Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8ShLEVggfPfdH3O4gWx6TBd4R9M.roa
File:                     8ShLEVggfPfdH3O4gWx6TBd4R9M.roa (raw, json)
Hash identifier:          puFNLB6k5AX72EfLJycbF+OWCEIcljOaoqfY8mLv2Dw=
Subject key identifier:   F1:28:4B:11:58:20:7C:F7:DD:1F:73:B8:81:6C:7A:4C:17:78:47:D3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F9F868848B7FE58B92527E34E7A85A71F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8ShLEVggfPfdH3O4gWx6TBd4R9M.roa
Signing time:             Wed 22 May 2024 08:59:05 +0000
ROA not before:           Wed 22 May 2024 08:59:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        45.8.94.0/24 maxlen: 24
                          212.87.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:86:88:48:b7:fe:58:b9:25:27:e3:4e:7a:85:a7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 22 08:59:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1284b1158207cf7dd1f73b8816c7a4c177847d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:7a:ca:d9:29:9f:89:a5:43:7c:88:18:8b:95:
                    3e:37:a4:29:dc:a0:4f:b2:2f:dd:c0:5e:5a:dd:71:
                    cc:f2:36:39:7d:a3:8e:ea:37:d2:7d:fe:7c:f2:76:
                    6d:f5:88:7c:97:52:68:56:57:ae:a5:17:2e:2d:93:
                    b8:58:f1:ea:82:2a:bc:d2:f3:a7:cd:37:88:51:bb:
                    e2:3c:74:21:64:d2:ee:bb:80:ee:4b:b2:fa:09:f1:
                    a0:01:f1:ef:92:74:7d:91:d4:72:67:57:29:fa:44:
                    d0:7c:8e:24:d0:6f:fa:a2:9f:0d:09:aa:a4:95:59:
                    2c:6e:1d:0e:df:a8:c0:95:76:94:d6:bc:6f:56:25:
                    49:6d:45:a6:ed:7d:4d:32:4b:76:47:0e:fc:be:1b:
                    36:7d:11:ec:55:9b:45:b5:91:b7:f5:6b:ce:e5:ab:
                    dd:e2:db:59:32:9f:4f:a3:e2:26:fc:f0:4f:61:26:
                    47:24:90:35:bd:cd:8a:8a:c5:db:2b:51:7c:5e:65:
                    82:03:c0:0f:99:51:3d:7d:d0:9f:5c:6e:e2:54:5c:
                    dd:df:1d:00:4f:9b:b0:68:43:c1:8b:0a:90:cb:37:
                    fb:05:6d:dd:69:28:20:05:74:4e:de:3c:af:cd:99:
                    59:29:32:0b:eb:e0:78:f8:62:f8:71:e9:d5:d7:ab:
                    9f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:28:4B:11:58:20:7C:F7:DD:1F:73:B8:81:6C:7A:4C:17:78:47:D3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8ShLEVggfPfdH3O4gWx6TBd4R9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.94.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:70:76:3b:1f:8f:ad:4b:d5:a6:95:fb:26:a9:f1:a1:e5:
         05:f4:35:6f:26:02:9f:0a:6d:21:4b:8a:26:80:12:2b:b2:39:
         46:22:dd:77:fc:70:42:85:01:28:63:f2:71:bd:58:b8:ce:19:
         af:a2:3e:88:70:7d:9e:25:66:e0:d7:59:68:1a:b5:87:91:23:
         da:5f:12:4f:3e:d6:be:b8:3e:bb:a4:de:da:5e:06:6e:3e:4a:
         12:2a:d9:dd:e5:e6:fa:59:1e:6a:16:df:60:0e:30:a1:d8:cb:
         97:96:fe:dd:35:2b:3a:41:32:3a:d7:1f:e3:da:80:de:b8:78:
         54:dc:b6:3e:67:82:13:3d:31:c6:59:d3:28:b3:17:89:6c:9a:
         04:c7:b1:86:78:94:86:d8:1b:56:93:ae:00:64:b9:94:9d:69:
         68:95:69:21:fe:70:6d:5a:02:6a:19:23:86:81:bd:30:fb:d6:
         a0:60:61:e6:bc:94:63:58:4e:e2:c1:50:df:30:9a:5e:ae:bc:
         10:a3:89:bf:1a:e1:66:90:3c:7b:98:ae:01:83:fd:e0:d3:7c:
         c4:c7:25:a7:6b:6d:a1:f6:6b:be:b7:be:7f:f9:30:f8:0e:16:
         d2:87:66:ee:83:ec:45:94:9f:62:8a:0b:4b:ae:84:77:1f:74:
         38:da:d7:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+fhohIt/5YuSUn4056hacfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTIyMDg1OTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTI4NGIxMTU4MjA3Y2Y3ZGQxZjczYjg4MTZjN2E0YzE3Nzg0N2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nrK2SmfiaVDfIgYi5U+N6Qp3KBP
si/dwF5a3XHM8jY5faOO6jfSff588nZt9Yh8l1JoVleupRcuLZO4WPHqgiq80vOn
zTeIUbviPHQhZNLuu4DuS7L6CfGgAfHvknR9kdRyZ1cp+kTQfI4k0G/6op8NCaqk
lVksbh0O36jAlXaU1rxvViVJbUWm7X1NMkt2Rw78vhs2fRHsVZtFtZG39WvO5avd
4ttZMp9Po+Im/PBPYSZHJJA1vc2KisXbK1F8XmWCA8APmVE9fdCfXG7iVFzd3x0A
T5uwaEPBiwqQyzf7BW3daSggBXRO3jyvzZlZKTIL6+B4+GL4cenV16uf3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPEoSxFYIHz33R9zuIFsekwXeEfTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOFNoTEVWZ2dmUGZkSDNPNGdXeDZUQmQ0UjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQheAwQA
1FfNMA0GCSqGSIb3DQEBCwUAA4IBAQAP5nB2Ox+PrUvVppX7JqnxoeUF9DVvJgKf
Cm0hS4omgBIrsjlGIt13/HBChQEoY/JxvVi4zhmvoj6IcH2eJWbg11loGrWHkSPa
XxJPPta+uD67pN7aXgZuPkoSKtnd5eb6WR5qFt9gDjCh2MuXlv7dNSs6QTI61x/j
2oDeuHhU3LY+Z4ITPTHGWdMosxeJbJoEx7GGeJSG2BtWk64AZLmUnWlolWkh/nBt
WgJqGSOGgb0w+9agYGHmvJRjWE7iwVDfMJperrwQo4m/GuFmkDx7mK4Bg/3g03zE
xyWna22h9mu+t75/+TD4DhbSh2bug+xFlJ9iigtLroR3H3Q42tfQ
-----END CERTIFICATE-----