Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/xxO8lkNm6B8CuWcR179Z1-d9GAo.roa
File:                     xxO8lkNm6B8CuWcR179Z1-d9GAo.roa (raw, json)
Hash identifier:          G5oodD6kpcxVx9uoUt9i8/T3b3LZryMIkELA2zjijSM=
Subject key identifier:   C7:13:BC:96:43:66:E8:1F:02:B9:67:11:D7:BF:59:D7:E7:7D:18:0A
Certificate issuer:       /CN=7b886e33971014f0e35fae6ee355a95ee53f1397
Certificate serial:       018CF43B2E875601B1166574BE3CDDA9B979
Authority key identifier: 7B:88:6E:33:97:10:14:F0:E3:5F:AE:6E:E3:55:A9:5E:E5:3F:13:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/xxO8lkNm6B8CuWcR179Z1-d9GAo.roa
Signing time:             Wed 10 Jan 2024 16:36:08 +0000
ROA not before:           Wed 10 Jan 2024 16:36:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.249.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f4:3b:2e:87:56:01:b1:16:65:74:be:3c:dd:a9:b9:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b886e33971014f0e35fae6ee355a95ee53f1397
        Validity
            Not Before: Jan 10 16:36:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c713bc964366e81f02b96711d7bf59d7e77d180a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f5:3f:84:5f:0a:6d:57:fc:bc:59:79:60:dd:
                    2b:5b:97:22:6f:78:11:63:aa:38:06:a8:47:f9:77:
                    92:47:d4:d5:8f:31:f7:c3:e9:7a:f7:dd:58:c8:75:
                    c6:d4:7e:6d:9d:58:85:39:de:a8:92:f5:c3:e4:12:
                    55:02:14:96:f4:7a:dd:c2:4a:75:40:f9:fa:89:87:
                    3e:da:9a:a0:ad:53:4c:74:30:76:ee:de:9e:1c:c8:
                    65:1f:45:24:e6:8e:12:ac:b5:b8:a8:1c:df:b8:04:
                    97:d1:be:b3:d5:b5:63:3b:9c:84:d9:77:05:a9:4a:
                    29:f2:74:12:77:43:6b:91:8a:2e:a5:66:4f:e2:f7:
                    53:ee:59:7d:8a:ce:54:ee:58:61:e6:80:de:82:4e:
                    eb:82:40:7a:6e:c3:a3:e0:af:4c:b8:3c:0c:63:14:
                    44:f5:04:c9:45:05:7f:42:d8:cb:35:0b:c9:38:b7:
                    ea:ac:de:75:27:96:dd:f1:b5:ee:ab:a7:cf:0a:4c:
                    dc:c3:ef:72:d4:1e:a6:41:23:5a:3b:1a:14:16:b8:
                    b6:ea:2d:20:ac:2d:60:52:b7:28:ce:07:08:d4:1e:
                    09:e1:aa:05:35:6f:8e:ca:3c:99:73:5b:5b:83:0b:
                    49:96:ee:01:c7:ca:48:97:8e:d6:43:b9:fe:c4:51:
                    cf:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:13:BC:96:43:66:E8:1F:02:B9:67:11:D7:BF:59:D7:E7:7D:18:0A
            X509v3 Authority Key Identifier:
                keyid:7B:88:6E:33:97:10:14:F0:E3:5F:AE:6E:E3:55:A9:5E:E5:3F:13:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/xxO8lkNm6B8CuWcR179Z1-d9GAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:92:41:52:c5:4f:8d:5c:6c:03:41:70:01:47:9c:d9:7a:07:
         5c:79:11:35:d0:c1:70:38:c8:13:a2:fd:ec:9d:49:1b:18:04:
         ad:32:a3:33:e1:23:91:d6:b0:72:70:5c:42:3a:f6:d8:cb:59:
         1a:17:79:10:6f:38:78:b9:b2:b7:d4:7b:c7:ba:78:5a:bb:72:
         c3:e4:53:f6:21:b1:d5:0e:36:cc:ce:a8:98:4a:1b:08:59:e7:
         58:8c:ab:d8:49:27:02:81:09:13:8c:d1:90:9f:24:5c:d0:b4:
         e7:06:3e:51:2d:2e:a0:74:2f:91:ec:c0:46:34:ef:54:a6:ed:
         08:20:f5:2e:8d:0f:36:9e:1e:be:4b:d3:79:e9:5c:1e:a7:2e:
         ca:c6:3b:b9:cf:f0:ee:f0:13:f8:5c:d1:9e:d2:93:e6:d3:ca:
         a0:cd:5c:0a:a2:79:6b:3d:cb:9f:48:c7:df:03:e4:79:f6:b3:
         7a:1a:18:f3:b8:f8:f7:4f:6d:15:d0:c1:bf:b9:7f:04:dd:8b:
         2f:a2:ee:54:8f:fd:b5:c5:e1:51:a4:e7:97:9b:f2:e8:99:ae:
         b6:89:49:41:90:2d:ba:99:a4:37:b8:a5:fe:fe:86:3e:41:05:
         10:94:72:8f:a1:ae:b3:bc:99:eb:74:46:e2:0c:65:af:73:b7:
         dc:93:49:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz0Oy6HVgGxFmV0vjzdqbl5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODg2ZTMzOTcxMDE0ZjBlMzVmYWU2ZWUzNTVhOTVlZTUz
ZjEzOTcwHhcNMjQwMTEwMTYzNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzEzYmM5NjQzNjZlODFmMDJiOTY3MTFkN2JmNTlkN2U3N2QxODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPU/hF8KbVf8vFl5YN0rW5cib3gR
Y6o4BqhH+XeSR9TVjzH3w+l6991YyHXG1H5tnViFOd6okvXD5BJVAhSW9Hrdwkp1
QPn6iYc+2pqgrVNMdDB27t6eHMhlH0Uk5o4SrLW4qBzfuASX0b6z1bVjO5yE2XcF
qUop8nQSd0NrkYoupWZP4vdT7ll9is5U7lhh5oDegk7rgkB6bsOj4K9MuDwMYxRE
9QTJRQV/QtjLNQvJOLfqrN51J5bd8bXuq6fPCkzcw+9y1B6mQSNaOxoUFri26i0g
rC1gUrcozgcI1B4J4aoFNW+OyjyZc1tbgwtJlu4Bx8pIl47WQ7n+xFHPWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcTvJZDZugfArlnEde/WdfnfRgKMB8GA1UdIwQY
MBaAFHuIbjOXEBTw41+ubuNVqV7lPxOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRodU01Y1FGUERqWDY1dTQxV3BYdVVfRTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yYjQ4N2UtMGE3Yy00YzQ2LWEyNDEt
M2QwZGI4ZWI0ZTEzLzEveHhPOGxrTm02QjhDdVdjUjE3OVoxLWQ5R0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yYjQ4N2UtMGE3Yy00YzQ2LWEyNDEtM2QwZGI4ZWI0ZTEz
LzEvZTRodU01Y1FGUERqWDY1dTQxV3BYdVVfRTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufmfMA0G
CSqGSIb3DQEBCwUAA4IBAQBlkkFSxU+NXGwDQXABR5zZegdceRE10MFwOMgTov3s
nUkbGAStMqMz4SOR1rBycFxCOvbYy1kaF3kQbzh4ubK31HvHunhau3LD5FP2IbHV
DjbMzqiYShsIWedYjKvYSScCgQkTjNGQnyRc0LTnBj5RLS6gdC+R7MBGNO9Upu0I
IPUujQ82nh6+S9N56Vwepy7Kxju5z/Du8BP4XNGe0pPm08qgzVwKonlrPcufSMff
A+R59rN6GhjzuPj3T20V0MG/uX8E3Ysvou5Uj/21xeFRpOeXm/Loma62iUlBkC26
maQ3uKX+/oY+QQUQlHKPoa6zvJnrdEbiDGWvc7fck0nW
-----END CERTIFICATE-----