Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/8HG7M_5FByqDnFaSRoV-Fpo3EUg.roa
File:                     8HG7M_5FByqDnFaSRoV-Fpo3EUg.roa (raw, json)
Hash identifier:          rk0h8ounwwyHr8LjNwrr3vhUwBBSNYl/TIJzX4yOAaA=
Subject key identifier:   F0:71:BB:33:FE:45:07:2A:83:9C:56:92:46:85:7E:16:9A:37:11:48
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       0191EBF5523D8135BA4F08F5C950E58369B6
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/8HG7M_5FByqDnFaSRoV-Fpo3EUg.roa
Signing time:             Fri 13 Sep 2024 15:16:48 +0000
ROA not before:           Fri 13 Sep 2024 15:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200471
IP address blocks:        160.62.9.0/24 maxlen: 24
                          160.62.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:f5:52:3d:81:35:ba:4f:08:f5:c9:50:e5:83:69:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Sep 13 15:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f071bb33fe45072a839c569246857e169a371148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:da:7e:f9:9d:67:0e:63:2b:f1:e1:86:e3:c8:
                    05:51:c3:8e:87:c9:08:82:b4:35:73:8f:41:e8:4c:
                    16:b6:a5:7d:57:f7:9e:e4:86:fc:e1:7c:26:36:04:
                    60:f9:29:a1:4d:de:6b:c1:1f:5b:08:89:de:4a:24:
                    7a:01:3c:15:6c:d5:90:9c:1f:5a:d4:5c:a3:b0:d0:
                    b2:b9:b4:44:4d:56:2e:9d:99:33:c1:2a:5b:89:60:
                    04:68:11:91:4a:7a:05:c9:fb:e6:62:52:9a:f2:90:
                    3f:ff:75:a0:b8:2b:37:83:d5:a8:8e:8c:1d:01:ad:
                    5f:ba:fb:4b:10:ef:eb:00:c9:d1:5f:6b:2d:bd:27:
                    42:db:95:78:39:12:a5:30:57:d2:23:82:97:1f:f4:
                    45:3c:da:62:90:80:fc:18:d0:6d:64:f0:54:6c:35:
                    46:1b:ed:72:bf:ce:d0:c8:81:00:9b:7c:19:81:9f:
                    df:78:94:e2:5b:cd:92:21:f4:90:15:75:ad:b1:bb:
                    2a:d1:99:0e:9d:8b:4f:55:11:2a:b3:d4:09:c7:75:
                    ab:e4:3f:2a:7e:19:3b:77:09:2d:ec:85:65:61:67:
                    fd:88:83:6c:65:4d:d3:ff:36:d5:0a:2b:66:83:d7:
                    0f:25:1e:95:6c:5a:4c:a6:a4:58:5d:0f:50:42:cf:
                    0d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:71:BB:33:FE:45:07:2A:83:9C:56:92:46:85:7E:16:9A:37:11:48
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/8HG7M_5FByqDnFaSRoV-Fpo3EUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.62.9.0/24
                  160.62.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a4:ae:bb:b8:97:70:6c:ac:44:d7:e5:be:aa:2a:10:92:a3:
         49:61:c2:0b:23:7a:e8:b8:8d:15:af:84:b5:12:4d:20:34:65:
         19:0f:90:6e:d6:9d:81:3d:fa:5c:34:a3:9c:4a:ad:cd:93:f4:
         1e:b1:26:bd:08:b4:f8:7c:96:2a:8f:83:b6:63:57:95:fd:7d:
         22:e6:8b:ae:83:74:2b:19:26:31:ae:7a:75:f3:1e:85:a8:79:
         e6:5e:71:14:65:a8:76:8d:94:5a:67:50:a6:c1:ff:8f:11:5a:
         10:6b:1a:d1:25:96:84:fd:19:a0:0a:1b:40:9e:61:6c:53:e7:
         72:81:54:c4:48:c1:c9:aa:4b:28:fb:e4:e8:6d:f9:29:bd:d0:
         3a:e8:c4:c9:05:e0:a3:25:ec:65:15:45:00:b4:ba:17:3f:7d:
         31:e9:e6:75:30:4b:61:18:1d:34:cf:d7:55:03:04:78:85:21:
         d8:27:e4:82:3c:55:67:51:73:07:9f:73:fb:ee:b5:26:bc:dd:
         14:30:a4:dd:0b:d2:64:53:bd:88:51:da:a4:85:13:ef:3b:56:
         4f:5e:38:71:2c:07:ae:36:df:ea:70:2a:38:e6:29:c5:bb:18:
         39:29:4f:c7:54:4e:91:e3:d2:77:6d:5d:30:99:2a:e1:84:ae:
         9e:0d:ea:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHr9VI9gTW6Twj1yVDlg2m2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjQwOTEzMTUxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDcxYmIzM2ZlNDUwNzJhODM5YzU2OTI0Njg1N2UxNjlhMzcxMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNp++Z1nDmMr8eGG48gFUcOOh8kI
grQ1c49B6EwWtqV9V/ee5Ib84XwmNgRg+SmhTd5rwR9bCIneSiR6ATwVbNWQnB9a
1FyjsNCyubRETVYunZkzwSpbiWAEaBGRSnoFyfvmYlKa8pA//3WguCs3g9Wojowd
Aa1fuvtLEO/rAMnRX2stvSdC25V4ORKlMFfSI4KXH/RFPNpikID8GNBtZPBUbDVG
G+1yv87QyIEAm3wZgZ/feJTiW82SIfSQFXWtsbsq0ZkOnYtPVREqs9QJx3Wr5D8q
fhk7dwkt7IVlYWf9iINsZU3T/zbVCitmg9cPJR6VbFpMpqRYXQ9QQs8NzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPBxuzP+RQcqg5xWkkaFfhaaNxFIMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvOEhHN01fNUZCeXFEbkZhU1JvVi1GcG8zRVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAoD4JAwQA
oD4VMA0GCSqGSIb3DQEBCwUAA4IBAQADpK67uJdwbKxE1+W+qioQkqNJYcILI3ro
uI0Vr4S1Ek0gNGUZD5Bu1p2BPfpcNKOcSq3Nk/QesSa9CLT4fJYqj4O2Y1eV/X0i
5ouug3QrGSYxrnp18x6FqHnmXnEUZah2jZRaZ1Cmwf+PEVoQaxrRJZaE/RmgChtA
nmFsU+dygVTESMHJqkso++TobfkpvdA66MTJBeCjJexlFUUAtLoXP30x6eZ1MEth
GB00z9dVAwR4hSHYJ+SCPFVnUXMHn3P77rUmvN0UMKTdC9JkU72IUdqkhRPvO1ZP
XjhxLAeuNt/qcCo45inFuxg5KU/HVE6R49J3bV0wmSrhhK6eDep7
-----END CERTIFICATE-----