Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/8BfIfbqRbr7vFJJdsZjek3I2_OE.roa
File:                     8BfIfbqRbr7vFJJdsZjek3I2_OE.roa (raw, json)
Hash identifier:          20YyxvLv/C/kCSItZfaNXnEf5xotGjl4Unvx5nEgPOk=
Subject key identifier:   F0:17:C8:7D:BA:91:6E:BE:EF:14:92:5D:B1:98:DE:93:72:36:FC:E1
Certificate issuer:       /CN=f6f4febab33760475755755122b9f20262391b92
Certificate serial:       018CCA28F29C445A8812D30B27F774251010
Authority key identifier: F6:F4:FE:BA:B3:37:60:47:57:55:75:51:22:B9:F2:02:62:39:1B:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9vT-urM3YEdXVXVRIrnyAmI5G5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/8BfIfbqRbr7vFJJdsZjek3I2_OE.roa
Signing time:             Tue 02 Jan 2024 12:32:10 +0000
ROA not before:           Tue 02 Jan 2024 12:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.249.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/9vT-urM3YEdXVXVRIrnyAmI5G5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/9vT-urM3YEdXVXVRIrnyAmI5G5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9vT-urM3YEdXVXVRIrnyAmI5G5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:f2:9c:44:5a:88:12:d3:0b:27:f7:74:25:10:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6f4febab33760475755755122b9f20262391b92
        Validity
            Not Before: Jan  2 12:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f017c87dba916ebeef14925db198de937236fce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:52:50:62:78:3f:fa:01:bb:b5:1a:28:40:b2:
                    0d:79:af:8d:07:24:c2:71:25:0a:ce:cf:e5:d7:40:
                    40:25:ef:3a:5b:b9:b4:17:63:1d:ed:52:ed:d1:38:
                    8d:1e:f9:1d:79:4c:b4:15:14:ed:f6:9d:03:de:b8:
                    c6:d1:3a:7f:6f:bf:43:bb:94:10:07:b5:73:36:f1:
                    38:05:39:f9:3d:7e:61:ee:94:42:da:b0:65:7a:2c:
                    14:9e:1b:96:4b:23:70:b4:5a:4d:08:f8:a5:55:66:
                    8a:dc:4b:3f:41:19:b2:db:1a:f6:16:f5:48:44:f4:
                    51:f7:f0:3c:55:75:f9:28:ef:af:dc:5b:5e:b4:14:
                    10:df:60:91:b6:57:8c:83:44:10:e3:1a:cb:fe:10:
                    3c:b8:6b:b9:80:f0:c1:b3:92:c8:65:08:7b:a3:5e:
                    5c:e4:63:7e:27:45:9c:21:50:ae:6f:33:ec:39:69:
                    5d:ec:d3:b5:29:a9:f2:70:f8:28:0d:3d:e3:61:94:
                    15:62:06:72:c3:8c:16:6d:8a:da:fa:cb:2e:48:60:
                    31:60:1d:8f:7e:c7:8f:38:59:74:01:89:6d:b0:22:
                    78:46:3f:d1:85:d6:a0:1e:f2:c0:25:c0:c4:08:7a:
                    fd:87:b1:e5:1e:b7:bf:a1:7f:72:81:9a:c2:27:3e:
                    b4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:17:C8:7D:BA:91:6E:BE:EF:14:92:5D:B1:98:DE:93:72:36:FC:E1
            X509v3 Authority Key Identifier:
                keyid:F6:F4:FE:BA:B3:37:60:47:57:55:75:51:22:B9:F2:02:62:39:1B:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9vT-urM3YEdXVXVRIrnyAmI5G5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/8BfIfbqRbr7vFJJdsZjek3I2_OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c29a1c-244d-44d4-bf1b-db843340f3d5/1/9vT-urM3YEdXVXVRIrnyAmI5G5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e9:b5:5e:8d:73:e4:31:fd:3a:15:16:11:4b:2b:e1:75:44:1d:
         3d:f6:ce:94:df:65:2b:da:36:91:42:d2:e8:f3:c8:9a:38:ce:
         83:34:c4:8a:ee:d2:37:3e:b6:b5:36:2e:f1:2f:86:af:89:b7:
         e7:4d:a9:9e:38:01:8d:2c:0d:cb:3f:61:0f:fa:ca:8a:85:b2:
         ed:7a:cb:51:83:13:9d:cf:65:53:73:0a:45:ca:53:20:ae:e2:
         e0:3c:f4:16:6c:fc:ad:0b:79:66:8c:70:f4:e8:74:f0:05:eb:
         cd:a3:0a:a3:0e:d3:19:7e:da:a1:84:45:07:f5:0e:1b:54:17:
         07:90:b5:3c:fa:a0:bd:0b:24:71:fd:6f:1c:21:a3:98:0e:a4:
         e5:73:f1:96:5e:7b:8c:17:64:75:dd:1e:34:68:77:be:ee:25:
         b5:52:c8:48:4f:fd:24:d8:e8:3a:9c:3a:ac:f6:d7:82:23:9c:
         85:c6:98:4f:08:0d:2f:3c:3c:b5:0c:31:03:7c:27:23:25:e1:
         60:9d:96:eb:c1:ee:52:5f:ad:4a:b1:95:4a:b6:6c:54:29:de:
         bc:02:fb:b0:31:70:de:23:c3:0e:48:10:16:35:48:60:0e:80:
         ba:74:fe:12:52:20:76:18:41:30:54:2b:65:a4:2f:22:7a:b7:
         ed:5d:89:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKPKcRFqIEtMLJ/d0JRAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZjRmZWJhYjMzNzYwNDc1NzU1NzU1MTIyYjlmMjAyNjIz
OTFiOTIwHhcNMjQwMTAyMTIzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDE3Yzg3ZGJhOTE2ZWJlZWYxNDkyNWRiMTk4ZGU5MzcyMzZmY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVJQYng/+gG7tRooQLINea+NByTC
cSUKzs/l10BAJe86W7m0F2Md7VLt0TiNHvkdeUy0FRTt9p0D3rjG0Tp/b79Du5QQ
B7VzNvE4BTn5PX5h7pRC2rBleiwUnhuWSyNwtFpNCPilVWaK3Es/QRmy2xr2FvVI
RPRR9/A8VXX5KO+v3FtetBQQ32CRtleMg0QQ4xrL/hA8uGu5gPDBs5LIZQh7o15c
5GN+J0WcIVCubzPsOWld7NO1KanycPgoDT3jYZQVYgZyw4wWbYra+ssuSGAxYB2P
fsePOFl0AYltsCJ4Rj/RhdagHvLAJcDECHr9h7HlHre/oX9ygZrCJz60FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAXyH26kW6+7xSSXbGY3pNyNvzhMB8GA1UdIwQY
MBaAFPb0/rqzN2BHV1V1USK58gJiORuSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXZULXVyTTNZRWRYVlhWUklybnlBbUk1RzVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jMjlhMWMtMjQ0ZC00NGQ0LWJmMWIt
ZGI4NDMzNDBmM2Q1LzEvOEJmSWZicVJicjd2RkpKZHNaamVrM0kyX09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jMjlhMWMtMjQ0ZC00NGQ0LWJmMWItZGI4NDMzNDBmM2Q1
LzEvOXZULXVyTTNZRWRYVlhWUklybnlBbUk1RzVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufnAMA0G
CSqGSIb3DQEBCwUAA4IBAQDptV6Nc+Qx/ToVFhFLK+F1RB099s6U32Ur2jaRQtLo
88iaOM6DNMSK7tI3Pra1Ni7xL4avibfnTameOAGNLA3LP2EP+sqKhbLtestRgxOd
z2VTcwpFylMgruLgPPQWbPytC3lmjHD06HTwBevNowqjDtMZftqhhEUH9Q4bVBcH
kLU8+qC9CyRx/W8cIaOYDqTlc/GWXnuMF2R13R40aHe+7iW1UshIT/0k2Og6nDqs
9teCI5yFxphPCA0vPDy1DDEDfCcjJeFgnZbrwe5SX61KsZVKtmxUKd68AvuwMXDe
I8MOSBAWNUhgDoC6dP4SUiB2GEEwVCtlpC8ierftXYnZ
-----END CERTIFICATE-----