Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/C8SoJKFO-Dxp32Uhvgl2d7iGXFo.roa
File:                     C8SoJKFO-Dxp32Uhvgl2d7iGXFo.roa (raw, json)
Hash identifier:          bAhNX6cCyzwUpEFxMXtfN4kjmuDyMRrnZ/uJnpiC+7Q=
Subject key identifier:   0B:C4:A8:24:A1:4E:F8:3C:69:DF:65:21:BE:09:76:77:B8:86:5C:5A
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC425781E591F4CA99D9762E39EB25200
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/C8SoJKFO-Dxp32Uhvgl2d7iGXFo.roa
Signing time:             Mon 01 Jan 2024 08:30:39 +0000
ROA not before:           Mon 01 Jan 2024 08:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398779
IP address blocks:        185.227.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:78:1e:59:1f:4c:a9:9d:97:62:e3:9e:b2:52:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc4a824a14ef83c69df6521be097677b8865c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:de:b0:bd:05:65:4d:d4:85:32:31:42:13:8b:
                    ca:c1:71:00:ea:09:76:57:e0:4b:67:65:a6:9f:17:
                    ff:18:9d:4f:cf:dc:2f:34:1d:66:cc:dc:ed:25:ed:
                    b8:fc:6a:fa:45:ff:be:21:3d:4a:6a:df:aa:58:03:
                    38:b8:74:2b:32:2b:0e:9b:72:28:0d:f8:d9:c1:3c:
                    64:0f:31:fb:56:f5:62:ea:80:84:9b:ba:c6:03:88:
                    01:56:2e:85:26:21:df:cf:ec:32:26:d4:f8:d8:fd:
                    e1:fd:38:33:c3:23:cf:2e:ce:48:72:cc:80:9f:9f:
                    28:76:64:47:27:ca:b8:95:cf:6d:32:e1:c6:ee:f1:
                    29:a9:f7:9e:b1:84:0b:bf:34:d7:45:0f:86:8a:cc:
                    b6:33:aa:28:60:0a:ae:1c:fd:27:9e:20:3f:3b:19:
                    0b:68:ae:7e:0b:c9:ea:97:89:8c:84:12:47:53:3c:
                    7f:48:71:d6:a5:aa:82:77:fc:be:62:10:d2:7a:5b:
                    ed:f3:2a:5f:0a:0c:c5:e0:c2:98:67:09:96:be:04:
                    1a:ab:04:00:c6:ad:e7:fb:1a:4a:1b:1e:ab:61:a5:
                    69:61:5d:4d:b5:9b:06:13:06:31:da:95:b8:74:ac:
                    a6:c9:8b:bf:e4:33:a6:92:e3:db:02:09:68:70:bb:
                    26:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C4:A8:24:A1:4E:F8:3C:69:DF:65:21:BE:09:76:77:B8:86:5C:5A
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/C8SoJKFO-Dxp32Uhvgl2d7iGXFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:ae:24:46:85:3f:a1:db:9f:99:33:e6:e1:70:1a:33:bb:15:
         cc:ba:2c:a5:db:ad:89:42:f5:f7:14:89:88:f7:7c:ba:d7:f4:
         ba:32:e7:6b:2a:62:c4:78:80:9c:a4:09:6c:c1:09:15:2d:8f:
         d6:37:97:94:7f:b0:71:d0:e4:ac:39:ea:d7:ab:56:12:a1:50:
         c4:b0:21:57:1a:db:eb:a4:60:3d:2c:ac:ea:63:2a:4a:e2:99:
         8b:d0:b4:19:2d:8e:0f:9f:ee:3a:b9:8f:c2:ca:b2:d9:75:95:
         be:6a:22:c7:a9:30:82:67:9d:54:ef:8b:fb:82:0b:30:f9:c9:
         07:62:58:b3:55:0f:75:14:72:54:fe:69:69:11:8e:47:2b:fa:
         1b:49:10:08:5e:3e:8a:c9:77:d1:23:ff:f3:9b:15:ad:ba:ea:
         1a:bd:9c:2d:5d:92:26:d3:76:e0:61:bc:3f:28:fc:ae:dc:38:
         ba:c6:a3:5a:55:16:34:a7:e0:af:59:2f:9f:73:e4:26:7f:e9:
         b7:43:fc:6c:eb:df:1c:f5:dc:11:26:42:00:4b:b5:52:b1:7c:
         20:ea:44:bf:c0:d3:80:93:84:3a:f3:cd:09:70:ee:b1:09:32:
         f4:49:c6:bc:e7:76:bf:b1:11:38:53:12:f0:a9:ed:06:68:8c:
         e2:ea:30:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJXgeWR9MqZ2XYuOeslIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM0YTgyNGExNGVmODNjNjlkZjY1MjFiZTA5NzY3N2I4ODY1YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh96wvQVlTdSFMjFCE4vKwXEA6gl2
V+BLZ2Wmnxf/GJ1Pz9wvNB1mzNztJe24/Gr6Rf++IT1Kat+qWAM4uHQrMisOm3Io
DfjZwTxkDzH7VvVi6oCEm7rGA4gBVi6FJiHfz+wyJtT42P3h/TgzwyPPLs5IcsyA
n58odmRHJ8q4lc9tMuHG7vEpqfeesYQLvzTXRQ+Gisy2M6ooYAquHP0nniA/OxkL
aK5+C8nql4mMhBJHUzx/SHHWpaqCd/y+YhDSelvt8ypfCgzF4MKYZwmWvgQaqwQA
xq3n+xpKGx6rYaVpYV1NtZsGEwYx2pW4dKymyYu/5DOmkuPbAglocLsmgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvEqCShTvg8ad9lIb4Jdne4hlxaMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQzhTb0pLRk8tRHhwMzJVaHZnbDJkN2lHWEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueNFMA0G
CSqGSIb3DQEBCwUAA4IBAQC1riRGhT+h25+ZM+bhcBozuxXMuiyl262JQvX3FImI
93y61/S6MudrKmLEeICcpAlswQkVLY/WN5eUf7Bx0OSsOerXq1YSoVDEsCFXGtvr
pGA9LKzqYypK4pmL0LQZLY4Pn+46uY/CyrLZdZW+aiLHqTCCZ51U74v7ggsw+ckH
YlizVQ91FHJU/mlpEY5HK/obSRAIXj6KyXfRI//zmxWtuuoavZwtXZIm03bgYbw/
KPyu3Di6xqNaVRY0p+CvWS+fc+Qmf+m3Q/xs698c9dwRJkIAS7VSsXwg6kS/wNOA
k4Q6880JcO6xCTL0Sca853a/sRE4UxLwqe0GaIzi6jDo
-----END CERTIFICATE-----