Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/B8lj5un_puvuye0Jfja_t9BgW5c.roa
File:                     B8lj5un_puvuye0Jfja_t9BgW5c.roa (raw, json)
Hash identifier:          P3LqNv75xlB3xC5sjcxegt8GHKKY/+KuvQkmY3h/s0Y=
Subject key identifier:   07:C9:63:E6:E9:FF:A6:EB:EE:C9:ED:09:7E:36:BF:B7:D0:60:5B:97
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       01922A8F9FFA6445AF63C9049E09F83B4CC3
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/B8lj5un_puvuye0Jfja_t9BgW5c.roa
Signing time:             Wed 25 Sep 2024 19:01:48 +0000
ROA not before:           Wed 25 Sep 2024 19:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.151.146.0/24 maxlen: 24
                          185.179.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2a:8f:9f:fa:64:45:af:63:c9:04:9e:09:f8:3b:4c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Sep 25 19:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07c963e6e9ffa6ebeec9ed097e36bfb7d0605b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5a:85:94:90:32:79:f6:b3:b0:7a:39:aa:ba:
                    2f:d3:9c:d5:49:12:b3:ee:2b:65:61:bb:f9:16:e1:
                    2e:0f:11:d6:2f:fe:23:80:4a:a6:09:64:b7:a3:b0:
                    a2:aa:53:7f:d1:6e:1e:7e:5c:e4:3c:48:25:a9:81:
                    aa:42:0b:6a:8e:2d:83:19:83:8f:3e:6d:d0:6a:83:
                    03:51:d7:6f:1a:d4:38:a5:ba:df:30:51:63:a7:03:
                    d7:ec:fa:cf:6f:8d:3e:4c:12:39:97:f6:f9:77:88:
                    b0:52:26:ef:11:7c:f2:fa:87:42:15:38:be:e5:45:
                    06:81:e1:61:35:b0:51:34:b9:69:0b:c8:74:87:5c:
                    ef:85:87:71:40:af:77:fa:c5:fb:09:e7:1e:25:c8:
                    34:b6:e0:4f:66:58:c1:3f:5e:f6:3e:38:d2:d2:d3:
                    ed:5f:8f:09:2a:b4:d2:ac:9b:fe:3f:d3:45:e4:13:
                    84:8f:d5:35:be:93:f1:27:b6:c6:2f:0b:42:46:df:
                    6c:20:15:fa:85:ce:f8:53:31:33:0b:7f:58:0d:e8:
                    56:92:b0:93:30:33:85:0b:54:98:77:97:f2:72:bc:
                    68:6f:f4:ac:35:3e:bd:68:17:54:1a:a6:d1:52:2a:
                    2d:53:9b:51:30:9b:18:73:01:6c:9e:ab:08:a3:91:
                    57:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C9:63:E6:E9:FF:A6:EB:EE:C9:ED:09:7E:36:BF:B7:D0:60:5B:97
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/B8lj5un_puvuye0Jfja_t9BgW5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24
                  185.179.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:7a:52:1b:f7:33:0a:30:bd:6c:43:2d:b9:69:85:a6:b1:d3:
         1b:13:7c:cb:c8:ee:e3:ab:40:57:4e:65:d1:22:fd:d0:ad:7e:
         ca:d1:0a:12:ae:9e:2f:80:33:4c:9d:ae:58:68:0e:a3:4c:78:
         c8:56:27:f5:e9:fa:96:01:63:a8:86:33:d5:ff:19:5c:26:1b:
         89:e2:b7:5a:68:bd:f9:5b:88:c7:55:2d:ea:8a:e0:24:a4:69:
         0a:69:45:67:3c:27:5b:6c:c2:39:e9:2c:13:31:bc:ec:54:5b:
         b8:3e:11:79:13:0a:05:e5:08:3f:d4:6e:4b:f1:53:dc:7b:df:
         ed:ab:04:c2:bb:5c:4e:04:a9:79:12:9a:76:3b:07:64:fc:b7:
         c6:e3:e2:99:5d:4a:ee:12:bc:1d:65:ee:af:e3:34:b3:c3:61:
         12:6d:7f:03:9d:be:77:06:f5:ef:0c:e2:43:12:3d:75:77:9d:
         75:e0:b7:b3:5c:1a:15:3d:b7:14:5f:8d:4b:c2:cb:af:07:40:
         ba:7a:53:73:df:0f:8e:49:7c:7b:4c:38:e4:45:83:22:26:85:
         32:9f:e0:d8:35:99:e9:1f:8c:85:8e:80:e1:a6:0d:2a:30:41:
         17:7b:aa:f6:de:fc:27:0b:8a:d0:cc:52:b6:cb:91:ef:4a:ca:
         97:53:fc:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIqj5/6ZEWvY8kEngn4O0zDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjQwOTI1MTkwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M5NjNlNmU5ZmZhNmViZWVjOWVkMDk3ZTM2YmZiN2QwNjA1Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlqFlJAyefazsHo5qrov05zVSRKz
7itlYbv5FuEuDxHWL/4jgEqmCWS3o7CiqlN/0W4eflzkPEglqYGqQgtqji2DGYOP
Pm3QaoMDUddvGtQ4pbrfMFFjpwPX7PrPb40+TBI5l/b5d4iwUibvEXzy+odCFTi+
5UUGgeFhNbBRNLlpC8h0h1zvhYdxQK93+sX7CeceJcg0tuBPZljBP172PjjS0tPt
X48JKrTSrJv+P9NF5BOEj9U1vpPxJ7bGLwtCRt9sIBX6hc74UzEzC39YDehWkrCT
MDOFC1SYd5fycrxob/SsNT69aBdUGqbRUiotU5tRMJsYcwFsnqsIo5FXYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAfJY+bp/6br7sntCX42v7fQYFuXMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvQjhsajV1bl9wdXZ1eWUwSmZqYV90OUJnVzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZeSAwQA
ubNbMA0GCSqGSIb3DQEBCwUAA4IBAQA5elIb9zMKML1sQy25aYWmsdMbE3zLyO7j
q0BXTmXRIv3QrX7K0QoSrp4vgDNMna5YaA6jTHjIVif16fqWAWOohjPV/xlcJhuJ
4rdaaL35W4jHVS3qiuAkpGkKaUVnPCdbbMI56SwTMbzsVFu4PhF5EwoF5Qg/1G5L
8VPce9/tqwTCu1xOBKl5Epp2Owdk/LfG4+KZXUruErwdZe6v4zSzw2ESbX8Dnb53
BvXvDOJDEj11d5114LezXBoVPbcUX41LwsuvB0C6elNz3w+OSXx7TDjkRYMiJoUy
n+DYNZnpH4yFjoDhpg0qMEEXe6r23vwnC4rQzFK2y5HvSsqXU/xY
-----END CERTIFICATE-----