Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/A0s9auIzadwK2ruoWV5MyH8AeRk.roa
File:                     A0s9auIzadwK2ruoWV5MyH8AeRk.roa (raw, json)
Hash identifier:          EK/Uwg38Bltbk72ASXNYe3BnPnFwlw4dgt2PUIDnvrM=
Subject key identifier:   03:4B:3D:6A:E2:33:69:DC:0A:DA:BB:A8:59:5E:4C:C8:7F:00:79:19
Certificate issuer:       /CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
Certificate serial:       018FB9407DD3DAB1CF123397B1232C5F94D8
Authority key identifier: 42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/A0s9auIzadwK2ruoWV5MyH8AeRk.roa
Signing time:             Mon 27 May 2024 08:52:42 +0000
ROA not before:           Mon 27 May 2024 08:52:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.8.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b9:40:7d:d3:da:b1:cf:12:33:97:b1:23:2c:5f:94:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
        Validity
            Not Before: May 27 08:52:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=034b3d6ae23369dc0adabba8595e4cc87f007919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f0:7a:06:8a:ae:52:ae:91:18:f4:7c:0f:bf:
                    11:3a:ec:b3:15:ef:f0:83:dd:8b:fd:c4:7f:eb:fc:
                    19:e0:78:de:54:a6:41:21:f9:01:df:5d:7d:e9:bd:
                    05:c0:89:ba:9f:dc:80:a4:5e:92:17:d8:4f:73:02:
                    18:ab:cc:10:9b:52:5e:4d:a0:9e:ab:2b:75:77:17:
                    1b:fa:f1:f6:18:5e:a9:4c:87:c2:9c:39:58:88:a1:
                    3d:94:26:82:b4:1c:95:6c:62:2e:e0:eb:61:93:ca:
                    1a:a8:fe:70:a3:54:e3:a8:6c:09:93:2e:ca:36:2d:
                    5c:ec:a6:56:d0:3f:f9:68:c6:24:94:31:14:ff:1c:
                    a7:b7:0e:e9:bc:77:45:79:5d:13:f8:79:b4:45:9b:
                    65:32:60:02:9e:61:9b:5c:40:f2:60:7e:7e:7d:80:
                    34:da:ee:0f:fb:a2:be:c2:4c:62:c6:10:93:b2:9e:
                    7e:7c:77:42:5d:42:72:a2:5d:e5:bb:ce:10:2e:4c:
                    c5:e5:e5:c7:c1:31:34:4f:1a:77:d1:b3:9c:a9:e3:
                    dd:e1:c2:d1:56:1d:78:e5:23:b7:4a:7f:2b:7a:41:
                    8f:ee:fd:dd:33:91:0b:99:7e:55:e1:a7:d4:c8:0d:
                    a4:22:5d:ba:f9:45:26:76:3b:e0:e1:58:2c:ee:88:
                    49:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4B:3D:6A:E2:33:69:DC:0A:DA:BB:A8:59:5E:4C:C8:7F:00:79:19
            X509v3 Authority Key Identifier:
                keyid:42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/A0s9auIzadwK2ruoWV5MyH8AeRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:bc:3f:73:34:cf:9e:19:f1:78:7d:38:7c:1f:90:bc:ba:04:
         9b:7d:65:d9:41:e7:b5:00:39:9f:a4:9c:4c:69:4b:e5:af:c0:
         84:58:56:7a:7a:cf:ce:36:70:f0:24:5b:d8:6f:73:d6:ab:13:
         a2:d5:d8:3e:8b:12:2a:3c:36:d4:ca:aa:9d:e8:e2:11:e7:f0:
         e1:e7:e4:00:85:bc:25:bc:ee:cc:1d:54:6f:91:bf:06:05:7f:
         d1:ad:00:ef:4c:d3:46:30:75:64:65:87:d4:29:4f:b6:92:91:
         f9:f8:6a:61:85:8a:58:7f:aa:fb:5a:51:a5:26:b8:67:18:c0:
         3a:04:dc:d5:68:1c:76:ca:21:ab:41:44:29:39:be:78:b5:57:
         d9:49:52:77:98:09:75:c3:a9:78:3a:7e:6d:a4:21:bd:63:0b:
         4c:11:df:c2:34:04:e1:1e:6c:ec:d0:a8:11:af:eb:fb:9a:ba:
         a0:a3:ad:47:2e:13:a1:6d:4a:8f:30:4a:f6:44:d3:b5:06:3d:
         ab:e5:eb:71:3a:db:87:24:7f:31:e2:f7:d7:b0:a7:ff:20:0c:
         ec:ee:a9:f7:36:1b:7a:8d:40:d4:b5:23:2b:ae:80:f0:f3:7a:
         b9:36:41:77:1f:41:a4:7c:27:99:d8:f6:55:29:df:24:07:7d:
         1b:41:08:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+5QH3T2rHPEjOXsSMsX5TYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOWIxY2YyMWQyMGY4YzZmOTQ2NDFlMzMyN2U0NTU1ZTJl
NDExMDIwHhcNMjQwNTI3MDg1MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRiM2Q2YWUyMzM2OWRjMGFkYWJiYTg1OTVlNGNjODdmMDA3OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPB6BoquUq6RGPR8D78ROuyzFe/w
g92L/cR/6/wZ4HjeVKZBIfkB31196b0FwIm6n9yApF6SF9hPcwIYq8wQm1JeTaCe
qyt1dxcb+vH2GF6pTIfCnDlYiKE9lCaCtByVbGIu4Othk8oaqP5wo1TjqGwJky7K
Ni1c7KZW0D/5aMYklDEU/xyntw7pvHdFeV0T+Hm0RZtlMmACnmGbXEDyYH5+fYA0
2u4P+6K+wkxixhCTsp5+fHdCXUJyol3lu84QLkzF5eXHwTE0Txp30bOcqePd4cLR
Vh145SO3Sn8rekGP7v3dM5ELmX5V4afUyA2kIl26+UUmdjvg4Vgs7ohJ0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANLPWriM2ncCtq7qFleTMh/AHkZMB8GA1UdIwQY
MBaAFEKbHPIdIPjG+UZB4zJ+RVXi5BECMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3Yzgt
ZTU2ZTczODM4MGRlLzEvQTBzOWF1SXphZHdLMnJ1b1dWNU15SDhBZVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3YzgtZTU2ZTczODM4MGRl
LzEvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQiPMA0G
CSqGSIb3DQEBCwUAA4IBAQB5vD9zNM+eGfF4fTh8H5C8ugSbfWXZQee1ADmfpJxM
aUvlr8CEWFZ6es/ONnDwJFvYb3PWqxOi1dg+ixIqPDbUyqqd6OIR5/Dh5+QAhbwl
vO7MHVRvkb8GBX/RrQDvTNNGMHVkZYfUKU+2kpH5+GphhYpYf6r7WlGlJrhnGMA6
BNzVaBx2yiGrQUQpOb54tVfZSVJ3mAl1w6l4On5tpCG9YwtMEd/CNAThHmzs0KgR
r+v7mrqgo61HLhOhbUqPMEr2RNO1Bj2r5etxOtuHJH8x4vfXsKf/IAzs7qn3Nht6
jUDUtSMrroDw83q5NkF3H0GkfCeZ2PZVKd8kB30bQQg9
-----END CERTIFICATE-----