Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/x-8U_R7MCbBxUcVYMlbulNOpews.roa
File:                     x-8U_R7MCbBxUcVYMlbulNOpews.roa (raw, json)
Hash identifier:          fOCP4OOvZ9i1uaBJxyryxy3RPgzn5IGMD07RtrEgVXc=
Subject key identifier:   C7:EF:14:FD:1E:CC:09:B0:71:51:C5:58:32:56:EE:94:D3:A9:7B:0B
Certificate issuer:       /CN=169f4ed6620c8960521fbb81ff72e837dc0038af
Certificate serial:       018CC64ABDC764D9F5D221191FAEA11CE026
Authority key identifier: 16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/x-8U_R7MCbBxUcVYMlbulNOpews.roa
Signing time:             Mon 01 Jan 2024 18:30:36 +0000
ROA not before:           Mon 01 Jan 2024 18:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8695
IP address blocks:        185.1.39.0/24 maxlen: 24
                          2001:7f8:80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bd:c7:64:d9:f5:d2:21:19:1f:ae:a1:1c:e0:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169f4ed6620c8960521fbb81ff72e837dc0038af
        Validity
            Not Before: Jan  1 18:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7ef14fd1ecc09b07151c5583256ee94d3a97b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1d:c1:d6:a3:5e:f2:71:5f:a9:f2:9f:11:91:
                    e2:ba:b0:ea:e0:6e:f4:a2:80:6b:b2:6a:d3:13:81:
                    bb:63:e8:5e:52:62:a6:f2:0e:5c:cc:01:84:30:54:
                    d4:11:95:dc:93:c3:de:c7:28:9f:b6:c7:8b:ad:84:
                    41:b6:ec:a8:8e:db:40:2d:b6:df:ed:3d:d6:57:a5:
                    5c:a3:46:fe:ae:eb:57:a6:5a:0d:a1:f6:39:cd:9c:
                    f3:fd:af:66:b6:46:18:cf:ee:03:3a:c0:8f:a4:2d:
                    9c:63:9a:da:18:90:84:0d:d0:57:79:9f:ac:ad:e4:
                    39:06:0b:8a:16:c4:e7:a4:1a:d5:61:4c:58:62:5f:
                    2c:40:83:cc:0a:0a:6e:1f:91:1b:b5:07:17:fb:10:
                    98:be:f2:6f:da:2e:3e:d3:86:f6:bb:cd:bb:fb:0d:
                    0c:b5:ba:f1:d4:58:ce:a1:d7:96:fe:7d:c3:ae:10:
                    0b:6d:14:2b:90:8e:45:bc:5c:8f:27:0a:6c:3a:3c:
                    a8:9a:89:3a:5b:be:ed:eb:4f:a1:bc:a2:f6:70:2e:
                    7c:77:15:cf:71:7c:17:9e:19:3d:89:64:87:6a:0c:
                    57:7e:12:e9:ba:4d:f6:0f:df:05:d5:6d:6d:90:8d:
                    cd:91:7e:bf:6b:cd:59:9c:17:fd:f2:62:64:7e:13:
                    7e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EF:14:FD:1E:CC:09:B0:71:51:C5:58:32:56:EE:94:D3:A9:7B:0B
            X509v3 Authority Key Identifier:
                keyid:16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/x-8U_R7MCbBxUcVYMlbulNOpews.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.39.0/24
                IPv6:
                  2001:7f8:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:de:fb:fb:6d:ee:0a:95:64:27:cf:b3:5b:e9:07:24:28:ae:
         20:bc:c0:fa:5d:4f:ce:07:1a:59:9d:30:b6:f9:4b:fb:9f:41:
         ed:d0:14:0d:70:f7:3b:25:9d:6f:95:22:29:49:0b:c3:53:df:
         06:09:5d:c0:08:e6:c9:c9:c1:41:7e:a1:94:a9:40:a8:d8:af:
         79:c8:86:81:82:ce:43:2e:1c:9b:e7:6a:19:12:bd:41:c5:d1:
         38:d3:7a:35:2b:8d:5e:86:03:40:01:b5:96:8b:5d:60:62:9a:
         28:ef:a6:74:53:6b:cc:3e:aa:25:1d:6d:e3:d6:87:98:3b:57:
         9e:b7:e5:1b:a2:02:58:de:66:4b:db:e2:66:98:9f:42:d7:38:
         23:b8:57:e4:3c:5e:56:4a:bd:17:5f:a5:5a:e5:04:30:f0:51:
         10:d3:19:3d:8f:31:09:61:a9:2e:48:22:30:09:53:4e:0d:7a:
         2a:42:d9:e9:53:76:24:be:d7:a9:cc:4f:68:57:85:a5:7e:a8:
         2c:62:70:74:db:a9:c4:ad:37:41:30:6d:9a:aa:7c:38:7c:de:
         f4:e9:a2:08:37:45:db:41:77:8e:34:d7:21:9e:ea:e1:f1:49:
         bc:c0:5c:26:c3:01:89:d4:67:77:c4:f3:af:fe:81:ec:43:80:
         3c:04:f6:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSr3HZNn10iEZH66hHOAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWY0ZWQ2NjIwYzg5NjA1MjFmYmI4MWZmNzJlODM3ZGMw
MDM4YWYwHhcNMjQwMTAxMTgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2VmMTRmZDFlY2MwOWIwNzE1MWM1NTgzMjU2ZWU5NGQzYTk3YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh3B1qNe8nFfqfKfEZHiurDq4G70
ooBrsmrTE4G7Y+heUmKm8g5czAGEMFTUEZXck8PexyiftseLrYRBtuyojttALbbf
7T3WV6Vco0b+rutXploNofY5zZzz/a9mtkYYz+4DOsCPpC2cY5raGJCEDdBXeZ+s
reQ5BguKFsTnpBrVYUxYYl8sQIPMCgpuH5EbtQcX+xCYvvJv2i4+04b2u827+w0M
tbrx1FjOodeW/n3DrhALbRQrkI5FvFyPJwpsOjyomok6W77t60+hvKL2cC58dxXP
cXwXnhk9iWSHagxXfhLpuk32D98F1W1tkI3NkX6/a81ZnBf98mJkfhN+sQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMfvFP0ezAmwcVHFWDJW7pTTqXsLMB8GA1UdIwQY
MBaAFBafTtZiDIlgUh+7gf9y6DfcADivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWIt
Y2Y1ZmIwNDI1NjZhLzEveC04VV9SN01DYkJ4VWNWWU1sYnVsTk9wZXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWItY2Y1ZmIwNDI1NjZh
LzEvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQEnMA8E
AgACMAkDBwAgAQf4AIAwDQYJKoZIhvcNAQELBQADggEBACPe+/tt7gqVZCfPs1vp
ByQoriC8wPpdT84HGlmdMLb5S/ufQe3QFA1w9zslnW+VIilJC8NT3wYJXcAI5snJ
wUF+oZSpQKjYr3nIhoGCzkMuHJvnahkSvUHF0TjTejUrjV6GA0ABtZaLXWBimijv
pnRTa8w+qiUdbePWh5g7V5635RuiAljeZkvb4maYn0LXOCO4V+Q8XlZKvRdfpVrl
BDDwURDTGT2PMQlhqS5IIjAJU04NeipC2elTdiS+16nMT2hXhaV+qCxicHTbqcSt
N0EwbZqqfDh83vTpogg3RdtBd4401yGe6uHxSbzAXCbDAYnUZ3fE86/+gexDgDwE
9vo=
-----END CERTIFICATE-----