Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/v-QI8ti1dVuqVXUdQqHxAblT2qg.roa
File:                     v-QI8ti1dVuqVXUdQqHxAblT2qg.roa (raw, json)
Hash identifier:          YzTl7Q+0kV3EYMy1u9rppMVA5sYnHmeyhljH6jGOxRU=
Subject key identifier:   BF:E4:08:F2:D8:B5:75:5B:AA:55:75:1D:42:A1:F1:01:B9:53:DA:A8
Certificate issuer:       /CN=effdb33ee5fd522faf0a247e0579bbf1eefce4b1
Certificate serial:       018CCA96F3FC3C2B8878549302DD6040A403
Authority key identifier: EF:FD:B3:3E:E5:FD:52:2F:AF:0A:24:7E:05:79:BB:F1:EE:FC:E4:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7_2zPuX9Ui-vCiR-BXm78e785LE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/v-QI8ti1dVuqVXUdQqHxAblT2qg.roa
Signing time:             Tue 02 Jan 2024 14:32:19 +0000
ROA not before:           Tue 02 Jan 2024 14:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210618
IP address blocks:        85.117.238.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/7_2zPuX9Ui-vCiR-BXm78e785LE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/7_2zPuX9Ui-vCiR-BXm78e785LE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7_2zPuX9Ui-vCiR-BXm78e785LE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:f3:fc:3c:2b:88:78:54:93:02:dd:60:40:a4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=effdb33ee5fd522faf0a247e0579bbf1eefce4b1
        Validity
            Not Before: Jan  2 14:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfe408f2d8b5755baa55751d42a1f101b953daa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4a:23:50:81:54:51:8a:2a:4c:c2:18:97:82:
                    ed:43:69:52:5b:89:4a:b2:63:c2:73:27:66:7b:34:
                    81:fe:00:d2:5d:67:8a:cd:07:8e:bc:07:3b:d3:f7:
                    b3:57:3e:9f:66:a6:6f:69:98:ed:3f:e8:60:e7:d8:
                    f0:94:48:5b:87:97:24:ca:98:19:ab:7e:17:fe:17:
                    43:55:af:22:af:f6:d1:eb:e5:28:7f:de:a4:cb:83:
                    d4:cc:69:a6:45:c7:80:42:f9:a1:b8:7e:56:09:f6:
                    3c:1b:8e:a8:9b:77:8c:95:97:d2:e8:8b:17:61:37:
                    33:68:97:2b:ab:1d:ca:8a:47:1a:99:69:64:e2:3b:
                    d5:8d:88:55:66:2b:05:95:fc:4d:8a:2f:54:39:03:
                    45:43:5c:2f:c2:89:50:27:99:46:e3:e5:c7:0d:2f:
                    43:09:88:ef:57:40:76:25:98:61:c8:2c:b6:df:e5:
                    b6:46:4d:e4:cd:6e:12:cf:39:63:e2:ba:4b:82:46:
                    aa:71:52:a4:92:2d:97:2f:5e:83:ff:d2:03:a7:13:
                    c7:d2:d3:23:69:7a:6a:a8:e5:da:e1:15:69:fc:21:
                    fe:f0:b2:93:51:ce:01:8c:42:bf:e0:98:8a:f1:d4:
                    06:13:49:0a:78:14:c0:48:ee:b9:6c:19:67:df:60:
                    bf:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E4:08:F2:D8:B5:75:5B:AA:55:75:1D:42:A1:F1:01:B9:53:DA:A8
            X509v3 Authority Key Identifier:
                keyid:EF:FD:B3:3E:E5:FD:52:2F:AF:0A:24:7E:05:79:BB:F1:EE:FC:E4:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7_2zPuX9Ui-vCiR-BXm78e785LE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/v-QI8ti1dVuqVXUdQqHxAblT2qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/bd24a5-eacd-46e4-b1db-ad73abd00452/1/7_2zPuX9Ui-vCiR-BXm78e785LE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:42:d7:99:e9:de:74:8b:92:35:84:f1:00:76:04:13:2e:ba:
         35:84:03:68:d7:44:fc:e2:fd:ba:80:47:9c:b4:6d:ce:68:25:
         6f:1b:f2:37:e5:8e:35:4d:32:a3:f6:f7:f2:5a:05:d6:29:41:
         59:27:e0:bb:0f:29:9a:7b:2f:a9:b6:33:50:6f:08:6d:7b:bb:
         20:29:70:83:20:a4:5c:2a:a5:9f:5d:69:11:c5:2e:59:8c:47:
         24:e0:90:ed:01:ce:91:a1:4b:9c:d7:31:7e:57:d1:ec:45:16:
         6f:53:11:39:dc:ee:ec:27:16:65:eb:da:97:48:6a:46:d6:b2:
         7e:31:b5:5d:af:ad:fb:15:0a:22:5b:17:58:17:0f:c0:69:8c:
         dd:1c:da:5b:28:5f:92:80:0e:12:42:06:11:6a:37:b4:b7:29:
         33:2f:b2:6e:6c:72:c8:db:16:3d:f8:f6:84:a9:a8:04:dc:e4:
         07:26:f6:e8:01:ed:e2:ef:e6:b8:aa:15:54:9f:94:ec:ba:d3:
         3e:e1:0d:fd:b2:be:7c:3b:bb:95:bb:b4:2f:01:26:22:d8:6e:
         c9:c3:b5:40:8f:76:5b:e9:24:4f:ec:ce:ea:73:09:34:58:b7:
         67:a6:42:18:5a:8f:22:91:76:44:fe:8b:a5:4b:0c:59:51:bf:
         e7:6b:8d:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKlvP8PCuIeFSTAt1gQKQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZmRiMzNlZTVmZDUyMmZhZjBhMjQ3ZTA1NzliYmYxZWVm
Y2U0YjEwHhcNMjQwMTAyMTQzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmU0MDhmMmQ4YjU3NTViYWE1NTc1MWQ0MmExZjEwMWI5NTNkYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUojUIFUUYoqTMIYl4LtQ2lSW4lK
smPCcydmezSB/gDSXWeKzQeOvAc70/ezVz6fZqZvaZjtP+hg59jwlEhbh5ckypgZ
q34X/hdDVa8ir/bR6+Uof96ky4PUzGmmRceAQvmhuH5WCfY8G46om3eMlZfS6IsX
YTczaJcrqx3KikcamWlk4jvVjYhVZisFlfxNii9UOQNFQ1wvwolQJ5lG4+XHDS9D
CYjvV0B2JZhhyCy23+W2Rk3kzW4Szzlj4rpLgkaqcVKkki2XL16D/9IDpxPH0tMj
aXpqqOXa4RVp/CH+8LKTUc4BjEK/4JiK8dQGE0kKeBTASO65bBln32C/dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/kCPLYtXVbqlV1HUKh8QG5U9qoMB8GA1UdIwQY
MBaAFO/9sz7l/VIvrwokfgV5u/Hu/OSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN18yelB1WDlVaS12Q2lSLUJYbTc4ZTc4NUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZDI0YTUtZWFjZC00NmU0LWIxZGIt
YWQ3M2FiZDAwNDUyLzEvdi1RSTh0aTFkVnVxVlhVZFFxSHhBYmxUMnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZDI0YTUtZWFjZC00NmU0LWIxZGItYWQ3M2FiZDAwNDUy
LzEvN18yelB1WDlVaS12Q2lSLUJYbTc4ZTc4NUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXXuMA0G
CSqGSIb3DQEBCwUAA4IBAQAXQteZ6d50i5I1hPEAdgQTLro1hANo10T84v26gEec
tG3OaCVvG/I35Y41TTKj9vfyWgXWKUFZJ+C7Dymaey+ptjNQbwhte7sgKXCDIKRc
KqWfXWkRxS5ZjEck4JDtAc6RoUuc1zF+V9HsRRZvUxE53O7sJxZl69qXSGpG1rJ+
MbVdr637FQoiWxdYFw/AaYzdHNpbKF+SgA4SQgYRaje0tykzL7JubHLI2xY9+PaE
qagE3OQHJvboAe3i7+a4qhVUn5TsutM+4Q39sr58O7uVu7QvASYi2G7Jw7VAj3Zb
6SRP7M7qcwk0WLdnpkIYWo8ikXZE/oulSwxZUb/na43b
-----END CERTIFICATE-----