Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lrxLJ67eMulNi3dVHicqWVnKW24.roa
File:                     lrxLJ67eMulNi3dVHicqWVnKW24.roa (raw, json)
Hash identifier:          Vi9AtFh30zvuxwCWG5N5dQbDJrmE913eXSPH4d9MADU=
Subject key identifier:   96:BC:4B:27:AE:DE:32:E9:4D:8B:77:55:1E:27:2A:59:59:CA:5B:6E
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B945DB08B36CEE4AF15D9886F8C38F
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lrxLJ67eMulNi3dVHicqWVnKW24.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207691
IP address blocks:        85.187.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:45:db:08:b3:6c:ee:4a:f1:5d:98:86:f8:c3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96bc4b27aede32e94d8b77551e272a5959ca5b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dc:20:de:0b:bb:97:dd:a1:98:55:12:ae:f1:
                    b8:4e:2f:8b:92:b7:4e:cd:22:6c:66:95:a4:ed:b1:
                    63:80:db:5e:6f:86:e0:da:e4:d3:ee:f8:4d:4a:b8:
                    6e:36:fb:e6:d6:7f:44:0d:3f:bf:e5:ed:d6:71:50:
                    c1:24:ee:3c:32:25:fb:bc:3b:13:9d:bf:17:86:ce:
                    4c:84:ea:9c:61:c1:2c:33:6c:a5:2d:5c:24:c9:9f:
                    70:b0:82:dc:01:fa:32:38:0f:6d:4e:76:65:53:de:
                    bc:cb:32:26:c6:24:89:56:a4:7f:d2:8a:b6:4c:56:
                    8d:83:53:94:6c:3c:5b:a7:d4:35:f2:9a:66:12:66:
                    fb:e4:6d:8c:b9:ef:f6:65:ae:42:69:c8:b9:91:91:
                    c2:cc:b9:f7:88:12:c0:a2:e9:3e:e4:69:88:bf:5f:
                    06:b8:45:7f:5d:54:6f:32:e6:c7:94:9b:dd:0b:99:
                    46:8b:a5:4c:ae:aa:fc:a7:14:ab:f1:91:d0:aa:86:
                    4f:41:6b:17:5f:48:bf:6c:1f:b1:e0:97:a7:ed:0c:
                    59:bf:3c:ae:fd:1e:56:f9:2b:b6:95:24:e9:57:73:
                    36:c8:b7:c3:18:84:d5:df:9a:b1:2f:b8:d6:7c:01:
                    7e:10:05:5c:0f:bd:42:7f:c4:8a:6b:4b:d7:81:9f:
                    b0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BC:4B:27:AE:DE:32:E9:4D:8B:77:55:1E:27:2A:59:59:CA:5B:6E
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/lrxLJ67eMulNi3dVHicqWVnKW24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:71:90:e7:61:a8:aa:bb:78:d4:a7:77:ae:78:0a:74:c9:b7:
         00:1f:92:06:29:f4:b1:f3:ef:46:9d:2f:25:85:77:be:ab:d5:
         a1:5a:18:a6:61:51:e6:59:f0:e1:f4:01:e9:02:38:56:8f:60:
         1f:aa:25:dc:f6:5c:bc:42:f2:13:23:c8:a9:43:e7:87:88:3d:
         20:96:ea:21:2f:30:ab:06:d9:1d:aa:5f:cd:b4:64:7f:6b:e6:
         52:b4:b4:0c:98:99:cc:89:ae:20:6c:07:6d:0a:9b:39:bc:10:
         64:ff:4c:97:0b:51:e5:c7:a5:cd:ae:8f:4c:1c:3e:11:b5:5b:
         d7:11:ad:65:02:9c:21:e5:fd:bf:9f:47:93:ec:60:44:d1:b5:
         40:9e:ba:b8:71:db:65:27:e4:6d:c0:80:57:55:d2:05:15:00:
         dc:21:d7:18:dc:68:88:da:e8:ca:2b:f1:6d:c6:48:30:e2:75:
         3b:0b:a4:a6:78:b4:52:a3:fb:d4:a2:e5:2e:e9:5d:29:35:9d:
         bf:12:77:0d:1b:74:b8:c6:84:b9:38:b2:a6:9e:fb:6c:89:cc:
         3d:07:6e:4e:44:35:8b:38:b9:11:66:72:0e:b8:d0:25:c3:51:
         f9:6e:59:89:13:34:71:18:46:aa:ae:cb:ac:c9:8c:d9:a7:5d:
         9d:90:d3:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUXbCLNs7krxXZiG+MOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJjNGIyN2FlZGUzMmU5NGQ4Yjc3NTUxZTI3MmE1OTU5Y2E1YjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNwg3gu7l92hmFUSrvG4Ti+LkrdO
zSJsZpWk7bFjgNteb4bg2uTT7vhNSrhuNvvm1n9EDT+/5e3WcVDBJO48MiX7vDsT
nb8Xhs5MhOqcYcEsM2ylLVwkyZ9wsILcAfoyOA9tTnZlU968yzImxiSJVqR/0oq2
TFaNg1OUbDxbp9Q18ppmEmb75G2Mue/2Za5Caci5kZHCzLn3iBLAouk+5GmIv18G
uEV/XVRvMubHlJvdC5lGi6VMrqr8pxSr8ZHQqoZPQWsXX0i/bB+x4Jen7QxZvzyu
/R5W+Su2lSTpV3M2yLfDGITV35qxL7jWfAF+EAVcD71Cf8SKa0vXgZ+wfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa8Syeu3jLpTYt3VR4nKllZyltuMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvbHJ4TEo2N2VNdWxOaTNkVkhpY3FXVm5LVzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVbszMA0G
CSqGSIb3DQEBCwUAA4IBAQC5cZDnYaiqu3jUp3eueAp0ybcAH5IGKfSx8+9GnS8l
hXe+q9WhWhimYVHmWfDh9AHpAjhWj2AfqiXc9ly8QvITI8ipQ+eHiD0gluohLzCr
Btkdql/NtGR/a+ZStLQMmJnMia4gbAdtCps5vBBk/0yXC1Hlx6XNro9MHD4RtVvX
Ea1lApwh5f2/n0eT7GBE0bVAnrq4cdtlJ+RtwIBXVdIFFQDcIdcY3GiI2ujKK/Ft
xkgw4nU7C6SmeLRSo/vUouUu6V0pNZ2/EncNG3S4xoS5OLKmnvtsicw9B25ORDWL
OLkRZnIOuNAlw1H5blmJEzRxGEaqrsusyYzZp12dkNOO
-----END CERTIFICATE-----