Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/P8u318C0HOWwnrcPu5my8pC6xD4.roa
File:                     P8u318C0HOWwnrcPu5my8pC6xD4.roa (raw, json)
Hash identifier:          9KOY6JmmM6P+7njvAhK7EWSaG2yiy8e1iexCpFwx6+o=
Subject key identifier:   3F:CB:B7:D7:C0:B4:1C:E5:B0:9E:B7:0F:BB:99:B2:F2:90:BA:C4:3E
Certificate issuer:       /CN=854c0db0065844d9594dfe8dd8efd77ed1e493f8
Certificate serial:       018CC7272498A64A8D5F8F7F52760BD7E4D4
Authority key identifier: 85:4C:0D:B0:06:58:44:D9:59:4D:FE:8D:D8:EF:D7:7E:D1:E4:93:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUwNsAZYRNlZTf6N2O_XftHkk_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/P8u318C0HOWwnrcPu5my8pC6xD4.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25091
IP address blocks:        193.135.156.0/24 maxlen: 24
                          185.247.196.0/22 maxlen: 24
                          2a0d:cb80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/hUwNsAZYRNlZTf6N2O_XftHkk_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/hUwNsAZYRNlZTf6N2O_XftHkk_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUwNsAZYRNlZTf6N2O_XftHkk_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:24:98:a6:4a:8d:5f:8f:7f:52:76:0b:d7:e4:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854c0db0065844d9594dfe8dd8efd77ed1e493f8
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fcbb7d7c0b41ce5b09eb70fbb99b2f290bac43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:08:f9:32:26:58:3e:8c:e9:cd:66:59:eb:ca:
                    21:dc:cd:4e:e1:85:98:62:e8:d4:c7:2a:34:6a:0d:
                    b1:5e:ec:89:24:86:d8:29:db:d0:b8:4b:2a:90:e0:
                    72:98:be:e4:99:69:50:31:7f:05:ae:e2:ea:9d:75:
                    f9:c5:2c:2b:5d:25:ce:4b:30:84:c5:96:d4:d8:18:
                    ad:0c:35:f2:04:bb:82:07:ae:a7:a0:87:73:98:f3:
                    a4:e3:52:5a:7f:3c:4a:21:58:14:6d:0a:f4:14:d0:
                    1d:c4:fc:9c:54:d5:79:8a:c3:89:fc:d7:1d:d1:4a:
                    54:ee:07:e9:47:bd:b1:c0:a2:3c:dd:a1:4b:7b:21:
                    b7:64:8f:3a:67:db:8a:09:b9:7e:bb:05:d9:47:67:
                    60:e8:23:90:0b:76:69:95:6d:7d:3b:2b:9e:c8:b9:
                    02:5b:da:85:31:a3:62:2b:39:4b:31:67:f7:cc:21:
                    cd:07:37:0c:91:e2:f4:4c:e5:f4:1f:b3:a4:7b:3d:
                    4e:76:9e:60:6d:c3:aa:aa:67:fc:59:53:f6:fc:53:
                    45:76:42:f0:d8:7e:95:86:89:2a:ad:da:ad:ae:14:
                    40:13:ed:b0:ae:7c:a2:04:fb:11:69:90:ea:f9:f2:
                    7e:32:f3:78:96:89:e6:f5:5d:99:8f:dd:61:70:a1:
                    57:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CB:B7:D7:C0:B4:1C:E5:B0:9E:B7:0F:BB:99:B2:F2:90:BA:C4:3E
            X509v3 Authority Key Identifier:
                keyid:85:4C:0D:B0:06:58:44:D9:59:4D:FE:8D:D8:EF:D7:7E:D1:E4:93:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUwNsAZYRNlZTf6N2O_XftHkk_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/P8u318C0HOWwnrcPu5my8pC6xD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ec67db-c7a1-48a6-ab94-60b93595bac9/1/hUwNsAZYRNlZTf6N2O_XftHkk_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.196.0/22
                  193.135.156.0/24
                IPv6:
                  2a0d:cb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:3e:96:00:cc:69:73:dc:68:81:2f:6d:98:55:19:ed:b4:58:
         f6:d2:94:ae:09:51:07:b2:a9:1a:84:a2:2d:87:59:d3:ea:81:
         2c:b5:1d:6b:8a:6e:31:53:7c:56:17:70:6a:7c:12:f5:6a:2e:
         6a:cc:b5:d0:c4:59:ad:a4:a9:df:c4:f4:81:23:d9:dd:34:da:
         0e:34:f9:47:12:b4:0f:12:94:8f:63:97:66:f5:0a:8f:21:fe:
         77:ff:b1:2f:07:6c:0b:12:ef:da:6a:e9:07:b1:a5:9c:48:34:
         a3:03:02:4f:4c:67:62:40:74:f6:6c:8f:26:02:f0:f0:51:58:
         44:38:e0:0a:79:79:62:6a:76:ab:c9:58:80:72:72:2f:9d:16:
         65:83:c2:a3:59:0b:e8:58:6c:95:cf:ed:ef:1e:f3:f0:0e:b3:
         1f:86:b4:c1:5b:34:e3:4e:4c:a4:07:38:58:de:44:54:18:61:
         b7:cd:c7:87:dd:af:d9:b1:89:d0:92:35:57:49:67:0d:01:6d:
         ce:b2:e4:c2:bd:c5:48:cf:36:b6:41:dd:f2:d6:3e:02:0d:6c:
         ff:97:d1:0f:8d:2b:ef:1f:2b:1d:ea:f0:4c:e4:10:bb:9a:de:
         db:9a:9f:83:7c:75:49:82:43:42:9c:11:6d:74:36:dd:59:36:
         aa:2e:e0:cb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJySYpkqNX49/UnYL1+TUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGMwZGIwMDY1ODQ0ZDk1OTRkZmU4ZGQ4ZWZkNzdlZDFl
NDkzZjgwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmNiYjdkN2MwYjQxY2U1YjA5ZWI3MGZiYjk5YjJmMjkwYmFjNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAj5MiZYPozpzWZZ68oh3M1O4YWY
YujUxyo0ag2xXuyJJIbYKdvQuEsqkOBymL7kmWlQMX8FruLqnXX5xSwrXSXOSzCE
xZbU2BitDDXyBLuCB66noIdzmPOk41JafzxKIVgUbQr0FNAdxPycVNV5isOJ/Ncd
0UpU7gfpR72xwKI83aFLeyG3ZI86Z9uKCbl+uwXZR2dg6COQC3ZplW19OyueyLkC
W9qFMaNiKzlLMWf3zCHNBzcMkeL0TOX0H7Okez1Odp5gbcOqqmf8WVP2/FNFdkLw
2H6VhokqrdqtrhRAE+2wrnyiBPsRaZDq+fJ+MvN4lonm9V2Zj91hcKFXtQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD/Lt9fAtBzlsJ63D7uZsvKQusQ+MB8GA1UdIwQY
MBaAFIVMDbAGWETZWU3+jdjv137R5JP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV3TnNBWllSTmxaVGY2TjJPX1hmdEhra19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9lYzY3ZGItYzdhMS00OGE2LWFiOTQt
NjBiOTM1OTViYWM5LzEvUDh1MzE4QzBIT1d3bnJjUHU1bXk4cEM2eEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9lYzY3ZGItYzdhMS00OGE2LWFiOTQtNjBiOTM1OTViYWM5
LzEvaFV3TnNBWllSTmxaVGY2TjJPX1hmdEhra19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuffEAwQA
wYecMA0EAgACMAcDBQMqDcuAMA0GCSqGSIb3DQEBCwUAA4IBAQBZPpYAzGlz3GiB
L22YVRnttFj20pSuCVEHsqkahKIth1nT6oEstR1rim4xU3xWF3BqfBL1ai5qzLXQ
xFmtpKnfxPSBI9ndNNoONPlHErQPEpSPY5dm9QqPIf53/7EvB2wLEu/aaukHsaWc
SDSjAwJPTGdiQHT2bI8mAvDwUVhEOOAKeXlianaryViAcnIvnRZlg8KjWQvoWGyV
z+3vHvPwDrMfhrTBWzTjTkykBzhY3kRUGGG3zceH3a/ZsYnQkjVXSWcNAW3OsuTC
vcVIzza2Qd3y1j4CDWz/l9EPjSvvHysd6vBM5BC7mt7bmp+DfHVJgkNCnBFtdDbd
WTaqLuDL
-----END CERTIFICATE-----