Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/7wrCmeS-57-lNYKppRhr6qw4nMg.roa
File:                     7wrCmeS-57-lNYKppRhr6qw4nMg.roa (raw, json)
Hash identifier:          +AcFfbZ2Z2xjMkDZgr7xkFysGftC964jW1GcEgcD9fA=
Subject key identifier:   EF:0A:C2:99:E4:BE:E7:BF:A5:35:82:A9:A5:18:6B:EA:AC:38:9C:C8
Certificate issuer:       /CN=f8a41594a92a9ae05c65a04f803d411a4f88423f
Certificate serial:       018CCA2A6777658F8151A523C0C526819520
Authority key identifier: F8:A4:15:94:A9:2A:9A:E0:5C:65:A0:4F:80:3D:41:1A:4F:88:42:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/7wrCmeS-57-lNYKppRhr6qw4nMg.roa
Signing time:             Tue 02 Jan 2024 12:33:45 +0000
ROA not before:           Tue 02 Jan 2024 12:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211957
IP address blocks:        185.235.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:67:77:65:8f:81:51:a5:23:c0:c5:26:81:95:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a41594a92a9ae05c65a04f803d411a4f88423f
        Validity
            Not Before: Jan  2 12:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef0ac299e4bee7bfa53582a9a5186beaac389cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:5a:1e:85:85:8f:7c:99:70:af:8a:49:9f:
                    1e:71:d0:62:b1:5e:3e:09:e0:0c:99:5d:82:b3:38:
                    83:24:88:dd:c8:29:53:ea:79:ae:81:42:29:2d:c4:
                    72:dc:d7:0f:52:49:26:98:2b:79:de:02:5b:b3:5a:
                    09:8b:2a:12:37:49:3b:0e:88:ab:c9:da:d8:f9:8d:
                    41:3e:5e:86:5a:67:9b:54:cc:77:d4:71:a1:38:1a:
                    56:d1:1c:2c:c8:7c:93:b4:ed:00:1c:91:07:08:64:
                    fd:29:a2:41:bb:9f:82:ad:ab:b7:5c:a1:cb:e7:7c:
                    4a:a9:ff:ee:1e:ac:05:40:4e:56:a7:10:9a:75:5e:
                    40:36:ac:6b:5f:64:fe:56:e5:ac:2e:57:06:0c:b7:
                    55:61:f0:6d:60:0b:77:69:e3:c8:ce:19:ae:a6:c5:
                    de:95:cc:95:c7:60:b3:b1:1c:73:00:22:94:c2:e7:
                    d6:28:3c:20:bb:79:6d:11:51:bc:83:eb:f4:93:bc:
                    bc:6d:22:15:35:d7:00:ba:60:cf:63:3f:cc:35:d2:
                    25:5c:d3:66:9a:a0:84:62:ec:12:5e:3d:23:78:9d:
                    90:d7:62:59:64:a1:d7:eb:1b:59:da:ec:35:26:a0:
                    15:e1:2e:b8:54:3e:31:a6:0f:c3:a6:10:f8:bf:29:
                    71:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:0A:C2:99:E4:BE:E7:BF:A5:35:82:A9:A5:18:6B:EA:AC:38:9C:C8
            X509v3 Authority Key Identifier:
                keyid:F8:A4:15:94:A9:2A:9A:E0:5C:65:A0:4F:80:3D:41:1A:4F:88:42:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/7wrCmeS-57-lNYKppRhr6qw4nMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/630362-290f-46bc-8446-6a7c3ba31410/1/1-KQVlKkqmuBcZaBPgD1BGk-IQj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:68:07:1e:5a:1f:3e:17:b9:59:94:6b:30:e4:2f:ee:a9:2d:
         c9:d4:13:26:88:6a:b1:a3:6d:ac:01:46:9a:01:64:1d:7b:86:
         77:1a:65:a0:4e:5c:c2:80:de:ed:20:a5:16:66:fb:27:40:39:
         f3:c8:46:ea:ed:bd:c5:47:06:3b:ea:c0:e7:0d:36:07:24:53:
         fe:b0:92:d3:1d:d8:af:f7:46:12:ca:f4:56:a6:a1:89:64:1f:
         da:6c:67:ea:2a:24:04:7c:2e:ec:01:77:32:49:b4:e5:b7:7d:
         b5:05:3e:4b:22:52:6b:49:ef:ad:62:2e:d7:8a:64:3c:2c:9d:
         97:ec:03:46:f4:0c:73:18:6b:ed:22:ef:63:cb:1b:38:a4:1b:
         90:37:62:c5:dc:13:93:8f:8c:42:35:41:d2:50:9c:7b:5f:f3:
         cc:c8:23:27:88:ad:f0:51:43:02:ff:85:03:e4:d3:c6:ed:57:
         3a:16:13:28:e9:b2:4a:fe:05:9c:bb:d8:41:b6:9c:7e:e0:a9:
         39:0b:7f:0c:81:6e:4c:15:84:a9:b3:b0:a9:80:c8:d7:9d:7c:
         a2:cd:6e:7e:10:e8:90:e6:9f:9a:ce:41:ce:6c:ca:f9:2a:97:
         b6:c7:aa:f3:dd:3b:d4:cc:9f:e4:bf:2e:02:dc:2c:63:b6:d5:
         5b:96:bb:50
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKmd3ZY+BUaUjwMUmgZUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTQxNTk0YTkyYTlhZTA1YzY1YTA0ZjgwM2Q0MTFhNGY4
ODQyM2YwHhcNMjQwMTAyMTIzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjBhYzI5OWU0YmVlN2JmYTUzNTgyYTlhNTE4NmJlYWFjMzg5Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriNaHoWFj3yZcK+KSZ8ecdBisV4+
CeAMmV2CsziDJIjdyClT6nmugUIpLcRy3NcPUkkmmCt53gJbs1oJiyoSN0k7Doir
ydrY+Y1BPl6GWmebVMx31HGhOBpW0RwsyHyTtO0AHJEHCGT9KaJBu5+Crau3XKHL
53xKqf/uHqwFQE5WpxCadV5ANqxrX2T+VuWsLlcGDLdVYfBtYAt3aePIzhmupsXe
lcyVx2CzsRxzACKUwufWKDwgu3ltEVG8g+v0k7y8bSIVNdcAumDPYz/MNdIlXNNm
mqCEYuwSXj0jeJ2Q12JZZKHX6xtZ2uw1JqAV4S64VD4xpg/DphD4vylxywIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO8Kwpnkvue/pTWCqaUYa+qsOJzIMB8GA1UdIwQY
MBaAFPikFZSpKprgXGWgT4A9QRpPiEI/MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LUVZsS2txbXVCY1phQlBnRDFCR2stSVFqOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvNjMwMzYyLTI5MGYtNDZiYy04NDQ2
LTZhN2MzYmEzMTQxMC8xLzd3ckNtZVMtNTctbE5ZS3BwUmhyNnF3NG5NZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvNjMwMzYyLTI5MGYtNDZiYy04NDQ2LTZhN2MzYmEzMTQx
MC8xLzEtS1FWbEtrcW11QmNaYUJQZ0QxQkdrLUlRajguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC56wgw
DQYJKoZIhvcNAQELBQADggEBAIpoBx5aHz4XuVmUazDkL+6pLcnUEyaIarGjbawB
RpoBZB17hncaZaBOXMKA3u0gpRZm+ydAOfPIRurtvcVHBjvqwOcNNgckU/6wktMd
2K/3RhLK9FamoYlkH9psZ+oqJAR8LuwBdzJJtOW3fbUFPksiUmtJ761iLteKZDws
nZfsA0b0DHMYa+0i72PLGzikG5A3YsXcE5OPjEI1QdJQnHtf88zIIyeIrfBRQwL/
hQPk08btVzoWEyjpskr+BZy72EG2nH7gqTkLfwyBbkwVhKmzsKmAyNedfKLNbn4Q
6JDmn5rOQc5syvkql7bHqvPdO9TMn+S/LgLcLGO21VuWu1A=
-----END CERTIFICATE-----