Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/igMnd2gcmHFA6sXNmIZbrceXm7A.roa
File:                     igMnd2gcmHFA6sXNmIZbrceXm7A.roa (raw, json)
Hash identifier:          UXRbNHsfM8gAzfDNpoxLDXBElAJTuhb8+R/IzrNbdAY=
Subject key identifier:   8A:03:27:77:68:1C:98:71:40:EA:C5:CD:98:86:5B:AD:C7:97:9B:B0
Certificate issuer:       /CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
Certificate serial:       018CC8714B078F4B3F813563D8D44CEDF043
Authority key identifier: 7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/igMnd2gcmHFA6sXNmIZbrceXm7A.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203954
IP address blocks:        185.118.240.0/24 maxlen: 24
                          2a06:9681::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4b:07:8f:4b:3f:81:35:63:d8:d4:4c:ed:f0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a032777681c987140eac5cd98865badc7979bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:51:87:5c:33:46:1a:f2:cd:f6:61:43:c2:2b:
                    bb:e4:cf:2f:80:d1:1c:21:de:99:3b:bd:59:64:4e:
                    da:44:5e:37:0f:72:c9:2a:1f:68:e1:02:85:f0:bd:
                    1e:2e:fe:22:1a:1d:1f:f9:b5:91:62:a0:18:d5:2c:
                    08:0c:6e:05:0c:04:2a:d0:03:a5:52:d7:29:f4:59:
                    f4:33:f2:9b:18:33:06:17:84:f2:2b:0e:5d:7e:d5:
                    56:ac:ea:0d:58:00:f5:09:cd:5d:0e:d6:87:cc:da:
                    7f:42:71:b5:8d:bd:ba:da:f2:ce:95:af:09:d3:c1:
                    c0:f8:29:bb:ab:45:e3:18:80:e8:93:13:e3:43:02:
                    37:0a:17:c0:40:b2:1d:d0:eb:38:59:76:1c:b6:9a:
                    c5:94:a9:f0:73:4d:68:57:1e:fa:9f:47:78:ab:c5:
                    16:29:12:65:8a:42:8a:87:d8:ff:56:5b:86:98:5a:
                    7b:4d:ba:01:77:77:43:ff:da:a1:7e:fb:01:6d:45:
                    49:c5:df:e6:cd:3d:98:10:10:13:9d:1a:ef:03:52:
                    fa:6f:9b:e7:ae:1c:87:94:3c:f3:6f:97:fd:cd:c5:
                    ed:35:b3:70:3e:e3:98:e5:62:39:4e:42:47:3d:38:
                    63:3a:8b:eb:4d:ea:1a:23:dc:a9:ff:2a:e9:56:a6:
                    2e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:03:27:77:68:1C:98:71:40:EA:C5:CD:98:86:5B:AD:C7:97:9B:B0
            X509v3 Authority Key Identifier:
                keyid:7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/igMnd2gcmHFA6sXNmIZbrceXm7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.240.0/24
                IPv6:
                  2a06:9681::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:ca:3b:f9:fc:c9:56:8e:ca:38:f2:01:36:92:45:e4:22:d8:
         ab:1c:fd:95:72:33:88:2b:8f:2b:9b:f2:73:50:90:75:f3:85:
         24:44:9b:df:e2:e2:8e:7a:d3:cf:55:1f:b9:6c:72:a0:09:3f:
         84:77:b3:fc:b0:c3:5f:77:2d:27:0d:32:f9:2d:30:9f:44:0a:
         86:bc:ef:22:22:87:cb:6d:87:ba:6a:3b:16:df:de:0a:8c:82:
         dd:9d:4f:02:c9:51:dd:ff:75:b9:dd:42:4d:82:e6:e7:02:22:
         cd:0e:c3:6e:4a:ca:c0:ba:ae:1e:f3:ec:95:9c:df:66:f7:a2:
         1c:79:62:ba:cc:a2:0c:e3:7e:4c:66:6e:9f:42:92:ee:78:cc:
         5c:2e:4b:ee:6c:4c:0c:1a:c2:e0:c7:b4:1a:8f:73:0d:60:47:
         67:c1:9d:40:83:e2:aa:c6:ae:4c:2f:f2:d9:f3:0f:a9:75:07:
         1a:a2:b0:0a:01:ed:ca:d1:9f:f8:ca:17:d8:a5:44:b4:c5:54:
         85:55:25:76:a2:99:e7:ec:bd:e4:22:de:eb:6c:bf:f5:dd:06:
         83:0b:8c:00:1c:b5:53:7e:e1:0f:42:7d:f6:24:d9:cb:cf:44:
         eb:59:8a:90:23:ec:2b:10:b4:0e:48:04:5b:5e:4e:d1:23:2b:
         2b:62:72:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcUsHj0s/gTVj2NRM7fBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2I4ODc3ZTFhMTMwZmU1MDM4NmM2MTBkNmVhZDU2NDFi
OTdiYTYwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTAzMjc3NzY4MWM5ODcxNDBlYWM1Y2Q5ODg2NWJhZGM3OTc5YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFGHXDNGGvLN9mFDwiu75M8vgNEc
Id6ZO71ZZE7aRF43D3LJKh9o4QKF8L0eLv4iGh0f+bWRYqAY1SwIDG4FDAQq0AOl
Utcp9Fn0M/KbGDMGF4TyKw5dftVWrOoNWAD1Cc1dDtaHzNp/QnG1jb262vLOla8J
08HA+Cm7q0XjGIDokxPjQwI3ChfAQLId0Os4WXYctprFlKnwc01oVx76n0d4q8UW
KRJlikKKh9j/VluGmFp7TboBd3dD/9qhfvsBbUVJxd/mzT2YEBATnRrvA1L6b5vn
rhyHlDzzb5f9zcXtNbNwPuOY5WI5TkJHPThjOovrTeoaI9yp/yrpVqYukQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIoDJ3doHJhxQOrFzZiGW63Hl5uwMB8GA1UdIwQY
MBaAFHw7iHfhoTD+UDhsYQ1urVZBuXumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTIt
MTIwMjVjNTRmNDg0LzEvaWdNbmQyZ2NtSEZBNnNYTm1JWmJyY2VYbTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTItMTIwMjVjNTRmNDg0
LzEvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXbwMA0E
AgACMAcDBQAqBpaBMA0GCSqGSIb3DQEBCwUAA4IBAQClyjv5/MlWjso48gE2kkXk
ItirHP2VcjOIK48rm/JzUJB184UkRJvf4uKOetPPVR+5bHKgCT+Ed7P8sMNfdy0n
DTL5LTCfRAqGvO8iIofLbYe6ajsW394KjILdnU8CyVHd/3W53UJNgubnAiLNDsNu
SsrAuq4e8+yVnN9m96IceWK6zKIM435MZm6fQpLueMxcLkvubEwMGsLgx7Qaj3MN
YEdnwZ1Ag+Kqxq5ML/LZ8w+pdQcaorAKAe3K0Z/4yhfYpUS0xVSFVSV2opnn7L3k
It7rbL/13QaDC4wAHLVTfuEPQn32JNnLz0TrWYqQI+wrELQOSARbXk7RIysrYnJz
-----END CERTIFICATE-----