Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/8yDq1UpiFmrrTql2gkZEVbKYrg0.roa
File:                     8yDq1UpiFmrrTql2gkZEVbKYrg0.roa (raw, json)
Hash identifier:          MIj10mJ20oURj9CdGYst1LoLSXN8OE/SHnvd/6BnBPw=
Subject key identifier:   F3:20:EA:D5:4A:62:16:6A:EB:4E:A9:76:82:46:44:55:B2:98:AE:0D
Certificate issuer:       /CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
Certificate serial:       018CC3B72343A1EAB7ABA1D7629C6E839CC3
Authority key identifier: 5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/8yDq1UpiFmrrTql2gkZEVbKYrg0.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24731
IP address blocks:        212.71.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:23:43:a1:ea:b7:ab:a1:d7:62:9c:6e:83:9c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f320ead54a62166aeb4ea97682464455b298ae0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:08:c4:99:1b:61:e3:ed:8f:c0:65:56:b5:58:
                    b5:6b:6e:b1:b3:89:83:5a:25:0c:8b:76:1d:1e:ca:
                    eb:52:20:fd:f1:ea:53:9a:d6:51:c0:91:cd:44:f0:
                    11:04:ff:19:7d:d1:eb:07:45:68:a5:95:55:6a:af:
                    55:53:e0:6b:ef:93:d5:c2:f0:44:6a:d5:45:60:b6:
                    9c:ed:fb:b1:4f:32:36:5a:50:3e:77:2a:4f:8c:76:
                    f9:af:69:94:b5:7a:ae:59:c3:f6:7c:4e:85:0f:7b:
                    73:7c:38:79:7f:3e:30:3a:c9:91:86:1d:7c:5e:8a:
                    b7:26:4f:f5:b0:d4:7c:95:55:e8:be:6f:7e:ee:fa:
                    a0:f9:de:80:9c:04:f4:f3:f1:8b:d4:4e:a9:07:b5:
                    1f:c7:3d:b8:6a:2e:dd:1a:5c:a3:47:ba:c8:27:45:
                    49:36:f6:ac:7f:2b:72:4c:47:d9:3d:e7:cf:c0:38:
                    e8:4d:9d:73:80:0e:f9:1a:59:62:89:7c:af:37:03:
                    df:67:b0:af:32:99:69:40:7b:fe:df:10:21:ad:e3:
                    40:b2:af:e4:e1:39:6f:07:bf:02:98:19:6e:29:ca:
                    40:0a:6f:7e:85:3f:fb:de:6d:c1:10:8b:a4:e4:5f:
                    47:52:51:57:62:49:01:ab:ee:e5:94:a7:02:ff:e4:
                    86:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:20:EA:D5:4A:62:16:6A:EB:4E:A9:76:82:46:44:55:B2:98:AE:0D
            X509v3 Authority Key Identifier:
                keyid:5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/8yDq1UpiFmrrTql2gkZEVbKYrg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.71.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:69:48:ff:e2:29:de:c0:b4:65:d2:66:7f:06:d0:b2:b0:58:
         d7:a4:c1:6a:ee:76:96:90:a8:68:2e:34:7e:36:63:e4:c3:b4:
         dd:79:27:9f:69:c4:2e:2b:59:92:cd:8c:8b:a9:fd:23:40:55:
         03:ef:df:e7:5c:92:40:17:15:5a:4c:c3:c4:de:fa:fc:80:4b:
         bb:6b:65:8a:12:56:e0:f4:03:4f:94:44:df:e5:70:56:81:be:
         dc:16:e7:65:64:6e:d7:76:9c:52:57:07:de:f5:b6:e5:59:fc:
         3a:ac:37:ab:49:f2:2d:a1:c3:1a:2b:b5:5a:46:6e:03:56:ec:
         66:e1:15:cc:18:ac:67:c4:30:b1:7e:e9:6f:17:16:51:69:c7:
         a8:f7:aa:af:15:18:ba:cd:05:37:39:fe:a0:67:f0:7f:ed:70:
         79:a4:51:78:db:3e:3d:2c:07:29:81:65:51:b9:fa:d8:a2:a8:
         68:dd:9a:ea:2f:57:65:7f:b8:1f:07:b4:54:8d:57:9a:29:94:
         17:a6:ef:43:66:66:90:2e:12:d1:10:1a:33:ca:7f:28:25:a8:
         91:84:38:4b:40:51:37:f2:07:d4:13:9b:13:11:b2:9c:c4:9d:
         f8:d2:41:3d:fa:58:f4:6d:97:b5:c9:0c:b6:ca:57:7e:f3:c5:
         ff:90:7d:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyNDoeq3q6HXYpxug5zDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjY2RlY2ExNzFlNDIyYzc5YzkzOGMyNzMyYTkwZDQ4YThj
NTNjMDYwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzIwZWFkNTRhNjIxNjZhZWI0ZWE5NzY4MjQ2NDQ1NWIyOThhZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwjEmRth4+2PwGVWtVi1a26xs4mD
WiUMi3YdHsrrUiD98epTmtZRwJHNRPARBP8ZfdHrB0VopZVVaq9VU+Br75PVwvBE
atVFYLac7fuxTzI2WlA+dypPjHb5r2mUtXquWcP2fE6FD3tzfDh5fz4wOsmRhh18
Xoq3Jk/1sNR8lVXovm9+7vqg+d6AnAT08/GL1E6pB7Ufxz24ai7dGlyjR7rIJ0VJ
NvasfytyTEfZPefPwDjoTZ1zgA75GlliiXyvNwPfZ7CvMplpQHv+3xAhreNAsq/k
4TlvB78CmBluKcpACm9+hT/73m3BEIuk5F9HUlFXYkkBq+7llKcC/+SGhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMg6tVKYhZq606pdoJGRFWymK4NMB8GA1UdIwQY
MBaAFFzN7KFx5CLHnJOMJzKpDUioxTwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUt
YTg4MWVjODIyOGI1LzEvOHlEcTFVcGlGbXJyVHFsMmdrWkVWYktZcmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUtYTg4MWVjODIyOGI1
LzEvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EczMA0G
CSqGSIb3DQEBCwUAA4IBAQCVaUj/4inewLRl0mZ/BtCysFjXpMFq7naWkKhoLjR+
NmPkw7TdeSefacQuK1mSzYyLqf0jQFUD79/nXJJAFxVaTMPE3vr8gEu7a2WKElbg
9ANPlETf5XBWgb7cFudlZG7XdpxSVwfe9bblWfw6rDerSfItocMaK7VaRm4DVuxm
4RXMGKxnxDCxfulvFxZRaceo96qvFRi6zQU3Of6gZ/B/7XB5pFF42z49LAcpgWVR
ufrYoqho3ZrqL1dlf7gfB7RUjVeaKZQXpu9DZmaQLhLREBozyn8oJaiRhDhLQFE3
8gfUE5sTEbKcxJ340kE9+lj0bZe1yQy2yld+88X/kH3U
-----END CERTIFICATE-----