Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/V88_mCycGQHfaAiOQNHy8UdxJRQ.roa
File:                     V88_mCycGQHfaAiOQNHy8UdxJRQ.roa (raw, json)
Hash identifier:          SD7obvI5/VyG7fMeLNGXO8RLuuqcYY0GrlAI7fkNeGw=
Subject key identifier:   57:CF:3F:98:2C:9C:19:01:DF:68:08:8E:40:D1:F2:F1:47:71:25:14
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B679EAE7181F6D26B503C06A7B3E4
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/V88_mCycGQHfaAiOQNHy8UdxJRQ.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212351
IP address blocks:        185.120.34.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:67:9e:ae:71:81:f6:d2:6b:50:3c:06:a7:b3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57cf3f982c9c1901df68088e40d1f2f147712514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:25:e7:36:36:26:e0:df:9d:33:64:30:09:dd:
                    49:d9:e9:a3:5d:b7:dc:2c:4b:4e:24:7a:fc:17:14:
                    99:0f:56:65:bf:31:27:03:41:31:fa:a9:cd:c2:15:
                    8e:b4:75:a6:77:5f:e6:ab:3a:cd:1d:ae:d2:ac:9e:
                    a7:6a:fb:fe:70:35:44:11:c4:c1:13:e3:07:dc:c6:
                    e1:9a:3f:04:3c:a6:01:b4:0f:d7:b6:71:bf:67:c3:
                    84:84:4e:b0:35:ea:1b:a9:39:a0:47:3f:26:14:42:
                    2e:93:33:d4:72:c8:87:14:e5:63:80:74:ee:b9:d8:
                    10:b5:15:bc:a7:b9:aa:d4:14:ff:cb:8c:e9:db:4e:
                    fc:bb:cc:5c:0c:7b:7d:0b:12:a9:fe:31:bc:9c:78:
                    90:e7:53:fd:fa:4c:d3:74:fc:46:c1:a7:c0:bf:30:
                    12:e3:cf:31:71:33:f7:39:11:37:0d:24:51:54:2c:
                    53:ad:e6:f4:8c:4e:b3:02:ef:01:ff:e1:8c:8a:34:
                    ee:a2:6c:bd:a1:15:85:05:1f:ab:9e:5b:14:f3:cb:
                    f3:ce:68:65:68:c9:b1:28:b6:d8:34:77:23:cb:c5:
                    b0:b7:a1:c0:43:38:09:c8:03:54:0b:df:47:32:1a:
                    c8:e7:f9:ea:29:07:eb:f5:3c:c8:68:d1:62:be:bd:
                    cc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:CF:3F:98:2C:9C:19:01:DF:68:08:8E:40:D1:F2:F1:47:71:25:14
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/V88_mCycGQHfaAiOQNHy8UdxJRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:02:bb:a0:06:b8:30:ba:8c:9e:ad:07:cf:d7:dd:4f:7e:c3:
         b8:7f:ef:a1:ad:ac:bc:0b:d5:d7:05:db:7d:e3:6b:9e:c8:32:
         8a:36:df:cb:d6:e0:f0:d8:99:12:21:1e:2e:7f:64:44:f3:4d:
         e3:83:1c:e1:c7:c2:18:13:6a:37:7e:5d:1b:5d:8d:a4:c4:7b:
         2e:de:4e:2e:3a:9c:cf:fc:34:6f:9c:88:94:ad:2b:47:2f:6d:
         cb:0a:4e:2b:3e:d2:2e:3d:8d:6f:6d:53:f4:5c:77:69:cc:c9:
         ae:6f:f0:16:81:4a:09:6e:ce:dc:27:e5:c0:7f:29:6f:f3:f5:
         fa:58:d3:fe:ae:be:fa:0a:f7:25:ad:7d:a9:02:24:36:93:ec:
         55:13:37:6d:ae:f2:fa:44:63:89:e8:a6:75:7f:27:62:5a:ef:
         90:95:98:0e:86:8c:ce:de:21:f5:09:c9:24:80:f1:05:24:33:
         e5:6b:47:82:b1:97:64:76:c3:08:54:2a:93:18:a6:4c:0b:88:
         3e:00:8e:4f:41:ba:50:96:92:37:20:21:54:51:14:01:f5:e1:
         7a:7b:6e:de:ed:79:16:90:50:28:43:b4:83:6d:52:f9:72:43:
         f5:4d:b9:f6:89:5f:05:09:d1:11:85:f1:ac:26:60:5a:7b:f6:
         b6:66:43:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2eernGB9tJrUDwGp7PkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2NmM2Y5ODJjOWMxOTAxZGY2ODA4OGU0MGQxZjJmMTQ3NzEyNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yXnNjYm4N+dM2QwCd1J2emjXbfc
LEtOJHr8FxSZD1ZlvzEnA0Ex+qnNwhWOtHWmd1/mqzrNHa7SrJ6navv+cDVEEcTB
E+MH3Mbhmj8EPKYBtA/XtnG/Z8OEhE6wNeobqTmgRz8mFEIukzPUcsiHFOVjgHTu
udgQtRW8p7mq1BT/y4zp2078u8xcDHt9CxKp/jG8nHiQ51P9+kzTdPxGwafAvzAS
488xcTP3ORE3DSRRVCxTreb0jE6zAu8B/+GMijTuomy9oRWFBR+rnlsU88vzzmhl
aMmxKLbYNHcjy8Wwt6HAQzgJyANUC99HMhrI5/nqKQfr9TzIaNFivr3MtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfPP5gsnBkB32gIjkDR8vFHcSUUMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvVjg4X21DeWNHUUhmYUFpT1FOSHk4VWR4SlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXgiMA0G
CSqGSIb3DQEBCwUAA4IBAQDNArugBrgwuoyerQfP191PfsO4f++hray8C9XXBdt9
42ueyDKKNt/L1uDw2JkSIR4uf2RE803jgxzhx8IYE2o3fl0bXY2kxHsu3k4uOpzP
/DRvnIiUrStHL23LCk4rPtIuPY1vbVP0XHdpzMmub/AWgUoJbs7cJ+XAfylv8/X6
WNP+rr76CvclrX2pAiQ2k+xVEzdtrvL6RGOJ6KZ1fydiWu+QlZgOhozO3iH1Cckk
gPEFJDPla0eCsZdkdsMIVCqTGKZMC4g+AI5PQbpQlpI3ICFUURQB9eF6e27e7XkW
kFAoQ7SDbVL5ckP1Tbn2iV8FCdERhfGsJmBae/a2ZkM6
-----END CERTIFICATE-----