Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ietCoLfL7i9kswDThWn5z0hZjgA.roa
File:                     ietCoLfL7i9kswDThWn5z0hZjgA.roa (raw, json)
Hash identifier:          wxe/iOMR14sqQQzvYtpQkp/06NoS37n1VQsIftB70Gs=
Subject key identifier:   89:EB:42:A0:B7:CB:EE:2F:64:B3:00:D3:85:69:F9:CF:48:59:8E:00
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B93E610C23BADC3BA998B94C5CE815
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ietCoLfL7i9kswDThWn5z0hZjgA.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64464
IP address blocks:        185.72.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:61:0c:23:ba:dc:3b:a9:98:b9:4c:5c:e8:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89eb42a0b7cbee2f64b300d38569f9cf48598e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:58:77:54:bd:04:b3:f9:ec:cd:f7:48:41:0c:
                    91:55:74:8d:9b:56:41:17:05:bd:1c:d1:5b:1f:3f:
                    31:6d:3e:af:75:e4:1a:23:d9:92:9e:c0:35:e4:98:
                    b9:c1:1b:7f:ce:63:c2:e0:63:29:e2:64:ee:c3:33:
                    8d:f2:a4:12:bf:51:a6:54:27:7b:9b:8b:7e:f9:f3:
                    8b:9e:bd:ac:0b:27:a8:f9:36:13:d1:57:b7:ce:78:
                    47:10:58:9b:42:fe:58:b5:e8:3b:38:4d:e4:ec:13:
                    61:86:6d:66:fa:01:de:42:ac:34:95:99:1a:4d:47:
                    a7:e2:66:91:06:8f:26:c7:93:c3:26:f2:26:c6:70:
                    25:6a:fc:78:5b:b9:65:17:90:29:c3:c0:67:d9:bb:
                    08:50:06:91:98:3a:50:d7:fa:d1:42:a6:a7:48:26:
                    89:31:6f:9f:4b:94:e6:4e:c3:e3:ca:bb:57:d0:5f:
                    45:d3:22:10:0e:17:4d:92:52:a8:f8:70:8a:c7:33:
                    1d:50:bf:82:df:be:d0:e9:d8:f8:62:8b:6a:f6:cb:
                    ba:d2:7d:ac:a9:09:4e:be:70:dc:28:a6:60:c0:01:
                    33:24:59:bc:c2:3f:87:31:64:6a:52:cc:da:1a:3b:
                    5c:38:e2:3d:aa:12:61:b2:2a:f9:3c:c4:f2:71:38:
                    42:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:EB:42:A0:B7:CB:EE:2F:64:B3:00:D3:85:69:F9:CF:48:59:8E:00
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ietCoLfL7i9kswDThWn5z0hZjgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ce:99:03:24:04:7d:b3:d1:39:7d:41:ed:42:61:cf:88:09:
         d5:5a:db:02:62:b5:1a:25:2b:6e:57:78:ed:ce:e9:2d:32:d9:
         5b:6f:fd:fa:51:cf:68:2c:8f:b7:dc:3a:6e:d2:3b:62:b9:b1:
         f7:26:78:9a:3f:5e:2f:d4:4f:23:6b:ea:85:3d:2c:2e:12:79:
         54:47:44:93:41:d1:5c:ba:66:74:5d:1c:85:4c:9a:eb:16:8d:
         5a:19:76:1c:4f:33:6b:4b:41:ee:73:94:50:d3:67:d8:8b:3f:
         7d:12:c2:71:7d:79:8b:9b:64:25:ae:f6:3c:e4:ff:5c:7a:5e:
         a0:dc:d4:87:5e:d7:ba:74:99:83:0e:87:8a:0a:89:ec:9b:b6:
         6c:a9:68:2f:1b:96:05:e6:dc:4f:06:ca:07:f8:33:b7:92:d9:
         f2:1f:da:ad:42:2b:72:01:13:3d:4a:8a:60:b5:8b:8d:fd:b5:
         88:10:cf:4e:1b:46:06:e1:6b:46:7d:ef:3a:32:66:a9:42:e9:
         f2:c8:36:87:86:05:a3:48:81:05:e0:5d:03:46:fa:ba:a7:aa:
         76:f9:47:16:60:92:b8:3b:1c:55:cf:a7:f9:98:7b:34:7b:ac:
         15:54:60:06:0c:e7:ca:c4:1b:69:2e:2e:e4:9b:74:6c:f6:88:
         2c:12:d2:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT5hDCO63DupmLlMXOgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWViNDJhMGI3Y2JlZTJmNjRiMzAwZDM4NTY5ZjljZjQ4NTk4ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFh3VL0Es/nszfdIQQyRVXSNm1ZB
FwW9HNFbHz8xbT6vdeQaI9mSnsA15Ji5wRt/zmPC4GMp4mTuwzON8qQSv1GmVCd7
m4t++fOLnr2sCyeo+TYT0Ve3znhHEFibQv5Yteg7OE3k7BNhhm1m+gHeQqw0lZka
TUen4maRBo8mx5PDJvImxnAlavx4W7llF5Apw8Bn2bsIUAaRmDpQ1/rRQqanSCaJ
MW+fS5TmTsPjyrtX0F9F0yIQDhdNklKo+HCKxzMdUL+C377Q6dj4Yotq9su60n2s
qQlOvnDcKKZgwAEzJFm8wj+HMWRqUszaGjtcOOI9qhJhsir5PMTycThCWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInrQqC3y+4vZLMA04Vp+c9IWY4AMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvaWV0Q29MZkw3aTlrc3dEVGhXbjV6MGhaamdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUg7MA0G
CSqGSIb3DQEBCwUAA4IBAQAozpkDJAR9s9E5fUHtQmHPiAnVWtsCYrUaJStuV3jt
zuktMtlbb/36Uc9oLI+33Dpu0jtiubH3JniaP14v1E8ja+qFPSwuEnlUR0STQdFc
umZ0XRyFTJrrFo1aGXYcTzNrS0Huc5RQ02fYiz99EsJxfXmLm2QlrvY85P9cel6g
3NSHXte6dJmDDoeKConsm7ZsqWgvG5YF5txPBsoH+DO3ktnyH9qtQityARM9Sopg
tYuN/bWIEM9OG0YG4WtGfe86MmapQunyyDaHhgWjSIEF4F0DRvq6p6p2+UcWYJK4
OxxVz6f5mHs0e6wVVGAGDOfKxBtpLi7km3Rs9ogsEtKk
-----END CERTIFICATE-----