Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/8HLfUsLI90ljq0WvpqCzeCO3h28.roa
File:                     8HLfUsLI90ljq0WvpqCzeCO3h28.roa (raw, json)
Hash identifier:          6O1RIz0CTCFXEBgh+mA0w9HvRV6bKr6vCB88BtL2OpE=
Subject key identifier:   F0:72:DF:52:C2:C8:F7:49:63:AB:45:AF:A6:A0:B3:78:23:B7:87:6F
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       018DEB937DEC51691CFC02C2574305438391
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/8HLfUsLI90ljq0WvpqCzeCO3h28.roa
Signing time:             Tue 27 Feb 2024 17:18:48 +0000
ROA not before:           Tue 27 Feb 2024 17:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215415
IP address blocks:        45.139.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:93:7d:ec:51:69:1c:fc:02:c2:57:43:05:43:83:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Feb 27 17:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f072df52c2c8f74963ab45afa6a0b37823b7876f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b4:7b:5a:e5:c6:65:f5:bf:1f:96:56:9d:19:
                    0c:bb:29:25:09:c9:01:37:25:3a:ba:7a:9c:fa:ce:
                    fa:f7:e5:e1:98:b0:a4:34:09:d9:05:33:3e:3e:03:
                    06:6e:8d:f0:66:2d:df:07:8e:11:80:13:33:30:c0:
                    06:73:a0:07:7c:58:18:84:bd:84:64:fe:bc:b4:2e:
                    65:17:2d:2e:e7:35:37:b0:09:44:90:34:bd:14:3b:
                    4e:e4:58:d5:a7:82:7e:06:a4:26:cc:20:5a:7f:b9:
                    65:36:4b:32:43:3c:b3:8d:73:e5:4d:a1:7f:7f:a3:
                    12:54:c6:ec:f3:46:1e:f9:53:5b:40:61:a8:12:a0:
                    50:49:2c:77:62:82:8b:03:18:9c:d1:8a:89:dd:c4:
                    29:8e:4d:8a:b0:f7:8d:d0:16:eb:62:9b:e5:42:aa:
                    46:6c:e0:64:f2:cb:72:4f:e6:e0:24:77:87:97:37:
                    85:fe:c0:b2:6e:97:47:a1:ee:aa:e6:fe:a9:53:d5:
                    f0:d0:bd:ab:9e:50:80:c9:87:6e:43:ed:99:01:3d:
                    e4:d5:b0:23:ea:b6:06:1d:83:7e:ef:7c:17:50:46:
                    dd:cf:9e:a8:aa:40:a0:b0:fe:f1:22:c2:e2:c5:3e:
                    ee:92:8c:b4:ae:d7:9b:a9:73:e6:03:79:57:7a:66:
                    7c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:72:DF:52:C2:C8:F7:49:63:AB:45:AF:A6:A0:B3:78:23:B7:87:6F
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/8HLfUsLI90ljq0WvpqCzeCO3h28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:fb:65:3f:ac:15:7a:3f:ee:9e:88:8c:15:31:94:c1:f4:93:
         ff:55:78:33:bd:d9:5e:a6:6f:a3:7c:40:64:ad:4e:db:03:6d:
         3c:e6:e0:82:df:d5:fc:0d:f8:2f:4c:82:d1:bb:d4:89:18:d9:
         89:1b:73:94:a6:96:35:31:37:77:9a:fc:1f:5d:26:52:aa:b4:
         2b:5b:58:3a:28:53:0a:ed:62:28:32:5d:a0:0e:48:8b:09:56:
         5a:3d:14:2f:35:3c:74:e2:89:bf:2f:6d:f8:5e:44:e2:10:b5:
         34:b6:f7:a0:f9:9a:e4:db:2b:a3:ae:f3:29:ac:65:80:b0:e7:
         1f:36:38:f6:9a:5b:5c:11:4a:6c:4a:37:40:00:47:48:e9:83:
         09:51:ed:4c:02:b9:c2:96:49:3e:92:72:7a:9e:af:3f:d0:c6:
         78:e9:e7:10:cc:7c:60:c6:7a:b8:49:0e:91:68:cc:30:1a:5d:
         9c:f7:7e:89:80:55:e6:84:37:ff:40:c0:ea:17:05:67:70:81:
         ad:2e:4f:3c:0a:d3:3e:24:cf:a7:ed:7c:79:fb:ea:c5:6c:77:
         22:95:22:51:5b:83:58:17:08:11:e6:50:f5:68:a1:bf:61:06:
         a5:45:fe:ca:6b:4d:e1:da:59:d9:69:be:5f:9e:97:0e:d1:5b:
         0b:82:e5:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3rk33sUWkc/ALCV0MFQ4ORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjQwMjI3MTcxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDcyZGY1MmMyYzhmNzQ5NjNhYjQ1YWZhNmEwYjM3ODIzYjc4NzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrR7WuXGZfW/H5ZWnRkMuyklCckB
NyU6unqc+s769+XhmLCkNAnZBTM+PgMGbo3wZi3fB44RgBMzMMAGc6AHfFgYhL2E
ZP68tC5lFy0u5zU3sAlEkDS9FDtO5FjVp4J+BqQmzCBaf7llNksyQzyzjXPlTaF/
f6MSVMbs80Ye+VNbQGGoEqBQSSx3YoKLAxic0YqJ3cQpjk2KsPeN0BbrYpvlQqpG
bOBk8styT+bgJHeHlzeF/sCybpdHoe6q5v6pU9Xw0L2rnlCAyYduQ+2ZAT3k1bAj
6rYGHYN+73wXUEbdz56oqkCgsP7xIsLixT7ukoy0rtebqXPmA3lXemZ8yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBy31LCyPdJY6tFr6ags3gjt4dvMB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvOEhMZlVzTEk5MGxqcTBXdnBxQ3plQ08zaDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYvTMA0G
CSqGSIb3DQEBCwUAA4IBAQAw+2U/rBV6P+6eiIwVMZTB9JP/VXgzvdlepm+jfEBk
rU7bA2085uCC39X8DfgvTILRu9SJGNmJG3OUppY1MTd3mvwfXSZSqrQrW1g6KFMK
7WIoMl2gDkiLCVZaPRQvNTx04om/L234XkTiELU0tveg+Zrk2yujrvMprGWAsOcf
Njj2mltcEUpsSjdAAEdI6YMJUe1MArnClkk+knJ6nq8/0MZ46ecQzHxgxnq4SQ6R
aMwwGl2c936JgFXmhDf/QMDqFwVncIGtLk88CtM+JM+n7Xx5++rFbHcilSJRW4NY
FwgR5lD1aKG/YQalRf7Ka03h2lnZab5fnpcO0VsLguVU
-----END CERTIFICATE-----