Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/cCDTFhTWLaY_kFlE3QJbMVQy0kM.roa
File:                     cCDTFhTWLaY_kFlE3QJbMVQy0kM.roa (raw, json)
Hash identifier:          I9LuwARNuFlldKz1dfRECgkWQW9ve4AwR8PGaGpZYEY=
Subject key identifier:   70:20:D3:16:14:D6:2D:A6:3F:90:59:44:DD:02:5B:31:54:32:D2:43
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC72772164562D2A88A77AE9EA1EA4D32
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/cCDTFhTWLaY_kFlE3QJbMVQy0kM.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8732
IP address blocks:        194.149.64.0/24 maxlen: 24
                          2001:b08:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:72:16:45:62:d2:a8:8a:77:ae:9e:a1:ea:4d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7020d31614d62da63f905944dd025b315432d243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:07:02:ee:6b:10:e7:6c:fc:0c:c4:85:c8:c9:
                    b6:8e:fc:7e:ec:05:67:01:74:ea:2f:6f:f6:73:85:
                    ee:f8:da:26:5e:2e:90:15:02:83:51:81:51:9f:64:
                    c0:b9:44:e0:64:b0:44:fb:8d:e6:94:32:48:56:67:
                    d9:af:57:56:e6:0a:56:f9:12:df:39:35:22:c4:16:
                    cf:3f:a5:5c:fb:e4:ae:8c:42:c3:41:e3:34:81:0d:
                    f1:3a:e0:4b:b5:9b:4c:be:90:bf:a0:00:b4:46:3d:
                    36:04:0d:68:dc:73:4b:72:76:be:5c:82:b6:3d:59:
                    ac:90:68:4a:a4:e4:ae:93:92:99:bd:c3:6a:51:f0:
                    52:83:4c:62:a0:ea:26:52:fe:c5:94:66:07:b3:96:
                    48:a0:10:46:e8:43:39:3b:73:4d:2b:7d:76:1d:4f:
                    1b:59:69:3b:08:31:94:32:59:d8:3a:40:f7:02:d4:
                    76:ec:ed:4b:89:67:22:4f:b9:68:98:57:81:21:e1:
                    32:33:91:e8:27:65:7f:76:71:8d:b1:e8:a3:c5:cf:
                    db:d6:cf:67:c9:31:a8:ff:29:d2:c2:0c:df:da:ea:
                    a6:b2:2c:28:1d:27:a2:ad:fb:15:04:41:06:26:e3:
                    53:f5:36:e3:28:b3:ea:66:62:ea:9f:1b:dc:57:35:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:20:D3:16:14:D6:2D:A6:3F:90:59:44:DD:02:5B:31:54:32:D2:43
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/cCDTFhTWLaY_kFlE3QJbMVQy0kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.64.0/24
                IPv6:
                  2001:b08:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:db:61:93:7f:5f:f6:d8:5f:0f:98:1c:14:9a:33:0d:6f:67:
         de:14:06:a7:c9:96:6b:57:02:6a:a4:dd:d6:cc:42:1d:bf:9c:
         14:46:d2:d5:4d:20:c3:ca:d9:8c:88:86:cc:58:05:e2:72:75:
         3c:52:41:2b:9e:d2:4e:73:06:44:d8:3b:3b:d9:92:62:cb:23:
         52:c5:6c:18:4e:20:fd:b1:fd:3c:31:7f:e8:03:77:79:b8:ab:
         60:e0:ea:2a:55:41:6e:64:b9:01:d0:a5:95:68:e5:6b:91:96:
         4c:4c:f7:b6:de:88:48:6a:a8:0e:20:56:52:a7:c0:34:21:3c:
         aa:ef:87:3d:88:dd:40:1d:16:b4:b6:a4:3b:c0:32:8c:f3:10:
         80:24:a4:b1:24:32:a0:96:b9:88:67:e2:19:88:e8:d0:b9:15:
         fb:c3:04:2d:38:71:4a:94:b0:dc:1d:40:c5:fe:9a:04:1b:38:
         29:14:c1:81:9b:f1:87:22:90:3e:7e:5b:4d:0b:cf:67:17:9e:
         cc:a4:8a:44:5f:bf:71:d7:e5:b4:db:49:80:49:3d:ea:59:83:
         84:11:1b:c9:79:14:06:6c:56:a0:95:7a:2b:8d:7a:3a:07:8c:
         41:5c:59:3d:98:3a:26:09:96:a8:4b:b7:a7:03:7e:07:fb:5c:
         ed:08:3c:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJ3IWRWLSqIp3rp6h6k0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIwZDMxNjE0ZDYyZGE2M2Y5MDU5NDRkZDAyNWIzMTU0MzJkMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgcC7msQ52z8DMSFyMm2jvx+7AVn
AXTqL2/2c4Xu+NomXi6QFQKDUYFRn2TAuUTgZLBE+43mlDJIVmfZr1dW5gpW+RLf
OTUixBbPP6Vc++SujELDQeM0gQ3xOuBLtZtMvpC/oAC0Rj02BA1o3HNLcna+XIK2
PVmskGhKpOSuk5KZvcNqUfBSg0xioOomUv7FlGYHs5ZIoBBG6EM5O3NNK312HU8b
WWk7CDGUMlnYOkD3AtR27O1LiWciT7lomFeBIeEyM5HoJ2V/dnGNseijxc/b1s9n
yTGo/ynSwgzf2uqmsiwoHSeirfsVBEEGJuNT9TbjKLPqZmLqnxvcVzX+lQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHAg0xYU1i2mP5BZRN0CWzFUMtJDMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvY0NEVEZoVFdMYVlfa0ZsRTNRSmJNVlF5MGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpVAMA8E
AgACMAkDBwAgAQsIACIwDQYJKoZIhvcNAQELBQADggEBAFDbYZN/X/bYXw+YHBSa
Mw1vZ94UBqfJlmtXAmqk3dbMQh2/nBRG0tVNIMPK2YyIhsxYBeJydTxSQSue0k5z
BkTYOzvZkmLLI1LFbBhOIP2x/Twxf+gDd3m4q2Dg6ipVQW5kuQHQpZVo5WuRlkxM
97beiEhqqA4gVlKnwDQhPKrvhz2I3UAdFrS2pDvAMozzEIAkpLEkMqCWuYhn4hmI
6NC5FfvDBC04cUqUsNwdQMX+mgQbOCkUwYGb8YcikD5+W00Lz2cXnsykikRfv3HX
5bTbSYBJPepZg4QRG8l5FAZsVqCVeiuNejoHjEFcWT2YOiYJlqhLt6cDfgf7XO0I
PFY=
-----END CERTIFICATE-----