Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8PJu-JG0pT_WcO1XzSzol8NYD1o.roa
File:                     8PJu-JG0pT_WcO1XzSzol8NYD1o.roa (raw, json)
Hash identifier:          jSWtbpqBPbsCKbp/WREnCbYAiPd3Lr0B57r7DuDvY04=
Subject key identifier:   F0:F2:6E:F8:91:B4:A5:3F:D6:70:ED:57:CD:2C:E8:97:C3:58:0F:5A
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256A1DC1705E6D1AEAB121D703D93A
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8PJu-JG0pT_WcO1XzSzol8NYD1o.roa
Signing time:             Mon 01 Jan 2024 08:30:35 +0000
ROA not before:           Mon 01 Jan 2024 08:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206446
IP address blocks:        193.31.29.0/24 maxlen: 24
                          194.56.227.0/24 maxlen: 24
                          185.186.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6a:1d:c1:70:5e:6d:1a:ea:b1:21:d7:03:d9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0f26ef891b4a53fd670ed57cd2ce897c3580f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:68:28:3f:a2:8b:0d:1e:41:9b:9b:3c:42:d1:
                    29:60:57:19:c6:8c:9d:5e:5b:8e:98:cd:fd:e8:a3:
                    37:11:d2:59:90:35:ef:d7:56:21:80:e8:52:27:40:
                    4c:c9:78:c1:c3:d3:ee:18:b0:78:c4:08:f4:ea:3d:
                    94:6d:22:d3:69:c9:45:d6:76:8f:d1:89:2e:7e:50:
                    df:01:ab:37:3c:c2:1d:72:dd:64:3e:36:d4:5f:a5:
                    1b:41:a9:99:5a:6d:19:72:2e:83:e0:87:63:9b:2d:
                    13:17:63:87:40:58:0f:1b:7e:4d:a0:ab:c7:3b:d6:
                    1a:ec:aa:26:3d:5f:58:c4:7a:02:64:9f:cf:ee:34:
                    66:7d:3e:f9:9b:c3:c7:82:55:a2:a1:f4:98:15:dd:
                    b5:7e:82:5e:65:32:18:79:c8:49:89:72:f0:19:fb:
                    31:d4:d3:ce:f2:9c:d4:4c:ca:1f:ef:d8:39:a7:c2:
                    e4:4c:9d:4c:8c:3d:fa:94:ac:83:f8:d5:98:97:4c:
                    aa:72:df:e8:1a:2e:20:b9:9f:96:da:5f:81:5b:54:
                    2a:e5:21:b0:c9:63:d0:bc:c0:57:21:3b:ad:bf:3e:
                    22:e4:29:8b:d1:21:70:84:df:df:68:c9:99:82:11:
                    53:98:44:a4:2a:3e:93:9d:b9:47:23:a0:50:7b:4f:
                    cd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F2:6E:F8:91:B4:A5:3F:D6:70:ED:57:CD:2C:E8:97:C3:58:0F:5A
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8PJu-JG0pT_WcO1XzSzol8NYD1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.66.0/24
                  193.31.29.0/24
                  194.56.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c3:59:2c:3c:97:8a:01:0d:dd:b4:b9:bb:84:e1:f1:44:6c:
         32:d4:47:1c:93:5d:32:b2:de:d8:77:89:46:7c:67:a9:a5:60:
         99:63:b8:0b:52:e3:54:f1:c2:3a:02:94:b0:4d:5c:6f:05:4d:
         47:e7:fc:6a:ae:35:1b:62:3b:27:7e:40:12:04:9a:a8:ea:ae:
         b8:ea:94:4d:bb:5e:ca:0b:f5:c4:42:f9:2c:6b:ef:32:b8:16:
         3e:c6:d0:51:bb:a5:43:36:1f:5b:33:f1:b2:5a:85:64:6f:fd:
         65:96:c8:e1:69:2c:99:8f:41:ff:2b:19:e4:65:0f:50:4e:74:
         90:01:0a:49:90:eb:69:7a:67:f9:b5:8e:de:1b:35:e7:47:78:
         50:85:1c:ad:05:ac:7a:17:4f:be:45:9c:4a:5f:55:62:31:ad:
         e4:c8:55:a8:75:97:e2:cc:45:da:db:46:9f:d9:17:42:9a:01:
         4b:58:5d:26:96:29:ef:82:24:24:62:10:0b:79:b4:1a:ea:59:
         ed:39:45:93:d0:d2:0d:ad:e2:05:0a:db:e7:1b:37:11:29:15:
         a6:e8:9d:7a:80:b0:2c:45:4e:45:fb:30:71:1c:e4:21:88:25:
         fd:93:a0:41:ee:27:da:1a:d3:56:ee:d8:59:89:73:2d:9a:9a:
         05:79:88:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJWodwXBebRrqsSHXA9k6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGYyNmVmODkxYjRhNTNmZDY3MGVkNTdjZDJjZTg5N2MzNTgwZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGgoP6KLDR5Bm5s8QtEpYFcZxoyd
XluOmM396KM3EdJZkDXv11YhgOhSJ0BMyXjBw9PuGLB4xAj06j2UbSLTaclF1naP
0YkuflDfAas3PMIdct1kPjbUX6UbQamZWm0Zci6D4Idjmy0TF2OHQFgPG35NoKvH
O9Ya7KomPV9YxHoCZJ/P7jRmfT75m8PHglWiofSYFd21foJeZTIYechJiXLwGfsx
1NPO8pzUTMof79g5p8LkTJ1MjD36lKyD+NWYl0yqct/oGi4guZ+W2l+BW1Qq5SGw
yWPQvMBXITutvz4i5CmL0SFwhN/faMmZghFTmESkKj6TnblHI6BQe0/NkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPDybviRtKU/1nDtV80s6JfDWA9aMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvOFBKdS1KRzBwVF9XY08xWHpTem9sOE5ZRDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAubpCAwQA
wR8dAwQAwjjjMA0GCSqGSIb3DQEBCwUAA4IBAQCRw1ksPJeKAQ3dtLm7hOHxRGwy
1Ecck10yst7Yd4lGfGeppWCZY7gLUuNU8cI6ApSwTVxvBU1H5/xqrjUbYjsnfkAS
BJqo6q646pRNu17KC/XEQvksa+8yuBY+xtBRu6VDNh9bM/GyWoVkb/1llsjhaSyZ
j0H/KxnkZQ9QTnSQAQpJkOtpemf5tY7eGzXnR3hQhRytBax6F0++RZxKX1ViMa3k
yFWodZfizEXa20af2RdCmgFLWF0mlinvgiQkYhALebQa6lntOUWT0NINreIFCtvn
GzcRKRWm6J16gLAsRU5F+zBxHOQhiCX9k6BB7ifaGtNW7thZiXMtmpoFeYhU
-----END CERTIFICATE-----