Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/c8B8Z2MJYnm_1EP-xs4DOnaI0Ig.roa
File:                     c8B8Z2MJYnm_1EP-xs4DOnaI0Ig.roa (raw, json)
Hash identifier:          am3II446sNueGxoDB0TCbjTMoOAhiEp0y+dl+zyEeoU=
Subject key identifier:   73:C0:7C:67:63:09:62:79:BF:D4:43:FE:C6:CE:03:3A:76:88:D0:88
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42566A49A25260E65C0FAB95DF764AD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/c8B8Z2MJYnm_1EP-xs4DOnaI0Ig.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202562
IP address blocks:        185.186.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:66:a4:9a:25:26:0e:65:c0:fa:b9:5d:f7:64:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c07c6763096279bfd443fec6ce033a7688d088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:54:5b:e2:46:d7:8b:8a:ee:8f:71:0b:3c:6f:
                    1d:2e:e9:05:d6:cc:ff:08:d3:1a:6d:be:00:aa:5b:
                    e4:30:e4:57:fe:7b:58:00:8e:05:07:5f:84:9a:d5:
                    2d:cf:b9:29:ad:98:3b:b0:86:33:7c:53:5e:e5:aa:
                    c5:36:89:36:b7:64:8c:48:cb:5d:e4:02:6c:d6:ee:
                    52:a5:e2:9e:ed:30:71:a9:5d:f4:3c:44:02:37:f5:
                    be:c1:19:c4:03:64:c4:35:3a:4e:09:31:34:d7:71:
                    65:f3:4b:be:ed:57:b8:c1:31:4b:fa:30:7e:c6:9e:
                    23:33:53:e0:89:c6:05:8a:7e:79:c2:aa:c4:5d:f7:
                    b5:90:c4:82:fd:39:df:91:67:b7:cd:2a:60:c8:97:
                    af:3d:a0:72:38:0e:7c:a5:16:2f:8e:a5:a3:2e:0a:
                    ba:f6:90:bd:94:aa:24:32:2e:c0:73:ba:60:2e:a4:
                    19:5c:bd:5e:39:e5:49:4c:ed:50:0b:1d:49:d8:f1:
                    5c:13:ba:d2:6d:02:18:16:79:d0:61:1d:94:48:ee:
                    19:1c:4e:29:78:73:a7:c0:88:0d:b7:0f:0e:2c:3d:
                    38:71:02:2b:3c:9d:70:fb:f4:2c:4c:ab:97:47:62:
                    4f:61:3a:15:52:49:02:e6:87:00:30:ec:6a:ab:b5:
                    7f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C0:7C:67:63:09:62:79:BF:D4:43:FE:C6:CE:03:3A:76:88:D0:88
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/c8B8Z2MJYnm_1EP-xs4DOnaI0Ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:31:c5:c4:62:e3:23:60:f0:77:7e:32:af:f5:25:f0:a5:3b:
         34:e9:91:97:6a:98:bd:83:73:ea:99:6b:19:0d:70:58:f3:1b:
         27:1f:83:95:b0:e1:a6:a8:2e:76:e2:d1:c2:3d:cc:f0:bb:e0:
         8e:67:b5:f2:cd:cd:d3:e0:d3:f8:20:1f:a6:88:23:ca:5c:42:
         aa:e9:e0:fa:75:b2:5b:5c:a3:90:a4:aa:62:a0:cc:34:ab:dd:
         55:ef:a1:15:2b:69:2f:3c:13:84:10:78:c7:6a:f1:74:e4:ab:
         94:75:97:fc:f5:3c:0e:84:7c:9f:09:34:f7:f2:d2:1d:05:8f:
         80:69:34:d7:da:15:41:fa:f2:b9:32:91:92:e4:8a:a2:85:04:
         94:48:6c:47:6a:65:09:db:1e:5b:5a:bd:80:00:3a:87:9d:ab:
         ff:bb:e4:7c:15:0a:a4:39:99:58:6b:a3:39:10:16:43:9e:fa:
         d1:6a:6d:b6:19:61:4f:33:27:1f:5b:c5:a1:fb:3f:59:1b:62:
         53:61:17:ba:52:13:e9:08:be:5e:8e:8e:50:90:ad:e5:d8:02:
         be:33:1b:5d:56:51:77:f1:b9:e4:e8:ce:4d:df:6f:69:01:03:
         5a:fe:46:d7:17:a6:8c:6d:54:85:42:ea:47:b3:aa:77:62:91:
         f1:35:98:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWakmiUmDmXA+rld92StMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2MwN2M2NzYzMDk2Mjc5YmZkNDQzZmVjNmNlMDMzYTc2ODhkMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVRb4kbXi4ruj3ELPG8dLukF1sz/
CNMabb4AqlvkMORX/ntYAI4FB1+EmtUtz7kprZg7sIYzfFNe5arFNok2t2SMSMtd
5AJs1u5SpeKe7TBxqV30PEQCN/W+wRnEA2TENTpOCTE013Fl80u+7Ve4wTFL+jB+
xp4jM1PgicYFin55wqrEXfe1kMSC/TnfkWe3zSpgyJevPaByOA58pRYvjqWjLgq6
9pC9lKokMi7Ac7pgLqQZXL1eOeVJTO1QCx1J2PFcE7rSbQIYFnnQYR2USO4ZHE4p
eHOnwIgNtw8OLD04cQIrPJ1w+/QsTKuXR2JPYToVUkkC5ocAMOxqq7V/jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPAfGdjCWJ5v9RD/sbOAzp2iNCIMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvYzhCOFoyTUpZbm1fMUVQLXhzNERPbmFJMElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpAMA0G
CSqGSIb3DQEBCwUAA4IBAQC2McXEYuMjYPB3fjKv9SXwpTs06ZGXapi9g3PqmWsZ
DXBY8xsnH4OVsOGmqC524tHCPczwu+COZ7Xyzc3T4NP4IB+miCPKXEKq6eD6dbJb
XKOQpKpioMw0q91V76EVK2kvPBOEEHjHavF05KuUdZf89TwOhHyfCTT38tIdBY+A
aTTX2hVB+vK5MpGS5IqihQSUSGxHamUJ2x5bWr2AADqHnav/u+R8FQqkOZlYa6M5
EBZDnvrRam22GWFPMycfW8Wh+z9ZG2JTYRe6UhPpCL5ejo5QkK3l2AK+MxtdVlF3
8bnk6M5N329pAQNa/kbXF6aMbVSFQupHs6p3YpHxNZh8
-----END CERTIFICATE-----