Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/8rGzTfCTrXwwDtmji3mKAOk0XyA.roa
File:                     8rGzTfCTrXwwDtmji3mKAOk0XyA.roa (raw, json)
Hash identifier:          IOjc3X/eZAaUKjf0+ZCB5lzdwzUbPJl3qllaI9JIN8o=
Subject key identifier:   F2:B1:B3:4D:F0:93:AD:7C:30:0E:D9:A3:8B:79:8A:00:E9:34:5F:20
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       018CC5014C3447E9B23293023DC4A21D6DE9
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/8rGzTfCTrXwwDtmji3mKAOk0XyA.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62563
IP address blocks:        185.225.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:34:47:e9:b2:32:93:02:3d:c4:a2:1d:6d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2b1b34df093ad7c300ed9a38b798a00e9345f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ac:a3:a9:62:65:70:7c:d1:25:ae:b0:4f:a6:
                    af:b5:f5:f0:b9:7e:ab:dd:34:1a:84:3f:7b:b9:2c:
                    0e:d9:c1:e5:12:96:7b:1d:24:4f:90:25:d7:b3:79:
                    30:9c:84:91:67:50:fb:1d:62:c8:57:90:1c:98:05:
                    0c:89:94:b7:fb:c3:d7:93:be:ba:f5:15:0e:2e:30:
                    7d:09:37:cf:80:2b:ed:62:6c:48:e7:6b:61:0b:06:
                    3f:e3:c2:ec:d9:0a:70:11:bc:6f:2c:3d:bb:94:1c:
                    d8:96:c3:37:88:90:d0:3c:f2:cc:3e:3e:11:63:a4:
                    ff:45:19:28:44:96:4f:b7:0f:6d:c4:c2:80:8a:11:
                    c5:a8:56:cc:da:ac:f9:92:9f:a1:bb:d5:b3:6a:23:
                    f9:2b:3c:6d:66:64:07:c7:6e:01:ff:df:c6:fc:4b:
                    3a:fa:6d:b8:e0:09:9d:0c:8a:e6:f3:ce:28:c6:d0:
                    b7:8c:34:4b:d8:2e:ec:0a:c3:af:79:4a:f4:75:39:
                    d9:99:77:05:f1:0c:93:34:2a:5b:22:c5:e8:c8:63:
                    e7:32:fb:cd:68:2d:33:e8:29:07:30:5e:12:2f:cf:
                    a3:25:cd:77:30:04:d2:be:44:4e:0d:38:9d:b6:98:
                    ba:72:fe:49:2b:aa:61:21:20:0e:57:27:49:97:9e:
                    a5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B1:B3:4D:F0:93:AD:7C:30:0E:D9:A3:8B:79:8A:00:E9:34:5F:20
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/8rGzTfCTrXwwDtmji3mKAOk0XyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:05:21:92:b2:ac:35:3b:42:b8:74:11:32:9c:4a:e1:b4:32:
         99:c6:4d:32:4c:6c:63:db:e7:6e:fc:3c:47:0f:50:3b:e0:27:
         2b:08:fb:8a:ed:e1:29:aa:15:23:9b:77:28:91:ae:ca:c0:2f:
         3a:0c:d9:5b:99:00:b6:2c:de:e3:75:94:62:2d:a9:25:5d:01:
         e0:f4:e9:60:97:c3:f1:78:9a:e0:52:78:10:27:c4:5c:6d:41:
         6c:8f:ff:fb:d2:f4:09:0e:e2:cf:cf:0a:4e:f3:2c:bb:08:ac:
         1c:1c:ad:8e:a1:30:00:33:ab:11:19:40:df:a3:12:da:83:ba:
         7c:88:c5:16:40:e1:23:b2:fc:16:4a:0e:d4:48:2b:b0:ba:4b:
         30:6a:ae:50:5d:ac:db:1e:4a:a9:52:d3:fa:d6:b0:d2:f4:9c:
         44:b9:05:f4:2c:16:7a:06:3d:9c:6d:17:4f:7a:5f:9f:cb:0d:
         e6:58:9e:43:d5:d2:bf:e9:9e:12:46:60:51:df:bc:9b:9b:1c:
         b8:17:cd:d0:df:27:06:e3:26:cd:59:af:fc:66:14:1c:61:10:
         59:9e:48:3b:bc:ce:89:51:7e:99:4c:3e:30:d0:a2:90:64:08:
         30:7b:e6:87:d0:fd:1a:15:7c:f0:94:e3:40:bb:c2:8a:14:32:
         bf:7d:b2:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUw0R+myMpMCPcSiHW3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIxYjM0ZGYwOTNhZDdjMzAwZWQ5YTM4Yjc5OGEwMGU5MzQ1ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6yjqWJlcHzRJa6wT6avtfXwuX6r
3TQahD97uSwO2cHlEpZ7HSRPkCXXs3kwnISRZ1D7HWLIV5AcmAUMiZS3+8PXk766
9RUOLjB9CTfPgCvtYmxI52thCwY/48Ls2QpwEbxvLD27lBzYlsM3iJDQPPLMPj4R
Y6T/RRkoRJZPtw9txMKAihHFqFbM2qz5kp+hu9WzaiP5KzxtZmQHx24B/9/G/Es6
+m244AmdDIrm884oxtC3jDRL2C7sCsOveUr0dTnZmXcF8QyTNCpbIsXoyGPnMvvN
aC0z6CkHMF4SL8+jJc13MATSvkRODTidtpi6cv5JK6phISAOVydJl56lzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKxs03wk618MA7Zo4t5igDpNF8gMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvOHJHelRmQ1RyWHd3RHRtamkzbUtBT2swWHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHsMA0G
CSqGSIb3DQEBCwUAA4IBAQAoBSGSsqw1O0K4dBEynErhtDKZxk0yTGxj2+du/DxH
D1A74CcrCPuK7eEpqhUjm3coka7KwC86DNlbmQC2LN7jdZRiLaklXQHg9Olgl8Px
eJrgUngQJ8RcbUFsj//70vQJDuLPzwpO8yy7CKwcHK2OoTAAM6sRGUDfoxLag7p8
iMUWQOEjsvwWSg7USCuwukswaq5QXazbHkqpUtP61rDS9JxEuQX0LBZ6Bj2cbRdP
el+fyw3mWJ5D1dK/6Z4SRmBR37ybmxy4F83Q3ycG4ybNWa/8ZhQcYRBZnkg7vM6J
UX6ZTD4w0KKQZAgwe+aH0P0aFXzwlONAu8KKFDK/fbIv
-----END CERTIFICATE-----