Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Av6ADFhe3PaHcBJW6xr18DA9v6M.roa
File:                     Av6ADFhe3PaHcBJW6xr18DA9v6M.roa (raw, json)
Hash identifier:          b23XAlMUkI49YIAVNpnl8tPrFM397w2EnLX6XW8f2E8=
Subject key identifier:   02:FE:80:0C:58:5E:DC:F6:87:70:12:56:EB:1A:F5:F0:30:3D:BF:A3
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018CC64B2751883738FA004EFFEAA7811103
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Av6ADFhe3PaHcBJW6xr18DA9v6M.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41689
IP address blocks:        185.141.134.0/24 maxlen: 24
                          86.57.0.0/17 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:27:51:88:37:38:fa:00:4e:ff:ea:a7:81:11:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02fe800c585edcf687701256eb1af5f0303dbfa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4e:48:c7:b5:ae:28:c1:75:8a:40:68:47:87:
                    0d:c0:40:44:da:a6:75:68:9d:98:fc:21:29:e2:c9:
                    4e:be:d6:22:b0:db:8c:e6:c4:19:74:6d:d1:4a:6a:
                    b9:1d:05:cf:24:4b:e8:d1:f6:a4:ca:1d:c1:61:d2:
                    8e:27:be:bb:bc:1f:44:56:2c:01:70:9e:17:68:1b:
                    2f:6e:47:3d:bd:36:01:6d:ee:c3:60:b7:a4:dd:e4:
                    f6:ef:e1:22:23:69:2a:1c:8a:e7:fc:e5:55:6e:b1:
                    d2:eb:8b:b0:97:d3:4e:38:33:0c:f4:87:e0:74:30:
                    c4:67:b2:87:f1:2a:8e:97:c3:fe:48:b6:7f:41:f9:
                    ed:b0:eb:c8:05:44:3e:49:ea:b3:14:a8:b8:ac:5a:
                    54:2f:47:c9:7a:66:06:a3:b7:aa:e5:90:e0:8f:8c:
                    d3:c4:25:a6:70:f7:78:e8:52:44:85:36:85:33:fa:
                    57:78:8b:71:0d:6e:d1:5d:cd:98:24:5d:0b:1a:cf:
                    c1:7b:a9:e4:85:27:ec:42:8c:10:2a:d7:d6:f3:42:
                    83:37:5f:a2:2c:95:d3:9c:28:d2:66:b3:41:3b:1b:
                    ee:60:05:e7:ef:54:d2:d4:d2:5a:af:9a:20:55:4e:
                    05:ed:37:be:ef:c2:77:dc:91:c5:2e:18:17:ea:aa:
                    3d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:FE:80:0C:58:5E:DC:F6:87:70:12:56:EB:1A:F5:F0:30:3D:BF:A3
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Av6ADFhe3PaHcBJW6xr18DA9v6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.57.0.0/17
                  185.141.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:24:62:ae:39:54:4d:bb:89:43:31:11:8e:42:0c:0c:64:fc:
         b4:11:44:4d:d5:c7:09:f8:e4:d0:68:30:21:3e:ee:f6:ba:8d:
         93:c9:3a:e8:0b:8f:f0:fa:d5:47:e2:57:06:95:b1:c1:1c:32:
         f8:bc:5d:b5:d8:ed:e5:a2:76:37:89:4b:6c:05:2d:f9:87:bc:
         7b:fc:a7:81:b7:98:30:04:6a:9b:45:bd:71:62:9f:02:19:e5:
         b0:23:21:6c:c4:ad:c8:2c:65:7e:d4:fa:a6:07:a4:82:eb:97:
         71:59:aa:7c:92:d9:5b:ba:5a:bc:bb:e9:02:97:08:43:c3:46:
         9f:86:ed:81:fb:1e:e5:6e:22:bb:1c:7f:72:30:35:47:9e:cc:
         6b:0c:9f:cf:ac:9c:c7:58:3e:26:0e:39:c3:c3:fa:dd:89:09:
         63:23:cd:65:6d:ca:de:3a:84:eb:c1:02:db:c5:77:e7:bb:a6:
         15:ff:ec:ca:fb:e6:03:33:89:d8:f8:e2:df:53:57:19:29:bb:
         00:cf:e5:cc:8e:3b:94:30:a6:22:52:bf:0e:69:9d:13:4c:48:
         95:d2:04:9b:c5:ab:7f:7a:f4:d7:c5:36:29:ad:09:08:04:a8:
         2d:64:c8:c2:1f:0a:63:e6:dc:3b:88:d9:1b:61:e2:f7:b9:ac:
         9d:3a:61:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSydRiDc4+gBO/+qngREDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmZlODAwYzU4NWVkY2Y2ODc3MDEyNTZlYjFhZjVmMDMwM2RiZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhU5Ix7WuKMF1ikBoR4cNwEBE2qZ1
aJ2Y/CEp4slOvtYisNuM5sQZdG3RSmq5HQXPJEvo0fakyh3BYdKOJ767vB9EViwB
cJ4XaBsvbkc9vTYBbe7DYLek3eT27+EiI2kqHIrn/OVVbrHS64uwl9NOODMM9Ifg
dDDEZ7KH8SqOl8P+SLZ/QfntsOvIBUQ+SeqzFKi4rFpUL0fJemYGo7eq5ZDgj4zT
xCWmcPd46FJEhTaFM/pXeItxDW7RXc2YJF0LGs/Be6nkhSfsQowQKtfW80KDN1+i
LJXTnCjSZrNBOxvuYAXn71TS1NJar5ogVU4F7Te+78J33JHFLhgX6qo9ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAL+gAxYXtz2h3ASVusa9fAwPb+jMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvQXY2QURGaGUzUGFIY0JKVzZ4cjE4REE5djZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHVjkAAwQA
uY2GMA0GCSqGSIb3DQEBCwUAA4IBAQACJGKuOVRNu4lDMRGOQgwMZPy0EURN1ccJ
+OTQaDAhPu72uo2TyTroC4/w+tVH4lcGlbHBHDL4vF212O3lonY3iUtsBS35h7x7
/KeBt5gwBGqbRb1xYp8CGeWwIyFsxK3ILGV+1PqmB6SC65dxWap8ktlbulq8u+kC
lwhDw0afhu2B+x7lbiK7HH9yMDVHnsxrDJ/PrJzHWD4mDjnDw/rdiQljI81lbcre
OoTrwQLbxXfnu6YV/+zK++YDM4nY+OLfU1cZKbsAz+XMjjuUMKYiUr8OaZ0TTEiV
0gSbxat/evTXxTYprQkIBKgtZMjCHwpj5tw7iNkbYeL3uaydOmFT
-----END CERTIFICATE-----