Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/A8U9vwghIfv_yCTUN7t6iwhdGDQ.roa
File:                     A8U9vwghIfv_yCTUN7t6iwhdGDQ.roa (raw, json)
Hash identifier:          gs9vKbW+xZ6Ko7H9/cRDYkCO34V0DCuqYkpP55tj9Pc=
Subject key identifier:   03:C5:3D:BF:08:21:21:FB:FF:C8:24:D4:37:BB:7A:8B:08:5D:18:34
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       018CC56E306207D38FD0749776E15B533E7D
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/A8U9vwghIfv_yCTUN7t6iwhdGDQ.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        185.246.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:30:62:07:d3:8f:d0:74:97:76:e1:5b:53:3e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03c53dbf082121fbffc824d437bb7a8b085d1834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:97:ca:78:b8:ac:6c:08:11:4a:08:f2:7b:69:
                    cb:dc:b4:be:17:1a:f8:f3:36:48:54:96:d9:0d:3b:
                    89:5e:1f:39:36:d8:97:78:b8:16:44:98:69:84:18:
                    f0:c3:f9:e8:a7:9e:28:76:ec:6d:5e:2d:55:1d:5b:
                    8a:63:68:3a:80:78:c2:45:84:07:94:48:76:8f:c2:
                    83:c4:8d:a1:f9:97:3d:2e:9a:2d:e9:1e:4e:d4:8e:
                    a1:b0:ec:e8:44:b7:d6:76:72:53:8c:a2:7c:78:b3:
                    38:5a:ad:58:b9:59:4d:60:b4:7f:e0:da:8f:02:83:
                    c2:c4:c1:e2:76:48:f5:02:6b:e1:d0:9f:5c:1c:13:
                    5e:00:9d:4e:cf:b0:34:c4:c9:5b:2a:ad:8a:7e:3b:
                    c4:3d:9c:7d:6f:5e:a8:da:d7:ab:14:52:dc:be:91:
                    ac:29:f7:1b:54:72:07:9b:a2:ef:cd:ad:da:f8:02:
                    b6:10:c1:3e:6c:f9:92:f9:b9:89:fc:d8:86:b7:c8:
                    e4:87:b5:19:58:0c:0d:e5:90:a5:8b:dd:61:0c:48:
                    52:90:78:64:36:98:d9:11:39:3b:e1:f1:33:be:fe:
                    28:e4:ab:e7:11:3b:07:66:b4:27:eb:a1:ed:1e:3c:
                    81:2e:59:85:1a:47:eb:4c:a8:fd:26:6a:ba:3a:81:
                    77:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C5:3D:BF:08:21:21:FB:FF:C8:24:D4:37:BB:7A:8B:08:5D:18:34
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/A8U9vwghIfv_yCTUN7t6iwhdGDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:e3:9a:bb:1a:c2:8d:e3:7e:c0:ad:16:44:f8:38:88:d5:45:
         55:08:1e:2c:32:b8:ed:d0:ff:44:2c:44:ab:a7:02:d9:74:06:
         96:88:b2:4a:2f:45:10:72:e7:3d:a5:8f:66:9d:fa:a0:d4:11:
         a7:bf:11:fa:66:7e:92:86:46:d7:a3:f7:e5:f9:c0:8f:00:cf:
         bd:8f:45:23:63:dd:88:9b:2c:38:9e:3e:90:d4:1e:e7:a0:62:
         64:cc:5c:e2:51:02:42:d7:19:e5:9d:1c:24:95:ba:74:89:4c:
         8e:73:ab:2b:84:35:f6:e7:bc:79:5b:93:6c:44:4c:6a:59:48:
         9c:39:e3:13:7c:4b:60:27:f8:20:24:97:c5:e9:19:ee:c3:3a:
         eb:60:ca:8e:0d:4d:e0:35:bd:1d:83:06:f8:02:0b:dc:36:e3:
         a7:f3:ff:11:3d:c0:5d:cf:80:3c:97:c5:42:81:de:8d:e6:db:
         bd:7d:a3:77:4c:e2:75:e7:35:e1:4e:fa:5d:a5:1c:e3:0a:38:
         89:9f:8a:2f:82:ba:99:52:59:e2:26:ef:7c:88:d3:c6:49:81:
         3b:b6:97:d1:5a:8b:1e:50:bc:1c:bb:87:b5:25:1d:2d:64:71:
         c7:ff:3d:45:7e:6d:70:b0:cc:f8:d1:ab:3a:6e:c5:e3:1d:c2:
         af:17:04:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjBiB9OP0HSXduFbUz59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M1M2RiZjA4MjEyMWZiZmZjODI0ZDQzN2JiN2E4YjA4NWQxODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJfKeLisbAgRSgjye2nL3LS+Fxr4
8zZIVJbZDTuJXh85NtiXeLgWRJhphBjww/nop54oduxtXi1VHVuKY2g6gHjCRYQH
lEh2j8KDxI2h+Zc9Lpot6R5O1I6hsOzoRLfWdnJTjKJ8eLM4Wq1YuVlNYLR/4NqP
AoPCxMHidkj1Amvh0J9cHBNeAJ1Oz7A0xMlbKq2KfjvEPZx9b16o2terFFLcvpGs
KfcbVHIHm6Lvza3a+AK2EME+bPmS+bmJ/NiGt8jkh7UZWAwN5ZCli91hDEhSkHhk
NpjZETk74fEzvv4o5KvnETsHZrQn66HtHjyBLlmFGkfrTKj9Jmq6OoF3LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPFPb8IISH7/8gk1De7eosIXRg0MB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvQThVOXZ3Z2hJZnZfeUNUVU43dDZpd2hkR0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufaDMA0G
CSqGSIb3DQEBCwUAA4IBAQAr45q7GsKN437ArRZE+DiI1UVVCB4sMrjt0P9ELESr
pwLZdAaWiLJKL0UQcuc9pY9mnfqg1BGnvxH6Zn6ShkbXo/fl+cCPAM+9j0UjY92I
myw4nj6Q1B7noGJkzFziUQJC1xnlnRwklbp0iUyOc6srhDX257x5W5NsRExqWUic
OeMTfEtgJ/ggJJfF6RnuwzrrYMqODU3gNb0dgwb4AgvcNuOn8/8RPcBdz4A8l8VC
gd6N5tu9faN3TOJ15zXhTvpdpRzjCjiJn4ovgrqZUlniJu98iNPGSYE7tpfRWose
ULwcu4e1JR0tZHHH/z1Ffm1wsMz40as6bsXjHcKvFwQS
-----END CERTIFICATE-----