Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/8fOhyEA-UyuO0GMB7bEfNd5KDBM.roa
File:                     8fOhyEA-UyuO0GMB7bEfNd5KDBM.roa (raw, json)
Hash identifier:          dpRCdYuBU8qZNOlbDe8pNJAbH1/NMkPTZmEMmbNR5Tw=
Subject key identifier:   F1:F3:A1:C8:40:3E:53:2B:8E:D0:63:01:ED:B1:1F:35:DE:4A:0C:13
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018D6A871DA8013D900823AC204079487B1D
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/8fOhyEA-UyuO0GMB7bEfNd5KDBM.roa
Signing time:             Fri 02 Feb 2024 15:54:16 +0000
ROA not before:           Fri 02 Feb 2024 15:54:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42635
IP address blocks:        85.204.36.0/24 maxlen: 24
                          185.253.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:87:1d:a8:01:3d:90:08:23:ac:20:40:79:48:7b:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Feb  2 15:54:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1f3a1c8403e532b8ed06301edb11f35de4a0c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:42:3a:b3:c7:1a:8c:a3:49:d0:a2:08:63:8a:
                    12:dd:9f:2d:89:a3:87:3b:98:23:b6:48:29:39:6d:
                    28:84:d6:83:ab:fc:d9:53:3a:20:74:57:b3:82:85:
                    b6:55:5c:93:bb:c8:83:0a:05:53:ae:ff:10:6a:02:
                    7f:35:55:75:25:e5:b3:19:b3:d0:f6:d6:88:a0:6e:
                    d1:bd:e2:af:a1:e8:ce:c3:3e:36:69:03:50:4c:dc:
                    25:d1:69:47:1b:eb:5a:08:5e:61:57:0f:3b:19:f6:
                    a0:9e:a3:6b:48:b0:af:1b:bf:aa:03:95:e6:b3:5a:
                    10:b2:bc:fe:bf:82:a6:57:13:f8:10:2a:a9:0c:52:
                    50:ef:65:bc:22:cd:ed:68:09:a1:3f:d4:2d:52:06:
                    fb:9c:4d:ef:ac:f8:23:08:f0:64:cc:e0:9c:fd:1d:
                    08:82:e4:11:90:f3:93:a1:a0:a8:a7:99:00:ca:a3:
                    d8:af:10:4c:80:5f:b7:6f:aa:0b:f5:5e:18:86:e8:
                    9f:20:82:59:21:c8:10:cd:48:7d:0d:50:4b:36:f3:
                    c7:81:4f:a6:0a:3c:a7:4a:8e:82:db:33:b3:41:6b:
                    4c:7c:45:ce:f4:a0:c9:1c:5d:f1:64:af:6f:f1:87:
                    1b:2c:e2:89:72:75:41:b9:50:fa:e9:15:16:65:2b:
                    00:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F3:A1:C8:40:3E:53:2B:8E:D0:63:01:ED:B1:1F:35:DE:4A:0C:13
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/8fOhyEA-UyuO0GMB7bEfNd5KDBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.36.0/24
                  185.253.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:db:e9:32:9f:3f:0a:0c:27:34:b0:8b:e0:e1:fe:ce:20:91:
         8e:c5:84:af:6d:57:70:9b:86:0c:ed:e9:30:ba:64:97:59:4e:
         11:fa:ac:1b:7d:3e:f7:5d:f4:60:a8:85:13:24:fe:d7:b3:a3:
         38:28:3b:9f:7a:e6:59:f5:f3:99:e8:2f:f2:72:b2:86:22:4f:
         80:11:b9:28:14:9b:12:44:e7:80:58:35:99:49:02:a0:aa:12:
         97:b2:3a:1b:fe:75:12:e1:e3:e2:bf:05:d5:f9:75:f7:c2:fd:
         42:48:70:66:de:6a:60:b8:b5:b8:55:18:d2:2f:e6:2b:b5:3c:
         76:0d:75:c6:4d:75:84:33:a4:26:6c:16:80:69:7b:36:50:19:
         bb:8e:9c:8e:a1:77:f2:9e:55:ad:76:5f:b7:b2:26:55:e9:c6:
         8b:ee:d9:d5:91:81:ff:e8:0f:11:57:f7:e3:c6:dd:ee:6c:69:
         c4:9d:ce:4d:c2:e6:f1:56:ad:e0:cc:87:40:6c:e3:21:e7:a1:
         ab:23:6f:a8:3d:f5:05:68:02:ea:4d:5b:8d:88:76:ad:21:5a:
         e3:6f:64:cb:70:ff:1a:2d:7b:75:71:ce:32:9a:5a:fc:69:69:
         e1:49:07:57:68:1c:98:00:3d:15:0d:df:2a:72:d8:f1:93:69:
         8c:ff:12:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1qhx2oAT2QCCOsIEB5SHsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMjAyMTU1NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWYzYTFjODQwM2U1MzJiOGVkMDYzMDFlZGIxMWYzNWRlNGEwYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUI6s8cajKNJ0KIIY4oS3Z8tiaOH
O5gjtkgpOW0ohNaDq/zZUzogdFezgoW2VVyTu8iDCgVTrv8QagJ/NVV1JeWzGbPQ
9taIoG7RveKvoejOwz42aQNQTNwl0WlHG+taCF5hVw87GfagnqNrSLCvG7+qA5Xm
s1oQsrz+v4KmVxP4ECqpDFJQ72W8Is3taAmhP9QtUgb7nE3vrPgjCPBkzOCc/R0I
guQRkPOToaCop5kAyqPYrxBMgF+3b6oL9V4YhuifIIJZIcgQzUh9DVBLNvPHgU+m
CjynSo6C2zOzQWtMfEXO9KDJHF3xZK9v8YcbLOKJcnVBuVD66RUWZSsAMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPHzochAPlMrjtBjAe2xHzXeSgwTMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvOGZPaHlFQS1VeXVPMEdNQjdiRWZOZDVLREJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcwkAwQA
uf04MA0GCSqGSIb3DQEBCwUAA4IBAQAt2+kynz8KDCc0sIvg4f7OIJGOxYSvbVdw
m4YM7ekwumSXWU4R+qwbfT73XfRgqIUTJP7Xs6M4KDufeuZZ9fOZ6C/ycrKGIk+A
EbkoFJsSROeAWDWZSQKgqhKXsjob/nUS4ePivwXV+XX3wv1CSHBm3mpguLW4VRjS
L+YrtTx2DXXGTXWEM6QmbBaAaXs2UBm7jpyOoXfynlWtdl+3siZV6caL7tnVkYH/
6A8RV/fjxt3ubGnEnc5NwubxVq3gzIdAbOMh56GrI2+oPfUFaALqTVuNiHatIVrj
b2TLcP8aLXt1cc4ymlr8aWnhSQdXaByYAD0VDd8qctjxk2mM/xI0
-----END CERTIFICATE-----