Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/tiihDyggTlNrGs7qGS_6CynTVm0.roa
File:                     tiihDyggTlNrGs7qGS_6CynTVm0.roa (raw, json)
Hash identifier:          8R7q3JLHdHLUCTjCQJJQM9lDPx9qJ9zgL03pV3gIHvs=
Subject key identifier:   B6:28:A1:0F:28:20:4E:53:6B:1A:CE:EA:19:2F:FA:0B:29:D3:56:6D
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDE5CA36BD736A2F05AF9157296D4
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/tiihDyggTlNrGs7qGS_6CynTVm0.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200420
IP address blocks:        212.110.157.0/24 maxlen: 24
                          192.109.248.0/24 maxlen: 24
                          185.76.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:de:5c:a3:6b:d7:36:a2:f0:5a:f9:15:72:96:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b628a10f28204e536b1aceea192ffa0b29d3566d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a2:56:3b:78:20:bb:c3:df:6a:f2:c5:a3:79:
                    4f:cf:43:cd:97:d8:c7:0b:7e:c8:81:e2:24:54:76:
                    26:9d:c7:bf:da:26:74:77:94:ba:67:eb:fd:e9:93:
                    ca:2a:53:c2:dd:b6:88:ec:60:ce:f0:4e:b0:40:0e:
                    ff:8b:bc:b8:0b:a6:c2:e4:9a:63:08:c8:b2:91:93:
                    b3:0e:04:65:d5:8c:8a:1c:8b:8c:13:49:1b:62:40:
                    0b:72:43:a7:d2:45:6b:25:26:7b:88:e5:b1:c7:0f:
                    25:7e:68:e9:14:a7:04:da:71:13:2a:47:b5:9a:58:
                    95:b1:92:58:ae:ad:b5:59:e7:f7:c4:44:3f:a5:6a:
                    ce:c1:7b:83:5f:0e:a1:30:87:60:bd:3d:12:39:27:
                    1e:e0:0f:71:ea:60:5f:87:9e:2c:22:62:7d:fa:82:
                    62:47:fc:59:97:78:89:d0:0c:31:97:f7:4b:06:d8:
                    60:39:df:d4:4d:e5:f4:4b:a5:9b:51:af:c1:e0:0a:
                    73:49:fe:c2:e0:5d:be:10:d6:fa:87:07:23:66:b8:
                    2a:72:da:dd:3e:40:73:de:ba:27:fd:ab:b4:3d:b4:
                    5d:78:29:bd:8e:07:ac:fb:e2:d7:3b:33:f6:60:a0:
                    97:a4:5b:aa:3c:58:1b:ef:9f:bd:07:8e:d7:9e:e3:
                    99:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:28:A1:0F:28:20:4E:53:6B:1A:CE:EA:19:2F:FA:0B:29:D3:56:6D
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/tiihDyggTlNrGs7qGS_6CynTVm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.82.0/24
                  192.109.248.0/24
                  212.110.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:4c:6f:7b:6c:65:73:a0:0c:d4:57:9d:89:71:ac:06:ee:2d:
         60:24:51:80:4c:06:8b:76:97:8e:8d:29:f1:fd:7b:fd:ac:3b:
         24:da:5e:96:00:95:5a:da:34:df:10:ed:53:20:7e:da:1f:45:
         22:04:e2:0a:1e:55:34:b4:d1:d5:d9:57:81:b7:a6:58:b1:18:
         89:27:c0:46:05:78:d4:9a:0d:e6:af:6b:d4:c3:a9:cb:dd:e2:
         70:50:b5:29:ac:bc:47:b4:9b:23:82:41:45:19:b1:cb:aa:64:
         59:38:4e:7c:d9:2a:dc:df:c5:10:ef:e7:84:15:57:cb:51:64:
         80:31:56:1e:c3:58:cc:6f:a1:82:d3:eb:a1:2b:33:1b:54:01:
         95:32:48:f9:ad:bf:5a:3d:45:3a:9e:7e:21:79:5e:b2:e2:fd:
         74:73:f1:cb:dc:ce:b1:84:17:05:d4:ec:ea:a8:c5:f9:9b:a2:
         55:61:02:7b:0d:7b:08:a6:fc:38:ed:8f:7d:10:46:8f:20:09:
         2c:f0:e9:67:5b:a4:b9:a6:68:f7:c4:ce:81:d3:9a:09:46:6c:
         34:bd:d8:52:c5:d1:96:c0:84:86:f7:c7:fd:2b:68:da:c8:15:
         e3:1d:f5:5a:ed:9f:85:43:e0:af:5d:fc:9e:e6:4d:f5:29:b6:
         5d:22:e4:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3t5co2vXNqLwWvkVcpbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjI4YTEwZjI4MjA0ZTUzNmIxYWNlZWExOTJmZmEwYjI5ZDM1NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqJWO3ggu8PfavLFo3lPz0PNl9jH
C37IgeIkVHYmnce/2iZ0d5S6Z+v96ZPKKlPC3baI7GDO8E6wQA7/i7y4C6bC5Jpj
CMiykZOzDgRl1YyKHIuME0kbYkALckOn0kVrJSZ7iOWxxw8lfmjpFKcE2nETKke1
mliVsZJYrq21Wef3xEQ/pWrOwXuDXw6hMIdgvT0SOSce4A9x6mBfh54sImJ9+oJi
R/xZl3iJ0Awxl/dLBthgOd/UTeX0S6WbUa/B4ApzSf7C4F2+ENb6hwcjZrgqctrd
PkBz3ron/au0PbRdeCm9jges++LXOzP2YKCXpFuqPFgb75+9B47XnuOZlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLYooQ8oIE5TaxrO6hkv+gsp01ZtMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvdGlpaER5Z2dUbE5yR3M3cUdTXzZDeW5UVm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuUxSAwQA
wG34AwQA1G6dMA0GCSqGSIb3DQEBCwUAA4IBAQB5TG97bGVzoAzUV52JcawG7i1g
JFGATAaLdpeOjSnx/Xv9rDsk2l6WAJVa2jTfEO1TIH7aH0UiBOIKHlU0tNHV2VeB
t6ZYsRiJJ8BGBXjUmg3mr2vUw6nL3eJwULUprLxHtJsjgkFFGbHLqmRZOE582Src
38UQ7+eEFVfLUWSAMVYew1jMb6GC0+uhKzMbVAGVMkj5rb9aPUU6nn4heV6y4v10
c/HL3M6xhBcF1OzqqMX5m6JVYQJ7DXsIpvw47Y99EEaPIAks8OlnW6S5pmj3xM6B
05oJRmw0vdhSxdGWwISG98f9K2jayBXjHfVa7Z+FQ+CvXfye5k31KbZdIuRD
-----END CERTIFICATE-----