Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/a58BtO-Nf-R6PC4pLQKzfXNJCDU.roa
File:                     a58BtO-Nf-R6PC4pLQKzfXNJCDU.roa (raw, json)
Hash identifier:          3/IJHKJN+lj/usfSv+vE11LBfq2nNUHUJcgGGxiJB0s=
Subject key identifier:   6B:9F:01:B4:EF:8D:7F:E4:7A:3C:2E:29:2D:02:B3:7D:73:49:08:35
Certificate issuer:       /CN=08af091858bb99651764399c6565df7a0834dbad
Certificate serial:       018CC86F843A2B8C916EBE23D03B08CDC4D9
Authority key identifier: 08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/a58BtO-Nf-R6PC4pLQKzfXNJCDU.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39230
IP address blocks:        185.212.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:84:3a:2b:8c:91:6e:be:23:d0:3b:08:cd:c4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08af091858bb99651764399c6565df7a0834dbad
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b9f01b4ef8d7fe47a3c2e292d02b37d73490835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:5d:90:c4:1b:77:96:cc:2d:fe:31:19:90:
                    34:31:89:72:ff:5a:02:fd:dd:f0:a3:59:82:34:c4:
                    3d:5e:bb:28:56:43:6c:d8:9c:72:58:ee:58:e2:80:
                    a4:46:b0:6e:24:19:c4:98:1e:e0:9b:6c:d9:28:73:
                    b1:38:2b:30:13:79:c8:5a:7e:dd:0f:7c:9c:40:25:
                    85:43:69:48:bd:3d:8a:34:92:d6:86:16:18:be:79:
                    d7:66:db:67:51:a0:a3:9d:44:66:d3:f9:b7:49:54:
                    29:4c:94:ea:e5:a3:4e:da:e9:50:c4:84:d8:7c:d9:
                    31:e4:1b:8c:90:3d:93:f4:c8:5a:e7:70:6c:00:b0:
                    2b:fa:ca:cc:77:96:fa:fe:b1:1c:41:3e:9d:40:bf:
                    64:a8:d2:30:36:23:9e:c7:ec:eb:6e:ef:a3:21:c1:
                    d0:e9:74:7a:23:a3:6e:c3:b9:7a:80:aa:30:80:37:
                    9b:b0:71:2a:e1:81:a5:aa:74:ca:76:e0:9b:b0:79:
                    65:89:e4:d6:cd:15:c2:93:c5:69:30:c6:cc:ca:ac:
                    6d:40:31:35:91:0e:a8:c3:50:62:4f:a3:55:03:b1:
                    00:d7:6f:62:a4:7b:cf:22:9c:53:16:db:6f:f1:6f:
                    64:85:60:b0:95:21:28:f5:d3:21:9d:58:e1:b4:bd:
                    6a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9F:01:B4:EF:8D:7F:E4:7A:3C:2E:29:2D:02:B3:7D:73:49:08:35
            X509v3 Authority Key Identifier:
                keyid:08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/a58BtO-Nf-R6PC4pLQKzfXNJCDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e7:cd:b7:92:fe:80:2a:39:ff:d6:d6:5d:56:fd:07:13:04:
         2c:97:d9:bf:81:3b:e5:46:aa:d1:a9:58:91:48:d2:68:ee:14:
         70:dd:7e:f0:51:5c:21:0c:d7:44:f6:f7:f9:75:e3:e0:99:6b:
         68:27:5c:49:13:ff:50:cb:23:4d:d1:9e:c5:f0:71:48:5c:cd:
         ea:0d:0b:90:ec:cd:50:fa:91:39:37:40:b6:6d:8b:43:88:37:
         62:e1:f9:f6:d2:e9:68:b0:16:e2:31:d7:76:44:57:45:84:a6:
         5b:80:41:4b:a0:78:9a:66:f2:5c:d3:76:a9:1b:57:73:62:1c:
         1e:71:d5:04:ab:96:66:28:51:34:bf:b8:72:9f:a7:d1:97:d5:
         9f:94:e7:db:70:78:e3:2f:ba:1a:9d:cf:39:46:bf:9b:fa:5b:
         75:88:1c:4f:d1:7e:ff:e4:18:74:db:e4:8d:90:68:04:d4:93:
         95:d4:db:4a:83:46:6b:91:08:77:d7:da:e3:77:bb:d0:af:c5:
         ba:41:14:cb:82:03:d3:3e:63:23:06:85:34:25:b8:5b:21:b4:
         ca:42:a0:05:55:71:8b:da:7c:8e:4c:9b:0a:7c:e7:0e:34:5e:
         b4:4b:81:c4:71:5e:9f:b4:d3:55:a4:e7:b1:7d:a0:d5:22:46:
         0c:8b:ab:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4Q6K4yRbr4j0DsIzcTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YWYwOTE4NThiYjk5NjUxNzY0Mzk5YzY1NjVkZjdhMDgz
NGRiYWQwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjlmMDFiNGVmOGQ3ZmU0N2EzYzJlMjkyZDAyYjM3ZDczNDkwODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE5dkMQbd5bMLf4xGZA0MYly/1oC
/d3wo1mCNMQ9XrsoVkNs2JxyWO5Y4oCkRrBuJBnEmB7gm2zZKHOxOCswE3nIWn7d
D3ycQCWFQ2lIvT2KNJLWhhYYvnnXZttnUaCjnURm0/m3SVQpTJTq5aNO2ulQxITY
fNkx5BuMkD2T9Mha53BsALAr+srMd5b6/rEcQT6dQL9kqNIwNiOex+zrbu+jIcHQ
6XR6I6Nuw7l6gKowgDebsHEq4YGlqnTKduCbsHllieTWzRXCk8VpMMbMyqxtQDE1
kQ6ow1BiT6NVA7EA129ipHvPIpxTFttv8W9khWCwlSEo9dMhnVjhtL1q2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGufAbTvjX/kejwuKS0Cs31zSQg1MB8GA1UdIwQY
MBaAFAivCRhYu5llF2Q5nGVl33oINNutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYt
NTYxMjliN2RjMDE4LzEvYTU4QnRPLU5mLVI2UEM0cExRS3pmWE5KQ0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYtNTYxMjliN2RjMDE4
LzEvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudT4MA0G
CSqGSIb3DQEBCwUAA4IBAQCo5823kv6AKjn/1tZdVv0HEwQsl9m/gTvlRqrRqViR
SNJo7hRw3X7wUVwhDNdE9vf5dePgmWtoJ1xJE/9QyyNN0Z7F8HFIXM3qDQuQ7M1Q
+pE5N0C2bYtDiDdi4fn20ulosBbiMdd2RFdFhKZbgEFLoHiaZvJc03apG1dzYhwe
cdUEq5ZmKFE0v7hyn6fRl9WflOfbcHjjL7oanc85Rr+b+lt1iBxP0X7/5Bh02+SN
kGgE1JOV1NtKg0ZrkQh319rjd7vQr8W6QRTLggPTPmMjBoU0JbhbIbTKQqAFVXGL
2nyOTJsKfOcONF60S4HEcV6ftNNVpOexfaDVIkYMi6uu
-----END CERTIFICATE-----