Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/0a8FN8FTIEbSVMU9dR7kj1MMHSU.roa
File:                     0a8FN8FTIEbSVMU9dR7kj1MMHSU.roa (raw, json)
Hash identifier:          G4EOAkoERx1fOcRd2uiBPN9D/u0llTSpzQXBwIz0iqQ=
Subject key identifier:   D1:AF:05:37:C1:53:20:46:D2:54:C5:3D:75:1E:E4:8F:53:0C:1D:25
Certificate issuer:       /CN=8af7f32d33f6646779a51fb23201c6442d1451ca
Certificate serial:       018CC3B74736B2F9FAE1BDD9065B00168562
Authority key identifier: 8A:F7:F3:2D:33:F6:64:67:79:A5:1F:B2:32:01:C6:44:2D:14:51:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivfzLTP2ZGd5pR-yMgHGRC0UUco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/0a8FN8FTIEbSVMU9dR7kj1MMHSU.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        195.242.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/ivfzLTP2ZGd5pR-yMgHGRC0UUco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/ivfzLTP2ZGd5pR-yMgHGRC0UUco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivfzLTP2ZGd5pR-yMgHGRC0UUco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:36:b2:f9:fa:e1:bd:d9:06:5b:00:16:85:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8af7f32d33f6646779a51fb23201c6442d1451ca
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1af0537c1532046d254c53d751ee48f530c1d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0e:c4:ec:8d:68:f2:04:b6:34:ed:16:5a:ac:
                    9c:03:fc:ba:42:a0:97:fe:59:cb:12:59:aa:6f:64:
                    37:8c:9a:54:c1:6a:b5:02:9a:c9:a9:d7:05:c0:41:
                    ef:0a:ea:95:6f:11:26:b6:85:a4:89:bd:75:89:0e:
                    12:c0:fe:e8:c1:8c:6b:9a:38:63:d4:45:cf:d1:24:
                    53:6a:74:93:55:2b:f6:36:32:d9:fd:8d:28:ed:88:
                    18:25:5f:fe:65:26:42:98:ab:f4:37:bb:0e:2d:77:
                    93:ab:a3:c4:40:36:3e:2b:5b:e2:47:54:19:17:dd:
                    d2:4a:42:7e:8a:02:94:9e:cf:e0:12:07:6d:f1:bb:
                    75:df:bb:d3:5a:cc:b1:96:89:55:4c:8b:93:7c:92:
                    98:1d:2c:63:7d:0a:e4:af:9f:25:bf:1f:c2:6b:5c:
                    22:88:8a:c7:2e:9b:32:7d:77:de:ce:66:1f:b3:10:
                    1e:d5:25:84:38:5d:23:f6:5e:bc:e4:ae:d5:ae:47:
                    8d:4f:1f:2b:f2:2c:7f:98:79:f1:59:f0:fd:a1:c4:
                    98:ba:d8:ec:5c:d3:16:5f:73:cd:e6:1d:a6:6a:6e:
                    21:8b:b3:db:7d:97:ff:ef:f4:52:e4:52:ec:f5:b7:
                    f6:a0:6e:9b:6a:ec:1c:b1:30:23:7d:2c:d3:ed:46:
                    e9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AF:05:37:C1:53:20:46:D2:54:C5:3D:75:1E:E4:8F:53:0C:1D:25
            X509v3 Authority Key Identifier:
                keyid:8A:F7:F3:2D:33:F6:64:67:79:A5:1F:B2:32:01:C6:44:2D:14:51:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivfzLTP2ZGd5pR-yMgHGRC0UUco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/0a8FN8FTIEbSVMU9dR7kj1MMHSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/affcbb-c1b3-444a-876c-5b72fb927d1c/1/ivfzLTP2ZGd5pR-yMgHGRC0UUco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:26:96:9c:07:3b:aa:b9:e8:df:be:b8:92:6c:26:5f:2a:2a:
         f6:2d:69:5f:c1:1c:9c:ed:7f:dc:c2:40:e2:20:5a:08:97:75:
         16:01:51:f8:85:6b:c0:b9:9f:af:3e:0a:0d:10:bc:4f:51:45:
         af:f6:5b:70:13:9a:54:d3:4c:36:91:49:dc:73:4e:d8:1e:76:
         21:1e:74:5c:08:ad:4b:94:89:a6:3f:27:3f:46:0f:d1:43:1c:
         44:8c:52:e9:c7:a5:1b:f8:59:b7:b8:ff:68:52:e0:8b:6c:4e:
         06:e9:bd:8c:24:51:85:1d:1f:a3:f2:d5:38:eb:f7:2f:b0:97:
         89:65:a9:12:7c:30:0b:09:9d:39:f6:14:ec:e3:0c:7a:37:cb:
         8c:4a:23:ef:92:d9:5d:ca:60:50:a5:33:b2:a2:41:e5:31:a8:
         0e:0e:14:2f:49:4b:05:a0:6c:23:bb:22:99:70:9f:1b:4b:48:
         3e:cf:ff:ce:c2:dd:b8:e0:28:cc:14:9b:2b:42:87:1f:3c:b9:
         a6:70:c6:4f:80:f4:42:72:2e:3a:12:ce:85:f8:bd:20:43:36:
         90:24:bf:01:d7:4d:1b:4f:63:67:f6:d9:35:51:79:f3:6d:4a:
         ce:0b:d0:dc:9a:ca:63:85:b3:0e:f8:ea:06:35:92:34:d2:39:
         d2:06:dc:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0c2svn64b3ZBlsAFoViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZjdmMzJkMzNmNjY0Njc3OWE1MWZiMjMyMDFjNjQ0MmQx
NDUxY2EwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWFmMDUzN2MxNTMyMDQ2ZDI1NGM1M2Q3NTFlZTQ4ZjUzMGMxZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig7E7I1o8gS2NO0WWqycA/y6QqCX
/lnLElmqb2Q3jJpUwWq1AprJqdcFwEHvCuqVbxEmtoWkib11iQ4SwP7owYxrmjhj
1EXP0SRTanSTVSv2NjLZ/Y0o7YgYJV/+ZSZCmKv0N7sOLXeTq6PEQDY+K1viR1QZ
F93SSkJ+igKUns/gEgdt8bt137vTWsyxlolVTIuTfJKYHSxjfQrkr58lvx/Ca1wi
iIrHLpsyfXfezmYfsxAe1SWEOF0j9l685K7VrkeNTx8r8ix/mHnxWfD9ocSYutjs
XNMWX3PN5h2mam4hi7PbfZf/7/RS5FLs9bf2oG6bauwcsTAjfSzT7UbpCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGvBTfBUyBG0lTFPXUe5I9TDB0lMB8GA1UdIwQY
MBaAFIr38y0z9mRneaUfsjIBxkQtFFHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZmekxUUDJaR2Q1cFIteU1nSEdSQzBVVWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hZmZjYmItYzFiMy00NDRhLTg3NmMt
NWI3MmZiOTI3ZDFjLzEvMGE4Rk44RlRJRWJTVk1VOWRSN2tqMU1NSFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hZmZjYmItYzFiMy00NDRhLTg3NmMtNWI3MmZiOTI3ZDFj
LzEvaXZmekxUUDJaR2Q1cFIteU1nSEdSQzBVVWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/KMMA0G
CSqGSIb3DQEBCwUAA4IBAQAKJpacBzuquejfvriSbCZfKir2LWlfwRyc7X/cwkDi
IFoIl3UWAVH4hWvAuZ+vPgoNELxPUUWv9ltwE5pU00w2kUncc07YHnYhHnRcCK1L
lImmPyc/Rg/RQxxEjFLpx6Ub+Fm3uP9oUuCLbE4G6b2MJFGFHR+j8tU46/cvsJeJ
ZakSfDALCZ059hTs4wx6N8uMSiPvktldymBQpTOyokHlMagODhQvSUsFoGwjuyKZ
cJ8bS0g+z//Owt244CjMFJsrQocfPLmmcMZPgPRCci46Es6F+L0gQzaQJL8B100b
T2Nn9tk1UXnzbUrOC9DcmspjhbMO+OoGNZI00jnSBtwK
-----END CERTIFICATE-----