:ef:e7:d1:69:40:e6:
                    39:51:b7:f3:df:8c:d6:25:26:9a:18:53:5c:53:64:
                    34:91:fa:91:76:04:bd:7d:20:e5:fe:38:b7:fc:d6:
                    d4:07:dd:3c:98:2c:e3:b0:5e:39:5e:8f:5e:bd:bc:
                    70:d3:e3:16:d6:92:b9:a7:0e:e2:65:c5:54:6e:81:
                    02:ca:74:7c:63:23:15:fb:19:d2:07:b2:da:9f:25:
                    4c:d5:e5:47:29:13:21:1a:8a:f3:ad:71:39:9a:26:
                    96:2f:76:5c:2d:2b:1d:d2:d9:8f:bc:69:1f:f5:77:
                    f0:a0:27:cc:dd:ed:75:79:f3:d1:87:05:fe:68:e7:
                    b2:b4:40:e1:62:d7:3d:e2:25:27:81:8b:f6:f7:1e:
                    52:b5:1c:89:5a:d6:46:dc:6c:37:0e:95:be:55:1c:
                    f4:e1:c1:58:38:43:91:f6:95:d9:97:cf:af:d2:1a:
                    c4:87:36:d3:8a:0a:3c:90:00:2f:a4:0b:c1:f0:36:
                    f5:8a:e2:48:75:a3:b1:1d:74:12:ab:98:5f:11:3a:
                    f6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:AB:56:0D:C0:21:AC:B0:12:A4:5A:5C:A2:E8:CD:5A:CF:9A:55:5B
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/OqtWDcAhrLASpFpcoujNWs-aVVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.218.0/23
                  85.187.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:2d:2c:cc:54:21:4b:ce:52:fc:02:5a:9a:3c:65:09:6a:ce:
         e0:db:e6:55:8c:44:8f:5c:92:ab:fb:c6:ad:b8:76:76:b2:4b:
         db:a5:4b:92:8f:c9:68:fd:b6:6b:e3:06:54:d9:95:e1:3c:a1:
         a4:0c:44:6d:38:dc:4c:d0:04:5d:f3:67:36:4c:43:82:d0:39:
         95:bf:3f:6a:db:c6:ba:04:f3:eb:44:e2:01:9c:05:ac:5f:aa:
         2a:48:34:b5:c2:ec:53:81:84:3c:e8:a1:eb:9d:2c:b3:15:50:
         e6:ae:fd:f2:cc:5e:eb:c9:31:57:bd:6b:51:cf:84:04:b8:52:
         bb:34:a5:e7:e7:ec:ce:f3:e0:ac:01:d4:ec:24:07:2e:a7:97:
         17:3d:84:18:ab:39:07:bd:e7:a0:36:d6:65:67:de:03:df:8c:
         4d:1f:69:69:c1:1d:08:55:8f:b3:91:bd:6d:3b:c2:0b:3d:dd:
         4d:72:84:ee:5b:d8:31:5c:2b:fb:20:f5:0e:23:0c:65:e1:d6:
         e1:f3:b1:a2:7f:44:40:49:2a:e7:40:87:42:7e:a6:7a:8e:8a:
         2a:3d:7a:f7:17:78:d9:ba:d2:6b:54:7c:cd:1f:c7:43:12:b1:
         91:d8:fc:af:07:de:17:fc:60:8a:d4:9c:87:d9:c1:bd:ea:6c:
         cc:46:18:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuT/Kl9KLveEOLAlWNoTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWFiNTYwZGMwMjFhY2IwMTJhNDVhNWNhMmU4Y2Q1YWNmOWE1NTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9Chrf2nLbNa6YWH9W2F2HvpQdAr
jDzSktBlCCAFvNkv94h3zoy+lP1guDGOthp6BPL6E1Pv59FpQOY5Ubfz34zWJSaa
GFNcU2Q0kfqRdgS9fSDl/ji3/NbUB908mCzjsF45Xo9evbxw0+MW1pK5pw7iZcVU
boECynR8YyMV+xnSB7LanyVM1eVHKRMhGorzrXE5miaWL3ZcLSsd0tmPvGkf9Xfw
oCfM3e11efPRhwX+aOeytEDhYtc94iUngYv29x5StRyJWtZG3Gw3DpW+VRz04cFY
OEOR9pXZl8+v0hrEhzbTigo8kAAvpAvB8Db1iuJIdaOxHXQSq5hfETr2jQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDqrVg3AIaywEqRaXKLozVrPmlVbMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvT3F0V0RjQWhyTEFTcEZwY291ak5Xcy1hVlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVbvaAwQD
VbvgMA0GCSqGSIb3DQEBCwUAA4IBAQABLSzMVCFLzlL8AlqaPGUJas7g2+ZVjESP
XJKr+8atuHZ2skvbpUuSj8lo/bZr4wZU2ZXhPKGkDERtONxM0ARd82c2TEOC0DmV
vz9q28a6BPPrROIBnAWsX6oqSDS1wuxTgYQ86KHrnSyzFVDmrv3yzF7ryTFXvWtR
z4QEuFK7NKXn5+zO8+CsAdTsJAcup5cXPYQYqzkHveegNtZlZ94D34xNH2lpwR0I
VY+zkb1tO8ILPd1NcoTuW9gxXCv7IPUOIwxl4dbh87Gif0RASSrnQIdCfqZ6jooq
PXr3F3jZutJrVHzNH8dDErGR2PyvB94X/GCK1JyH2cG96mzMRhiQ
-----END CERTIFICATE-----