Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/3LEfY4D8zbBZba4yQ-OcZU6DZ7w.roa
File:                     3LEfY4D8zbBZba4yQ-OcZU6DZ7w.roa (raw, json)
Hash identifier:          hO7EwsXfnKsLA93u5fAF7fNeRHmDUFITRrJ/UkxxVh4=
Subject key identifier:   DC:B1:1F:63:80:FC:CD:B0:59:6D:AE:32:43:E3:9C:65:4E:83:67:BC
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       018CC56DF437730BB1D66315D99094D70FE4
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/3LEfY4D8zbBZba4yQ-OcZU6DZ7w.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        85.115.210.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:37:73:0b:b1:d6:63:15:d9:90:94:d7:0f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb11f6380fccdb0596dae3243e39c654e8367bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c2:d6:0d:d4:98:50:c0:bc:0b:00:2d:f1:87:
                    0d:90:12:8f:f7:dd:7f:12:9b:5e:fa:bf:55:54:f9:
                    83:9b:01:f1:50:63:e5:da:c8:84:07:16:a0:59:f3:
                    48:0b:6e:5e:0c:28:54:cd:6f:88:f0:86:1a:4d:99:
                    0e:47:cd:06:47:36:4e:bd:67:26:12:60:cb:9e:af:
                    91:eb:f9:57:28:f0:e8:95:b3:20:3c:62:24:e1:f1:
                    ac:3f:af:3f:20:4f:13:23:64:e8:89:48:fe:92:aa:
                    f2:74:d2:8f:64:a3:d9:79:3a:c0:08:66:74:90:82:
                    e9:1d:35:78:ea:0f:51:b4:86:6c:ce:6c:2f:dc:17:
                    ae:76:0f:51:c4:a7:49:93:aa:fa:a4:7c:4c:be:ca:
                    d9:52:63:2b:d1:c8:80:41:bf:80:c2:ac:4c:fb:e9:
                    e4:4f:e9:b4:44:0e:2d:e9:6a:46:67:05:ee:f3:5b:
                    5f:42:48:e3:1e:d5:2b:0e:e9:5d:ad:6d:f1:a9:31:
                    b1:64:b1:c4:80:be:23:34:fc:be:c3:29:a8:89:c1:
                    b8:a3:fb:eb:17:4b:b3:ea:9b:a6:69:47:8a:fa:ed:
                    84:88:e6:2f:02:61:bc:ad:36:01:b7:97:1e:db:bb:
                    54:cf:fc:75:0b:2a:10:63:3a:e4:85:f8:d3:5c:4d:
                    e0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B1:1F:63:80:FC:CD:B0:59:6D:AE:32:43:E3:9C:65:4E:83:67:BC
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/3LEfY4D8zbBZba4yQ-OcZU6DZ7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:a9:0e:1c:35:65:8b:30:8c:0c:68:f6:85:b0:51:6c:6d:5c:
         1c:e2:04:da:a3:19:d2:da:a1:08:fa:79:a5:04:c9:91:c1:95:
         07:47:bb:25:61:85:6e:ae:14:3c:31:00:c2:bf:2d:bb:6a:df:
         a6:69:70:ab:9c:c6:4c:7f:5f:ca:f3:8f:85:cc:7c:04:68:8a:
         28:5f:d4:5f:5d:b7:ad:68:3c:ff:0f:98:59:10:d0:ae:97:0e:
         a9:15:58:c3:84:49:52:9e:a0:6e:8b:57:b8:9e:24:61:ce:09:
         f5:bd:d7:fb:b4:bb:43:89:9a:3e:79:e7:ad:d3:09:98:d0:40:
         7f:25:80:14:2f:60:34:49:30:b5:51:4a:e0:f1:21:97:38:2a:
         a7:dd:f4:60:24:64:42:41:9f:43:b4:bb:a3:92:3a:4b:1a:3a:
         9a:51:27:bf:1d:08:c5:8f:a5:db:12:60:69:2b:8f:e4:b0:6b:
         27:eb:c0:10:1f:83:b5:e7:88:b6:4e:45:4e:28:2a:79:3a:09:
         8a:63:d1:52:c1:72:90:88:d0:5d:b9:3b:37:91:02:dc:71:70:
         05:70:a3:c3:63:22:94:e4:6a:83:47:fd:12:b6:a0:f8:f1:21:
         c4:83:80:1d:01:3b:2b:4b:62:51:2e:8c:b0:3a:d5:6d:f1:16:
         f9:ee:13:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfQ3cwux1mMV2ZCU1w/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IxMWY2MzgwZmNjZGIwNTk2ZGFlMzI0M2UzOWM2NTRlODM2N2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsLWDdSYUMC8CwAt8YcNkBKP991/
Epte+r9VVPmDmwHxUGPl2siEBxagWfNIC25eDChUzW+I8IYaTZkOR80GRzZOvWcm
EmDLnq+R6/lXKPDolbMgPGIk4fGsP68/IE8TI2ToiUj+kqrydNKPZKPZeTrACGZ0
kILpHTV46g9RtIZszmwv3Beudg9RxKdJk6r6pHxMvsrZUmMr0ciAQb+AwqxM++nk
T+m0RA4t6WpGZwXu81tfQkjjHtUrDuldrW3xqTGxZLHEgL4jNPy+wymoicG4o/vr
F0uz6pumaUeK+u2EiOYvAmG8rTYBt5ce27tUz/x1CyoQYzrkhfjTXE3g8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyxH2OA/M2wWW2uMkPjnGVOg2e8MB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvM0xFZlk0RDh6YkJaYmE0eVEtT2NaVTZEWjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXPSMA0G
CSqGSIb3DQEBCwUAA4IBAQC8qQ4cNWWLMIwMaPaFsFFsbVwc4gTaoxnS2qEI+nml
BMmRwZUHR7slYYVurhQ8MQDCvy27at+maXCrnMZMf1/K84+FzHwEaIooX9RfXbet
aDz/D5hZENCulw6pFVjDhElSnqBui1e4niRhzgn1vdf7tLtDiZo+eeet0wmY0EB/
JYAUL2A0STC1UUrg8SGXOCqn3fRgJGRCQZ9DtLujkjpLGjqaUSe/HQjFj6XbEmBp
K4/ksGsn68AQH4O154i2TkVOKCp5OgmKY9FSwXKQiNBduTs3kQLccXAFcKPDYyKU
5GqDR/0StqD48SHEg4AdATsrS2JRLoywOtVt8Rb57hPC
-----END CERTIFICATE-----