Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/8c8GXJ_XvRgKPxkLkbQxM-ADETw.roa
File:                     8c8GXJ_XvRgKPxkLkbQxM-ADETw.roa (raw, json)
Hash identifier:          2BGG7UjEGjGVyqckSwaexIMIqiyLee6UEGOBA0IpqzM=
Subject key identifier:   F1:CF:06:5C:9F:D7:BD:18:0A:3F:19:0B:91:B4:31:33:E0:03:11:3C
Certificate issuer:       /CN=601331eccd96d02c1035734cd00a390e8311d942
Certificate serial:       018CC26D6FB49189C89C11FC29F2D066497C
Authority key identifier: 60:13:31:EC:CD:96:D0:2C:10:35:73:4C:D0:0A:39:0E:83:11:D9:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/8c8GXJ_XvRgKPxkLkbQxM-ADETw.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200076
IP address blocks:        194.59.24.0/22 maxlen: 22
                          2a0c:fac0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6f:b4:91:89:c8:9c:11:fc:29:f2:d0:66:49:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=601331eccd96d02c1035734cd00a390e8311d942
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1cf065c9fd7bd180a3f190b91b43133e003113c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dd:6c:fe:91:17:ac:0b:1d:15:7f:b4:f8:f5:
                    0b:ec:61:01:10:4d:26:17:88:2f:3b:41:f7:5c:94:
                    26:8f:28:4c:66:e5:3c:25:0e:0f:ba:9f:16:2d:ac:
                    21:7e:58:f9:d4:e8:11:b2:97:03:fa:9f:ba:18:ce:
                    80:4c:ed:49:30:48:a4:72:e4:12:70:cd:2c:ff:7f:
                    74:4d:8b:b9:35:90:6d:f2:15:24:41:65:ea:99:be:
                    09:3c:10:82:d7:d1:e9:5d:ec:a2:1a:1a:3b:9f:10:
                    1f:6a:f5:b1:f5:74:49:d1:d0:5e:a4:a8:56:c7:d9:
                    82:d6:fd:a8:7a:f5:87:98:be:82:ae:7d:12:aa:0c:
                    d2:23:f6:ee:f7:73:b1:6e:59:34:24:de:32:c0:95:
                    3d:92:85:32:7a:7a:e6:44:cb:04:c6:37:49:b0:ae:
                    0d:b0:d9:f5:af:ae:70:6f:30:ac:7f:42:d5:c6:d1:
                    77:06:bf:83:68:b0:30:ad:f0:c7:00:2f:8e:10:6f:
                    17:be:77:10:79:48:3b:b1:ba:b4:7f:7a:48:d6:ef:
                    3d:20:8a:4b:e7:87:f7:e9:0a:6b:b6:93:bb:a2:8b:
                    39:ef:78:ea:e9:37:66:3b:f5:5a:ae:b8:51:9b:ac:
                    59:cf:70:7a:39:75:07:d8:fb:38:d1:7e:87:f3:b5:
                    32:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CF:06:5C:9F:D7:BD:18:0A:3F:19:0B:91:B4:31:33:E0:03:11:3C
            X509v3 Authority Key Identifier:
                keyid:60:13:31:EC:CD:96:D0:2C:10:35:73:4C:D0:0A:39:0E:83:11:D9:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/8c8GXJ_XvRgKPxkLkbQxM-ADETw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/bf656b-ff93-454b-a39e-3b1131e504b8/1/YBMx7M2W0CwQNXNM0Ao5DoMR2UI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.24.0/22
                IPv6:
                  2a0c:fac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:a9:da:e9:1d:71:53:f1:39:0b:11:50:56:21:f9:0f:96:db:
         d5:31:91:80:2d:8c:1e:0d:82:5b:74:05:03:7f:55:2e:ea:d5:
         e7:88:c5:08:59:d0:73:52:88:62:d8:54:34:47:2e:52:05:ef:
         0e:97:e5:9a:8c:2c:fa:a3:52:eb:ff:f5:59:e4:b7:02:28:51:
         28:b4:12:e5:69:95:2f:bd:a1:0e:9f:d1:1a:f6:96:a2:49:88:
         b3:9b:89:41:84:00:49:66:40:60:ba:bf:f8:cc:8a:8a:a6:ba:
         d5:b5:16:98:eb:ca:b1:60:f2:be:38:9f:ea:08:34:42:c9:72:
         a0:77:51:8b:1c:53:2c:c8:ba:af:7a:14:0d:56:a3:92:5f:6f:
         ea:79:2a:8a:41:d4:d6:f9:08:4c:85:ff:e4:3b:50:36:4a:d6:
         0b:cd:bc:64:29:d4:36:3e:42:e7:dc:6c:9e:cd:99:76:32:85:
         a3:19:3e:6e:08:6c:0e:0e:49:74:85:bb:66:31:b7:4a:8c:ec:
         9b:23:ed:77:99:92:23:1e:ae:f7:c1:75:d2:49:4e:b8:50:c5:
         db:6a:56:68:8e:8f:c6:a1:04:e0:68:4a:7a:4b:ed:c1:fc:71:
         fe:10:a6:a0:c5:5a:ea:0e:4c:6e:c2:ef:14:2f:9a:1b:f9:67:
         eb:25:fb:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbW+0kYnInBH8KfLQZkl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMTMzMWVjY2Q5NmQwMmMxMDM1NzM0Y2QwMGEzOTBlODMx
MWQ5NDIwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNmMDY1YzlmZDdiZDE4MGEzZjE5MGI5MWI0MzEzM2UwMDMxMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn91s/pEXrAsdFX+0+PUL7GEBEE0m
F4gvO0H3XJQmjyhMZuU8JQ4Pup8WLawhflj51OgRspcD+p+6GM6ATO1JMEikcuQS
cM0s/390TYu5NZBt8hUkQWXqmb4JPBCC19HpXeyiGho7nxAfavWx9XRJ0dBepKhW
x9mC1v2oevWHmL6Crn0SqgzSI/bu93Oxblk0JN4ywJU9koUyenrmRMsExjdJsK4N
sNn1r65wbzCsf0LVxtF3Br+DaLAwrfDHAC+OEG8XvncQeUg7sbq0f3pI1u89IIpL
54f36QprtpO7oos573jq6TdmO/VarrhRm6xZz3B6OXUH2Ps40X6H87UyXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPHPBlyf170YCj8ZC5G0MTPgAxE8MB8GA1UdIwQY
MBaAFGATMezNltAsEDVzTNAKOQ6DEdlCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUJNeDdNMlcwQ3dRTlhOTTBBbzVEb01SMlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iZjY1NmItZmY5My00NTRiLWEzOWUt
M2IxMTMxZTUwNGI4LzEvOGM4R1hKX1h2UmdLUHhrTGtiUXhNLUFERVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iZjY1NmItZmY5My00NTRiLWEzOWUtM2IxMTMxZTUwNGI4
LzEvWUJNeDdNMlcwQ3dRTlhOTTBBbzVEb01SMlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwjsYMA8E
AgACMAkDBwAqDPrAAAAwDQYJKoZIhvcNAQELBQADggEBAKOp2ukdcVPxOQsRUFYh
+Q+W29UxkYAtjB4Nglt0BQN/VS7q1eeIxQhZ0HNSiGLYVDRHLlIF7w6X5ZqMLPqj
Uuv/9VnktwIoUSi0EuVplS+9oQ6f0Rr2lqJJiLObiUGEAElmQGC6v/jMioqmutW1
FpjryrFg8r44n+oINELJcqB3UYscUyzIuq96FA1Wo5Jfb+p5KopB1Nb5CEyF/+Q7
UDZK1gvNvGQp1DY+QufcbJ7NmXYyhaMZPm4IbA4OSXSFu2Yxt0qM7Jsj7XeZkiMe
rvfBddJJTrhQxdtqVmiOj8ahBOBoSnpL7cH8cf4QpqDFWuoOTG7C7xQvmhv5Z+sl
+1M=
-----END CERTIFICATE-----