Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/yMT7x9AsANmP0xlV_lSouz93PLI.roa
File:                     yMT7x9AsANmP0xlV_lSouz93PLI.roa (raw, json)
Hash identifier:          csQViFaKwWAFWqdPWAfxCWFUj6PmwmMXl4V2W8j8YRg=
Subject key identifier:   C8:C4:FB:C7:D0:2C:00:D9:8F:D3:19:55:FE:54:A8:BB:3F:77:3C:B2
Certificate issuer:       /CN=3b7ec9423bf90c81d22d94841c10357a54260379
Certificate serial:       018CC94E6C3EFBFAE6FC5BFB625981511473
Authority key identifier: 3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/yMT7x9AsANmP0xlV_lSouz93PLI.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        85.239.34.0/24 maxlen: 24
                          85.239.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6c:3e:fb:fa:e6:fc:5b:fb:62:59:81:51:14:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b7ec9423bf90c81d22d94841c10357a54260379
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8c4fbc7d02c00d98fd31955fe54a8bb3f773cb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7d:89:16:10:5b:c8:d6:5b:5e:ba:07:8a:16:
                    40:f4:db:da:7c:f8:43:a3:40:17:57:b3:cc:30:a7:
                    5a:13:68:ca:5e:e8:77:34:c5:d3:c9:92:d1:c2:19:
                    85:9c:ae:82:06:62:54:24:ce:2a:3a:10:ba:66:b8:
                    52:8e:04:60:ff:d9:19:53:b3:ea:98:ce:12:ce:3e:
                    15:02:d6:7e:d5:e4:84:8e:a6:1a:6e:7b:8f:56:24:
                    9c:af:6a:24:36:15:11:7b:56:3a:3d:6e:15:37:0f:
                    8e:9e:bf:26:ff:30:ed:60:14:7a:34:77:94:51:49:
                    7f:7d:db:8c:23:35:ce:f4:44:0d:bf:6f:8b:d2:5e:
                    c1:66:1f:7a:fc:8e:ee:d0:a6:c0:f0:e7:54:c0:77:
                    3e:35:33:59:e7:ab:92:fb:67:15:c9:af:df:fc:d1:
                    81:aa:20:8c:a2:d2:54:4c:4c:19:b6:f7:ba:d6:e4:
                    75:dc:2f:f9:28:12:1c:02:72:65:4e:4c:e4:1a:07:
                    8a:b2:b8:6a:d0:bc:f3:80:cb:42:0b:3d:34:eb:dd:
                    c8:e8:21:ae:0e:ae:e0:e6:94:e8:89:a1:2b:07:f5:
                    1d:9e:5f:bb:0b:06:09:7f:68:80:95:1c:b1:8e:87:
                    c9:87:a7:15:ec:11:56:09:df:04:4a:09:12:9f:3e:
                    cf:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C4:FB:C7:D0:2C:00:D9:8F:D3:19:55:FE:54:A8:BB:3F:77:3C:B2
            X509v3 Authority Key Identifier:
                keyid:3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/yMT7x9AsANmP0xlV_lSouz93PLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.33.0-85.239.34.255

    Signature Algorithm: sha256WithRSAEncryption
         1f:66:97:a4:6e:ad:5d:91:a3:3b:c2:f4:dd:19:6c:7b:12:4c:
         f2:d6:d6:a7:e7:c9:df:44:a6:d0:6b:00:f4:1a:87:f7:ac:d8:
         e2:e4:98:90:93:3b:f1:c0:d7:61:90:1d:37:14:e8:19:d1:5f:
         1c:b3:ba:3f:68:a1:91:8b:58:35:b1:b2:59:ac:32:07:21:d4:
         93:76:e9:79:6d:fb:1b:64:73:91:21:3d:c0:ff:26:fb:78:57:
         31:3e:19:67:a1:48:34:d5:b0:c1:f8:d6:4f:95:79:61:90:59:
         86:f8:be:c8:52:67:e5:22:f4:37:1e:f4:3f:83:f6:cc:6b:a9:
         09:ab:7e:25:e8:3a:d3:c3:b8:c2:e5:3a:98:0d:4f:7f:2e:ac:
         91:3b:57:f8:41:9e:2e:ff:36:28:e0:ec:1b:e8:63:c1:28:b4:
         45:76:aa:d8:7f:11:7d:65:ea:b7:b2:84:50:1e:7a:f0:c8:f1:
         55:c3:d8:8c:6f:6a:f0:9f:03:7b:7a:39:9c:cf:bd:cc:5b:db:
         f2:02:48:b1:58:cc:26:d5:54:fc:02:a7:9d:7b:2d:c1:6b:b9:
         f7:f4:0c:68:e9:b7:6b:48:c0:4c:54:30:3b:92:ea:e7:18:b3:
         5c:1f:dc:ac:98:c2:a9:2e:77:b4:cd:8a:ba:2f:4d:d1:a9:ab:
         7e:84:85:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTmw++/rm/Fv7YlmBURRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiN2VjOTQyM2JmOTBjODFkMjJkOTQ4NDFjMTAzNTdhNTQy
NjAzNzkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM0ZmJjN2QwMmMwMGQ5OGZkMzE5NTVmZTU0YThiYjNmNzczY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhn2JFhBbyNZbXroHihZA9NvafPhD
o0AXV7PMMKdaE2jKXuh3NMXTyZLRwhmFnK6CBmJUJM4qOhC6ZrhSjgRg/9kZU7Pq
mM4Szj4VAtZ+1eSEjqYabnuPViScr2okNhURe1Y6PW4VNw+Onr8m/zDtYBR6NHeU
UUl/fduMIzXO9EQNv2+L0l7BZh96/I7u0KbA8OdUwHc+NTNZ56uS+2cVya/f/NGB
qiCMotJUTEwZtve61uR13C/5KBIcAnJlTkzkGgeKsrhq0LzzgMtCCz00693I6CGu
Dq7g5pToiaErB/Udnl+7CwYJf2iAlRyxjofJh6cV7BFWCd8ESgkSnz7PfQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMjE+8fQLADZj9MZVf5UqLs/dzyyMB8GA1UdIwQY
MBaAFDt+yUI7+QyB0i2UhBwQNXpUJgN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQt
MWQxMGYzYzcwYmI0LzEveU1UN3g5QXNBTm1QMHhsVl9sU291ejkzUExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQtMWQxMGYzYzcwYmI0
LzEvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABV7yED
BABV7yIwDQYJKoZIhvcNAQELBQADggEBAB9ml6RurV2RozvC9N0ZbHsSTPLW1qfn
yd9EptBrAPQah/es2OLkmJCTO/HA12GQHTcU6BnRXxyzuj9ooZGLWDWxslmsMgch
1JN26Xlt+xtkc5EhPcD/Jvt4VzE+GWehSDTVsMH41k+VeWGQWYb4vshSZ+Ui9Dce
9D+D9sxrqQmrfiXoOtPDuMLlOpgNT38urJE7V/hBni7/Nijg7BvoY8EotEV2qth/
EX1l6reyhFAeevDI8VXD2IxvavCfA3t6OZzPvcxb2/ICSLFYzCbVVPwCp517LcFr
uff0DGjpt2tIwExUMDuS6ucYs1wf3KyYwqkud7TNirovTdGpq36Ehdg=
-----END CERTIFICATE-----