Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/8s4IkYO9ZNc9rJp7RxCM3Qs3iO4.roa
File:                     8s4IkYO9ZNc9rJp7RxCM3Qs3iO4.roa (raw, json)
Hash identifier:          dHJKL/D6M5rRqAd5fbvGNtB3b0VvA+cXK1LxnmBsL5A=
Subject key identifier:   F2:CE:08:91:83:BD:64:D7:3D:AC:9A:7B:47:10:8C:DD:0B:37:88:EE
Certificate issuer:       /CN=090fac7852b42d1e6b1c3f0f29d13ce5e9ecb2d6
Certificate serial:       018CC64B003E98E74D75356F53BB3484B56D
Authority key identifier: 09:0F:AC:78:52:B4:2D:1E:6B:1C:3F:0F:29:D1:3C:E5:E9:EC:B2:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CQ-seFK0LR5rHD8PKdE85ensstY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/8s4IkYO9ZNc9rJp7RxCM3Qs3iO4.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24837
IP address blocks:        185.108.196.0/23 maxlen: 23
                          185.108.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/CQ-seFK0LR5rHD8PKdE85ensstY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/CQ-seFK0LR5rHD8PKdE85ensstY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CQ-seFK0LR5rHD8PKdE85ensstY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:00:3e:98:e7:4d:75:35:6f:53:bb:34:84:b5:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=090fac7852b42d1e6b1c3f0f29d13ce5e9ecb2d6
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2ce089183bd64d73dac9a7b47108cdd0b3788ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:07:ac:cb:8a:7a:58:1e:e3:38:26:f7:0d:69:
                    a2:a8:82:ff:11:bf:eb:37:e1:5f:af:3b:43:53:d9:
                    fc:78:73:ce:43:5f:35:59:e9:f9:17:45:7a:bf:7f:
                    b6:be:3c:31:6f:d5:3a:58:e7:8a:9f:db:84:7b:7f:
                    f6:70:16:02:9e:08:66:cc:cc:d3:a8:2f:77:92:3d:
                    0e:3e:dc:b8:ad:a3:e7:d2:f9:c8:16:88:11:14:88:
                    48:97:fd:37:a6:8c:c5:f5:58:4e:96:2a:3a:d9:80:
                    19:67:2a:9d:c6:10:4b:4f:c4:9c:b3:68:ad:b3:16:
                    54:83:f7:41:2d:d9:69:7a:ec:d6:da:6c:d5:ef:b9:
                    b0:f6:64:55:e5:68:01:4f:eb:78:1f:00:f5:86:b9:
                    36:f8:af:b5:84:11:2e:65:2c:f8:b0:f1:82:5a:d5:
                    9d:ee:11:18:6b:5f:e6:29:1b:c8:17:ce:6a:21:e1:
                    1c:e6:cb:5a:d8:38:9b:5f:f9:b1:3e:af:04:5d:74:
                    b0:73:2b:cf:59:56:28:08:34:9e:e5:f2:ae:ce:b8:
                    36:65:1a:52:30:c1:1b:94:f7:4a:8a:f5:2f:ce:2a:
                    3d:1b:af:c5:ef:b5:aa:b1:5b:35:53:03:96:2b:b1:
                    4a:88:4b:e9:1e:4f:ea:40:c9:18:b3:11:a7:5f:15:
                    df:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CE:08:91:83:BD:64:D7:3D:AC:9A:7B:47:10:8C:DD:0B:37:88:EE
            X509v3 Authority Key Identifier:
                keyid:09:0F:AC:78:52:B4:2D:1E:6B:1C:3F:0F:29:D1:3C:E5:E9:EC:B2:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CQ-seFK0LR5rHD8PKdE85ensstY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/8s4IkYO9ZNc9rJp7RxCM3Qs3iO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8710ba-fb59-466b-9e6b-e898681bc89e/1/CQ-seFK0LR5rHD8PKdE85ensstY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:24:29:b6:0e:7f:87:d6:62:99:63:c6:6d:7b:7a:9b:ad:dc:
         dd:5e:22:39:62:98:e2:91:5f:86:7f:d3:7e:5e:31:b8:b7:1c:
         1b:81:b9:a3:2a:8d:64:d1:b5:90:d5:06:c2:f3:60:c2:d2:92:
         3b:83:67:1b:98:5a:5a:3d:70:65:e7:83:52:b1:30:da:f8:4d:
         fa:7e:39:72:89:b8:e0:bf:1d:b8:64:4b:92:d4:bf:54:d2:02:
         b8:06:b6:09:e1:7c:08:c0:1c:07:91:85:18:3c:ec:2b:12:22:
         80:4b:cb:07:2e:81:cd:7e:51:35:a2:e9:ee:23:82:c1:af:a9:
         f0:95:c7:d5:53:34:e8:34:40:d9:91:e4:37:39:cf:1f:0c:43:
         62:66:fa:4b:8e:d0:fb:60:d6:2e:a2:d4:94:d8:e3:fa:a2:2a:
         03:75:88:9c:2d:bb:4c:51:2b:c4:35:c9:68:d1:8a:9a:81:5e:
         01:ba:3b:99:00:26:fd:72:d0:ec:fd:85:97:7a:25:22:d1:c5:
         ba:db:b3:de:e3:41:f0:2d:b3:19:da:55:ef:0f:88:bb:c9:51:
         f2:e5:2b:18:1f:cf:b1:10:d9:a3:54:39:62:4f:10:8b:1d:3f:
         80:52:b3:36:c4:ec:0e:c4:be:32:a7:5e:8a:0a:61:5e:f8:f6:
         ff:14:5b:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwA+mOdNdTVvU7s0hLVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MGZhYzc4NTJiNDJkMWU2YjFjM2YwZjI5ZDEzY2U1ZTll
Y2IyZDYwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNlMDg5MTgzYmQ2NGQ3M2RhYzlhN2I0NzEwOGNkZDBiMzc4OGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwesy4p6WB7jOCb3DWmiqIL/Eb/r
N+FfrztDU9n8eHPOQ181Wen5F0V6v3+2vjwxb9U6WOeKn9uEe3/2cBYCnghmzMzT
qC93kj0OPty4raPn0vnIFogRFIhIl/03pozF9VhOlio62YAZZyqdxhBLT8Scs2it
sxZUg/dBLdlpeuzW2mzV77mw9mRV5WgBT+t4HwD1hrk2+K+1hBEuZSz4sPGCWtWd
7hEYa1/mKRvIF85qIeEc5sta2DibX/mxPq8EXXSwcyvPWVYoCDSe5fKuzrg2ZRpS
MMEblPdKivUvzio9G6/F77WqsVs1UwOWK7FKiEvpHk/qQMkYsxGnXxXfhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLOCJGDvWTXPayae0cQjN0LN4juMB8GA1UdIwQY
MBaAFAkPrHhStC0eaxw/DynRPOXp7LLWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1Etc2VGSzBMUjVySEQ4UEtkRTg1ZW5zc3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84NzEwYmEtZmI1OS00NjZiLTllNmIt
ZTg5ODY4MWJjODllLzEvOHM0SWtZTzlaTmM5ckpwN1J4Q00zUXMzaU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84NzEwYmEtZmI1OS00NjZiLTllNmItZTg5ODY4MWJjODll
LzEvQ1Etc2VGSzBMUjVySEQ4UEtkRTg1ZW5zc3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWzEMA0G
CSqGSIb3DQEBCwUAA4IBAQAFJCm2Dn+H1mKZY8Zte3qbrdzdXiI5YpjikV+Gf9N+
XjG4txwbgbmjKo1k0bWQ1QbC82DC0pI7g2cbmFpaPXBl54NSsTDa+E36fjlyibjg
vx24ZEuS1L9U0gK4BrYJ4XwIwBwHkYUYPOwrEiKAS8sHLoHNflE1ounuI4LBr6nw
lcfVUzToNEDZkeQ3Oc8fDENiZvpLjtD7YNYuotSU2OP6oioDdYicLbtMUSvENclo
0YqagV4BujuZACb9ctDs/YWXeiUi0cW627Pe40HwLbMZ2lXvD4i7yVHy5SsYH8+x
ENmjVDliTxCLHT+AUrM2xOwOxL4yp16KCmFe+Pb/FFsV
-----END CERTIFICATE-----