Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/C8OaCtYcfeqV4Hu9sOEwMX9zdto.roa
File:                     C8OaCtYcfeqV4Hu9sOEwMX9zdto.roa (raw, json)
Hash identifier:          fMz7VURfThuB66TWPc75iV0ObABjalRcHHmQiWFE86s=
Subject key identifier:   0B:C3:9A:0A:D6:1C:7D:EA:95:E0:7B:BD:B0:E1:30:31:7F:73:76:DA
Certificate issuer:       /CN=8cbcf9374380ebd185d2118f551c8559ae233541
Certificate serial:       018CC492DFBB205F1B0D75CD6AE5E7BBD7D8
Authority key identifier: 8C:BC:F9:37:43:80:EB:D1:85:D2:11:8F:55:1C:85:59:AE:23:35:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jLz5N0OA69GF0hGPVRyFWa4jNUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/C8OaCtYcfeqV4Hu9sOEwMX9zdto.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206610
IP address blocks:        195.178.124.0/22 maxlen: 24
                          195.178.124.0/24 maxlen: 24
                          2a07:fe80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/jLz5N0OA69GF0hGPVRyFWa4jNUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/jLz5N0OA69GF0hGPVRyFWa4jNUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jLz5N0OA69GF0hGPVRyFWa4jNUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:df:bb:20:5f:1b:0d:75:cd:6a:e5:e7:bb:d7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cbcf9374380ebd185d2118f551c8559ae233541
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc39a0ad61c7dea95e07bbdb0e130317f7376da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6a:42:15:ed:12:95:41:d9:56:87:0c:01:6e:
                    77:6e:36:0f:05:70:4c:0a:b7:e0:d9:25:31:c2:aa:
                    65:09:29:68:9c:99:0e:14:8d:cb:84:e5:bd:f6:c1:
                    00:31:37:bc:da:8a:47:83:b0:4a:eb:b0:92:ca:0e:
                    9f:fc:87:a8:ba:ea:d1:3b:39:2f:ff:54:bf:77:b9:
                    2a:28:85:9e:42:d7:7c:e5:1e:08:81:df:8c:05:d6:
                    48:fa:ea:c2:f1:6f:56:f9:69:46:4f:22:a1:65:23:
                    e4:d6:17:bb:b7:83:65:80:81:7a:c2:ba:9e:f5:4b:
                    4d:cc:5a:ca:47:cc:a0:9d:13:aa:73:c2:d2:08:5b:
                    95:df:d8:28:23:e2:07:48:71:ba:cd:6b:82:97:7e:
                    5d:bd:17:bb:33:ca:73:b4:96:f5:48:4c:3d:12:82:
                    b4:1d:29:fd:e4:f9:cf:e9:a5:fe:5c:fa:33:e8:ce:
                    6b:45:ce:a8:ca:bc:ec:0c:36:23:49:8a:2c:d7:69:
                    03:da:4f:59:fc:78:bb:19:14:42:54:1a:2d:db:4c:
                    4f:98:82:cf:79:dc:e9:5a:f6:e8:c6:7a:01:84:64:
                    b3:fc:41:6c:a5:2d:69:8b:de:d5:3d:2f:15:b2:85:
                    d9:1c:5c:c3:d3:39:99:8e:45:f6:4d:2e:1f:eb:d2:
                    0a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C3:9A:0A:D6:1C:7D:EA:95:E0:7B:BD:B0:E1:30:31:7F:73:76:DA
            X509v3 Authority Key Identifier:
                keyid:8C:BC:F9:37:43:80:EB:D1:85:D2:11:8F:55:1C:85:59:AE:23:35:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jLz5N0OA69GF0hGPVRyFWa4jNUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/C8OaCtYcfeqV4Hu9sOEwMX9zdto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89a1f0-69dc-4c13-b97b-35203d6b0d57/1/jLz5N0OA69GF0hGPVRyFWa4jNUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.124.0/22
                IPv6:
                  2a07:fe80::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:65:a8:ff:e5:69:2f:65:51:fc:36:53:7b:11:a1:c4:93:0b:
         f4:fd:bb:cd:64:d0:2b:9a:05:7c:c9:1e:04:40:79:4e:00:df:
         65:df:3c:f0:30:15:34:18:67:1f:f2:97:a6:83:fb:4d:f5:86:
         49:20:52:65:d5:20:b3:59:35:c9:38:9f:96:f0:d7:fe:97:6e:
         63:2d:bb:d4:bb:d7:2f:3b:e0:c3:f0:69:80:09:08:f4:f8:9d:
         d1:91:4b:94:98:51:5a:ab:8b:ae:72:67:62:3e:9e:c8:1d:9a:
         3c:44:c2:40:78:40:84:01:eb:43:04:58:ce:db:31:2c:6e:05:
         19:73:fa:fa:ad:82:58:75:8e:23:d6:5a:a6:21:ab:44:fc:0b:
         8f:34:4e:1f:ac:95:fb:ff:34:95:09:b2:b3:9a:71:00:e3:6d:
         e6:3e:a6:46:cb:41:c8:ca:56:a6:c2:d5:5a:75:56:05:80:e0:
         84:5e:b4:09:6f:12:d1:26:3e:60:a9:23:b6:3e:b7:15:25:78:
         32:53:76:de:e8:3d:3d:0e:1c:85:2e:14:c2:ef:04:88:fe:2f:
         42:b5:1c:ba:ed:17:a5:78:ae:74:0f:89:9f:26:4f:bf:0b:25:
         fd:c5:c9:ad:ca:a4:07:71:a9:7d:35:5e:74:e6:9f:00:6d:29:
         c5:86:7e:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkt+7IF8bDXXNauXnu9fYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjYmNmOTM3NDM4MGViZDE4NWQyMTE4ZjU1MWM4NTU5YWUy
MzM1NDEwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmMzOWEwYWQ2MWM3ZGVhOTVlMDdiYmRiMGUxMzAzMTdmNzM3NmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2pCFe0SlUHZVocMAW53bjYPBXBM
Crfg2SUxwqplCSlonJkOFI3LhOW99sEAMTe82opHg7BK67CSyg6f/IeouurROzkv
/1S/d7kqKIWeQtd85R4Igd+MBdZI+urC8W9W+WlGTyKhZSPk1he7t4NlgIF6wrqe
9UtNzFrKR8ygnROqc8LSCFuV39goI+IHSHG6zWuCl35dvRe7M8pztJb1SEw9EoK0
HSn95PnP6aX+XPoz6M5rRc6oyrzsDDYjSYos12kD2k9Z/Hi7GRRCVBot20xPmILP
edzpWvboxnoBhGSz/EFspS1pi97VPS8VsoXZHFzD0zmZjkX2TS4f69IKkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAvDmgrWHH3qleB7vbDhMDF/c3baMB8GA1UdIwQY
MBaAFIy8+TdDgOvRhdIRj1UchVmuIzVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakx6NU4wT0E2OUdGMGhHUFZSeUZXYTRqTlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC84OWExZjAtNjlkYy00YzEzLWI5N2It
MzUyMDNkNmIwZDU3LzEvQzhPYUN0WWNmZXFWNEh1OXNPRXdNWDl6ZHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC84OWExZjAtNjlkYy00YzEzLWI5N2ItMzUyMDNkNmIwZDU3
LzEvakx6NU4wT0E2OUdGMGhHUFZSeUZXYTRqTlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCw7J8MA0E
AgACMAcDBQMqB/6AMA0GCSqGSIb3DQEBCwUAA4IBAQAlZaj/5WkvZVH8NlN7EaHE
kwv0/bvNZNArmgV8yR4EQHlOAN9l3zzwMBU0GGcf8pemg/tN9YZJIFJl1SCzWTXJ
OJ+W8Nf+l25jLbvUu9cvO+DD8GmACQj0+J3RkUuUmFFaq4uucmdiPp7IHZo8RMJA
eECEAetDBFjO2zEsbgUZc/r6rYJYdY4j1lqmIatE/AuPNE4frJX7/zSVCbKzmnEA
423mPqZGy0HIylamwtVadVYFgOCEXrQJbxLRJj5gqSO2PrcVJXgyU3be6D09DhyF
LhTC7wSI/i9CtRy67ReleK50D4mfJk+/CyX9xcmtyqQHcal9NV505p8AbSnFhn7q
-----END CERTIFICATE-----