Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/_I8fkG5eEBpdSvl_jZLWIrFsd3A.roa
File:                     _I8fkG5eEBpdSvl_jZLWIrFsd3A.roa (raw, json)
Hash identifier:          Jg4qqG417SwDO0XkrnEonQrIYOMKe975vG47yVkyTqw=
Subject key identifier:   FC:8F:1F:90:6E:5E:10:1A:5D:4A:F9:7F:8D:92:D6:22:B1:6C:77:70
Certificate issuer:       /CN=432eab6fd0778faa8fe7cf2f806d964c4aa93813
Certificate serial:       018CC6B7A3CB598806157FB26B4230417A80
Authority key identifier: 43:2E:AB:6F:D0:77:8F:AA:8F:E7:CF:2F:80:6D:96:4C:4A:A9:38:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy6rb9B3j6qP588vgG2WTEqpOBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/_I8fkG5eEBpdSvl_jZLWIrFsd3A.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59437
IP address blocks:        185.251.18.0/24 maxlen: 24
                          2a0b:d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/Qy6rb9B3j6qP588vgG2WTEqpOBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/Qy6rb9B3j6qP588vgG2WTEqpOBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy6rb9B3j6qP588vgG2WTEqpOBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a3:cb:59:88:06:15:7f:b2:6b:42:30:41:7a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432eab6fd0778faa8fe7cf2f806d964c4aa93813
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc8f1f906e5e101a5d4af97f8d92d622b16c7770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f6:54:78:41:ba:53:4d:87:3e:a4:2c:6f:d2:
                    62:38:b7:44:fd:ec:fd:54:f9:e4:30:92:4a:9e:33:
                    d9:43:bb:f4:69:a3:f5:77:fb:73:9b:ee:01:da:08:
                    c6:22:7a:1d:27:f5:ce:5c:84:18:65:2e:77:46:9e:
                    4b:f0:a6:5e:44:d0:f3:ad:7d:32:c4:f6:2b:1c:a2:
                    1f:8d:54:a1:d2:32:62:c6:c2:ac:f4:28:c1:2a:b6:
                    d3:6c:8d:08:b1:19:b7:40:ef:ba:0c:ab:2e:93:43:
                    47:cd:07:27:e4:ad:01:c7:cc:68:d1:44:4d:0a:47:
                    c0:4f:52:9d:53:65:a1:72:10:99:06:b0:25:57:aa:
                    08:8e:2b:88:e0:10:1d:2b:03:2e:5a:90:d4:91:04:
                    2b:50:33:64:34:a1:0a:73:b4:44:e6:74:fe:57:ac:
                    84:f6:96:ef:c8:c4:00:bf:56:a1:18:07:a5:96:94:
                    11:5a:a7:42:21:f1:68:6a:94:c9:f8:85:ca:88:5b:
                    29:2b:eb:6f:4b:8e:a0:57:d0:cf:ab:f5:c8:59:bf:
                    6c:8d:e4:8c:51:f2:6e:40:af:60:9a:b9:10:b1:ea:
                    2f:3d:d2:4d:d5:23:63:32:2b:33:d0:55:12:dc:df:
                    78:2f:e4:82:fb:38:ad:3b:8f:d4:d4:a8:06:a7:90:
                    13:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8F:1F:90:6E:5E:10:1A:5D:4A:F9:7F:8D:92:D6:22:B1:6C:77:70
            X509v3 Authority Key Identifier:
                keyid:43:2E:AB:6F:D0:77:8F:AA:8F:E7:CF:2F:80:6D:96:4C:4A:A9:38:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy6rb9B3j6qP588vgG2WTEqpOBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/_I8fkG5eEBpdSvl_jZLWIrFsd3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/Qy6rb9B3j6qP588vgG2WTEqpOBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.18.0/24
                IPv6:
                  2a0b:d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:ce:ff:f3:74:b8:2a:a3:fe:2d:4c:46:f9:3d:92:1e:da:43:
         02:eb:65:a8:af:e9:12:fa:65:53:97:ce:56:4e:c6:35:1e:7f:
         45:a5:c8:d3:c1:b9:0f:75:b4:de:6a:2e:de:13:ec:fd:d0:d1:
         0d:53:75:74:2d:8b:be:08:c6:59:60:63:41:60:38:76:4e:7b:
         38:57:86:68:cf:e0:21:0c:b0:8e:6f:0d:13:39:d5:0e:fb:7f:
         71:e7:fb:5b:ee:9a:b8:3f:aa:bf:40:52:0b:9c:19:c4:61:00:
         92:75:61:68:fa:48:da:68:d9:fa:7e:68:5e:20:0d:37:cc:2a:
         ea:b3:98:51:49:ce:8c:9e:6e:d0:77:88:9e:08:2a:52:03:ec:
         24:33:80:a9:18:a8:f9:ab:d6:16:d0:b1:63:a0:56:ba:43:15:
         ea:16:15:ba:b6:f0:41:16:77:8a:64:71:61:6d:6b:97:bc:46:
         e1:7b:46:98:4e:ff:ba:37:45:88:4a:0a:56:47:ec:7e:85:8c:
         75:ed:0d:8a:98:2d:17:93:1b:bc:0c:ae:8c:d2:57:fd:df:08:
         9f:a1:ff:1d:25:d8:eb:fc:30:37:85:c0:13:7d:d3:a1:54:11:
         ed:af:36:13:97:41:33:a8:9f:85:cf:9d:3a:84:6b:8f:37:b7:
         9c:a4:d6:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6PLWYgGFX+ya0IwQXqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmVhYjZmZDA3NzhmYWE4ZmU3Y2YyZjgwNmQ5NjRjNGFh
OTM4MTMwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhmMWY5MDZlNWUxMDFhNWQ0YWY5N2Y4ZDkyZDYyMmIxNmM3NzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/ZUeEG6U02HPqQsb9JiOLdE/ez9
VPnkMJJKnjPZQ7v0aaP1d/tzm+4B2gjGInodJ/XOXIQYZS53Rp5L8KZeRNDzrX0y
xPYrHKIfjVSh0jJixsKs9CjBKrbTbI0IsRm3QO+6DKsuk0NHzQcn5K0Bx8xo0URN
CkfAT1KdU2WhchCZBrAlV6oIjiuI4BAdKwMuWpDUkQQrUDNkNKEKc7RE5nT+V6yE
9pbvyMQAv1ahGAellpQRWqdCIfFoapTJ+IXKiFspK+tvS46gV9DPq/XIWb9sjeSM
UfJuQK9gmrkQseovPdJN1SNjMisz0FUS3N94L+SC+zitO4/U1KgGp5ATmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPyPH5BuXhAaXUr5f42S1iKxbHdwMB8GA1UdIwQY
MBaAFEMuq2/Qd4+qj+fPL4BtlkxKqTgTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk2cmI5QjNqNnFQNTg4dmdHMldURXFwT0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8xOTNlMWYtZjcwZS00ZGY3LWEwNGMt
NzQ2ZmFlZDJmNTYxLzEvX0k4ZmtHNWVFQnBkU3ZsX2paTFdJckZzZDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8xOTNlMWYtZjcwZS00ZGY3LWEwNGMtNzQ2ZmFlZDJmNTYx
LzEvUXk2cmI5QjNqNnFQNTg4dmdHMldURXFwT0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufsSMA0E
AgACMAcDBQMqCw1AMA0GCSqGSIb3DQEBCwUAA4IBAQBvzv/zdLgqo/4tTEb5PZIe
2kMC62Wor+kS+mVTl85WTsY1Hn9FpcjTwbkPdbTeai7eE+z90NENU3V0LYu+CMZZ
YGNBYDh2Tns4V4Zoz+AhDLCObw0TOdUO+39x5/tb7pq4P6q/QFILnBnEYQCSdWFo
+kjaaNn6fmheIA03zCrqs5hRSc6Mnm7Qd4ieCCpSA+wkM4CpGKj5q9YW0LFjoFa6
QxXqFhW6tvBBFneKZHFhbWuXvEbhe0aYTv+6N0WISgpWR+x+hYx17Q2KmC0Xkxu8
DK6M0lf93wifof8dJdjr/DA3hcATfdOhVBHtrzYTl0EzqJ+Fz506hGuPN7ecpNZh
-----END CERTIFICATE-----