Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u1DoFw30m_VOWPLD6Tz8WCvlAI.roa
File:                     8u1DoFw30m_VOWPLD6Tz8WCvlAI.roa (raw, json)
Hash identifier:          rqM7iqoSz2oyeYO6p20FDKKbWqWAItAT65VbZRXqLbE=
Subject key identifier:   F2:ED:43:A0:5C:37:D2:6F:D5:39:63:CB:0F:A4:F3:F1:60:AF:94:02
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD16E144131C0519E74CD999D2FC3
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u1DoFw30m_VOWPLD6Tz8WCvlAI.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41403
IP address blocks:        78.136.232.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d1:6e:14:41:31:c0:51:9e:74:cd:99:9d:2f:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2ed43a05c37d26fd53963cb0fa4f3f160af9402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:25:41:88:aa:eb:44:55:f7:c2:78:2c:2b:23:
                    aa:0d:c1:6c:d2:32:5c:5e:47:dd:00:07:1c:0b:6a:
                    c2:1d:b6:7c:36:d8:67:c0:2a:f1:e2:83:8e:33:da:
                    fd:f2:ed:4f:97:4f:f9:99:27:c2:20:e7:ea:13:96:
                    77:30:71:5a:f7:ec:d2:a1:cb:f2:29:f2:f1:93:f0:
                    29:95:f1:4e:5f:73:a9:b0:f3:68:b4:24:33:9d:1b:
                    5e:3b:48:e8:49:32:41:43:9c:4d:be:39:22:fd:02:
                    66:30:36:d3:cf:08:2c:ad:b1:19:3c:17:c3:f2:b7:
                    e5:8a:e2:25:e4:cc:a0:5f:a8:e6:db:43:47:21:ff:
                    97:e4:1f:f8:4d:1c:d4:e8:92:ef:b9:9f:82:df:71:
                    20:d6:80:d8:ef:fc:51:42:78:74:5c:a0:c9:e0:79:
                    d7:7a:5f:51:c0:e8:df:6b:a7:bd:93:3b:38:37:99:
                    88:9a:33:41:00:85:ad:37:ea:77:23:8c:1f:a1:d8:
                    16:aa:ce:53:9b:c3:a9:d7:32:a6:65:f2:a8:b3:9c:
                    b2:ee:52:93:47:1f:c6:d1:05:74:92:04:0e:de:26:
                    ec:0c:e4:f5:c3:01:69:64:05:f1:80:6f:fa:f1:8d:
                    d8:3d:05:59:18:be:28:0f:24:f7:48:7e:c7:06:cf:
                    1e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:ED:43:A0:5C:37:D2:6F:D5:39:63:CB:0F:A4:F3:F1:60:AF:94:02
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u1DoFw30m_VOWPLD6Tz8WCvlAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.136.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:fb:80:80:4f:6b:45:b3:09:7e:1b:7a:cf:9d:75:6c:dc:70:
         d3:ca:17:af:cb:c2:14:4f:52:4b:3f:6f:6b:77:a5:9c:a6:11:
         8d:55:c4:29:6b:11:0c:f1:45:fe:cc:a5:26:18:2e:01:14:6b:
         9a:51:58:9a:ab:4f:6d:11:ed:9d:bd:31:d0:d9:f9:a1:bc:bc:
         93:84:d8:ab:78:6d:97:6a:32:77:8f:83:63:ea:db:57:b3:14:
         53:87:f0:57:5d:d9:9c:98:42:28:f0:cb:9e:41:d8:07:99:eb:
         06:69:60:ae:78:12:5e:b8:23:e7:a7:fc:77:a9:05:11:0a:0a:
         1c:e1:22:1d:92:7f:79:f6:00:30:6c:34:5b:b3:00:2e:42:c8:
         47:f2:5c:b1:0d:8d:15:d5:8c:9a:55:ab:b6:4d:eb:c6:d0:6d:
         a9:cd:d1:b0:96:9c:7e:44:a7:60:e0:82:b5:74:a0:e0:c6:53:
         fd:75:bf:17:98:1b:64:c8:49:1a:60:52:a1:bb:3c:ec:a5:2c:
         78:f1:e9:9b:ef:ea:3c:eb:8f:14:ed:67:40:b5:f4:ca:a8:41:
         fe:9c:2e:5a:41:57:9a:87:6a:a6:1a:fb:e6:16:13:cc:08:91:
         de:e0:cb:84:a0:d2:70:41:82:ca:50:d5:e6:25:33:ab:44:9e:
         51:0c:15:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNFuFEExwFGedM2ZnS/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVkNDNhMDVjMzdkMjZmZDUzOTYzY2IwZmE0ZjNmMTYwYWY5NDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSVBiKrrRFX3wngsKyOqDcFs0jJc
XkfdAAccC2rCHbZ8NthnwCrx4oOOM9r98u1Pl0/5mSfCIOfqE5Z3MHFa9+zSocvy
KfLxk/AplfFOX3OpsPNotCQznRteO0joSTJBQ5xNvjki/QJmMDbTzwgsrbEZPBfD
8rfliuIl5MygX6jm20NHIf+X5B/4TRzU6JLvuZ+C33Eg1oDY7/xRQnh0XKDJ4HnX
el9RwOjfa6e9kzs4N5mImjNBAIWtN+p3I4wfodgWqs5Tm8Op1zKmZfKos5yy7lKT
Rx/G0QV0kgQO3ibsDOT1wwFpZAXxgG/68Y3YPQVZGL4oDyT3SH7HBs8eNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLtQ6BcN9Jv1Tljyw+k8/Fgr5QCMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvOHUxRG9GdzMwbV9WT1dQTEQ2VHo4V0N2bEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTojoMA0G
CSqGSIb3DQEBCwUAA4IBAQCt+4CAT2tFswl+G3rPnXVs3HDTyhevy8IUT1JLP29r
d6WcphGNVcQpaxEM8UX+zKUmGC4BFGuaUViaq09tEe2dvTHQ2fmhvLyThNireG2X
ajJ3j4Nj6ttXsxRTh/BXXdmcmEIo8MueQdgHmesGaWCueBJeuCPnp/x3qQURCgoc
4SIdkn959gAwbDRbswAuQshH8lyxDY0V1YyaVau2TevG0G2pzdGwlpx+RKdg4IK1
dKDgxlP9db8XmBtkyEkaYFKhuzzspSx48emb7+o8648U7WdAtfTKqEH+nC5aQVea
h2qmGvvmFhPMCJHe4MuEoNJwQYLKUNXmJTOrRJ5RDBXA
-----END CERTIFICATE-----