Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/uf3jjESzGclkFUzLvFqeMPFBaAc.roa
File:                     uf3jjESzGclkFUzLvFqeMPFBaAc.roa (raw, json)
Hash identifier:          z14Ru61fWb8xqQj3e2MTnbwdyJBOe6AdohPz6M0Hafs=
Subject key identifier:   B9:FD:E3:8C:44:B3:19:C9:64:15:4C:CB:BC:5A:9E:30:F1:41:68:07
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B933A98E57370B16EBF3FCB33094A5
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/uf3jjESzGclkFUzLvFqeMPFBaAc.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35499
IP address blocks:        85.187.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:33:a9:8e:57:37:0b:16:eb:f3:fc:b3:30:94:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fde38c44b319c964154ccbbc5a9e30f1416807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:de:b9:29:d0:64:01:72:c2:8b:89:ca:cb:e5:
                    de:95:0a:54:80:81:27:ce:ee:c5:ea:f0:a8:27:7c:
                    86:f8:3e:92:13:92:29:5c:77:60:16:07:e0:f5:dc:
                    f5:9b:cb:e4:ad:c9:f4:ea:98:96:cd:df:47:2b:5e:
                    5c:16:9f:c5:21:c7:5e:27:a9:aa:e0:49:b5:a8:95:
                    b0:5c:17:39:fe:a7:c5:b2:f1:a3:b7:0b:6e:2a:5e:
                    7b:55:05:ef:2d:a0:ad:a0:66:1e:7b:0e:d4:84:3f:
                    65:3b:14:9b:88:80:a1:30:05:4c:93:0d:cf:0a:60:
                    b3:06:0b:18:30:20:42:e2:03:09:0e:32:f0:06:e4:
                    80:26:50:16:66:3c:46:fd:b1:1b:8d:a6:70:2a:de:
                    51:47:47:cd:c4:11:02:3a:09:46:38:f8:26:69:93:
                    4e:99:f7:a8:4c:52:b1:ce:c3:41:40:ab:c0:4b:80:
                    fa:9e:7a:e5:ab:da:d8:68:4d:e9:7a:5e:28:f3:c5:
                    1e:87:7c:52:f8:ad:f1:ed:08:b6:1f:97:e6:ac:c5:
                    29:7a:52:a9:2d:a6:e4:db:29:78:c0:de:54:4d:70:
                    eb:e9:34:1e:d4:98:2a:49:77:95:17:8c:fe:e4:f1:
                    94:01:91:08:93:f6:b7:70:1f:a6:7e:41:3c:91:26:
                    b8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FD:E3:8C:44:B3:19:C9:64:15:4C:CB:BC:5A:9E:30:F1:41:68:07
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/uf3jjESzGclkFUzLvFqeMPFBaAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:71:4b:30:51:07:04:c1:24:3a:e8:02:5c:e5:6e:24:76:5e:
         a5:37:99:af:96:ad:d4:f3:84:97:f1:59:3e:78:24:3f:09:d8:
         db:88:4e:a2:19:5f:59:ce:f7:19:dd:60:2f:53:df:22:5a:f5:
         26:6d:c0:33:d5:cf:ec:9e:8a:47:da:23:f6:7e:28:8c:54:e9:
         5a:d5:6a:9f:2c:0c:1b:c5:4f:7c:03:38:d4:f6:ba:24:bd:98:
         ef:6d:b4:d2:6c:d0:85:72:7a:a9:c2:8e:04:2e:98:5d:38:0a:
         81:17:fb:dc:a0:7f:4f:cf:03:d4:b6:31:af:c1:07:a0:bb:4c:
         98:0d:1c:57:a5:47:03:88:7a:f6:57:2c:5a:51:1c:4e:ee:71:
         cc:e7:fc:04:44:ea:66:a3:6f:5a:c9:57:69:68:55:ce:32:f2:
         bf:7e:b6:ce:00:18:0d:24:74:e0:3f:5a:94:96:3b:1b:20:30:
         aa:4c:b4:80:5e:39:91:4f:0b:25:b8:2d:d3:c4:7d:bd:37:7b:
         f4:0f:96:5f:15:3e:ba:0e:d8:87:2d:ee:e2:7f:c1:0a:24:ca:
         1e:84:69:b9:d1:05:af:31:98:2c:51:7c:ce:7c:30:56:a2:36:
         6a:c7:42:45:c1:4b:26:f4:18:68:0e:c5:d8:41:b5:73:7f:8c:
         7e:27:9c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTOpjlc3Cxbr8/yzMJSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZkZTM4YzQ0YjMxOWM5NjQxNTRjY2JiYzVhOWUzMGYxNDE2ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid65KdBkAXLCi4nKy+XelQpUgIEn
zu7F6vCoJ3yG+D6SE5IpXHdgFgfg9dz1m8vkrcn06piWzd9HK15cFp/FIcdeJ6mq
4Em1qJWwXBc5/qfFsvGjtwtuKl57VQXvLaCtoGYeew7UhD9lOxSbiIChMAVMkw3P
CmCzBgsYMCBC4gMJDjLwBuSAJlAWZjxG/bEbjaZwKt5RR0fNxBECOglGOPgmaZNO
mfeoTFKxzsNBQKvAS4D6nnrlq9rYaE3pel4o88Ueh3xS+K3x7Qi2H5fmrMUpelKp
Labk2yl4wN5UTXDr6TQe1JgqSXeVF4z+5PGUAZEIk/a3cB+mfkE8kSa4qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn944xEsxnJZBVMy7xanjDxQWgHMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvdWYzampFU3pHY2xrRlV6THZGcWVNUEZCYUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVbsVMA0G
CSqGSIb3DQEBCwUAA4IBAQB3cUswUQcEwSQ66AJc5W4kdl6lN5mvlq3U84SX8Vk+
eCQ/CdjbiE6iGV9ZzvcZ3WAvU98iWvUmbcAz1c/snopH2iP2fiiMVOla1WqfLAwb
xU98AzjU9rokvZjvbbTSbNCFcnqpwo4ELphdOAqBF/vcoH9PzwPUtjGvwQegu0yY
DRxXpUcDiHr2VyxaURxO7nHM5/wEROpmo29ayVdpaFXOMvK/frbOABgNJHTgP1qU
ljsbIDCqTLSAXjmRTwsluC3TxH29N3v0D5ZfFT66DtiHLe7if8EKJMoehGm50QWv
MZgsUXzOfDBWojZqx0JFwUsm9BhoDsXYQbVzf4x+J5w1
-----END CERTIFICATE-----