Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/ts8oWbm-GyTy2BwekQxC2uvEJ6o.roa
File:                     ts8oWbm-GyTy2BwekQxC2uvEJ6o.roa (raw, json)
Hash identifier:          DKp/5VbolZtc4iGvgJievpGfU95yCUEB9YsRImMUDe0=
Subject key identifier:   B6:CF:28:59:B9:BE:1B:24:F2:D8:1C:1E:91:0C:42:DA:EB:C4:27:AA
Certificate issuer:       /CN=7f56f28948c832f2d434bb44d5de0ea122601b05
Certificate serial:       018CC5DBFB91F4BAC83F405DA4FC9A40E5A1
Authority key identifier: 7F:56:F2:89:48:C8:32:F2:D4:34:BB:44:D5:DE:0E:A1:22:60:1B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/ts8oWbm-GyTy2BwekQxC2uvEJ6o.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.40.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fb:91:f4:ba:c8:3f:40:5d:a4:fc:9a:40:e5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f56f28948c832f2d434bb44d5de0ea122601b05
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6cf2859b9be1b24f2d81c1e910c42daebc427aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:55:23:0e:7b:11:f6:9d:7b:bf:73:1e:f2:35:
                    7d:51:e8:af:7f:40:eb:e7:ad:5e:f5:c7:2b:41:53:
                    67:5e:7f:3b:15:47:ab:9c:c0:aa:ff:d4:37:b3:d3:
                    82:08:99:38:c7:6a:3e:99:8a:76:c3:c4:71:1e:d2:
                    11:91:59:ed:95:a7:08:88:1d:e4:3e:fb:61:39:ca:
                    11:38:21:c8:5d:af:7b:fa:88:18:13:b5:36:1f:d1:
                    06:fd:e2:3d:03:08:2c:17:b0:25:b4:ea:64:8f:b0:
                    e0:2d:60:3c:9b:2a:9e:45:a7:21:bb:2e:9a:22:ee:
                    58:9c:d0:96:4f:0a:8b:65:a3:08:a7:63:86:3b:52:
                    c7:73:1e:e4:bc:f9:f2:8c:7f:98:b4:b1:3c:81:0c:
                    09:3d:b0:de:e2:6a:b7:41:27:50:df:8d:61:b7:30:
                    26:39:df:00:dd:6e:b5:50:d3:6b:d1:2f:8c:40:1d:
                    17:d5:56:d7:f9:3e:0b:fd:e7:94:77:66:ed:41:be:
                    41:0b:56:60:17:3e:14:9d:4e:21:ea:8d:7f:87:90:
                    fa:0d:05:a6:27:39:62:30:ac:44:a3:d3:0d:9f:cf:
                    65:c9:14:54:65:10:23:7c:c8:bb:73:9d:2f:d5:39:
                    31:95:b6:20:a3:34:86:f6:01:0d:b3:15:3a:c7:8f:
                    69:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:CF:28:59:B9:BE:1B:24:F2:D8:1C:1E:91:0C:42:DA:EB:C4:27:AA
            X509v3 Authority Key Identifier:
                keyid:7F:56:F2:89:48:C8:32:F2:D4:34:BB:44:D5:DE:0E:A1:22:60:1B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1byiUjIMvLUNLtE1d4OoSJgGwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/ts8oWbm-GyTy2BwekQxC2uvEJ6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/21fbca-80e0-4b8c-8622-4e86ad64f774/1/f1byiUjIMvLUNLtE1d4OoSJgGwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:c6:9a:7f:b5:6a:b2:7f:6c:ca:5c:91:36:9a:9c:cb:ea:1b:
         36:fe:3f:c7:e2:ab:52:4b:93:f0:18:75:f9:14:02:21:1f:64:
         aa:95:c0:24:0a:98:ed:b2:88:82:91:10:f1:3e:a6:4b:3c:c5:
         99:b5:2b:8f:f3:a8:01:e1:c8:45:46:7c:d1:0e:8b:3a:5d:bc:
         01:21:85:ee:f4:f0:e8:40:b8:c3:9e:6d:24:fc:08:71:87:77:
         b6:dc:fa:d3:f7:84:17:6c:9d:11:a2:f5:4f:0c:b3:eb:9d:47:
         6d:43:24:93:51:91:88:82:61:6e:46:08:2d:c5:22:ec:c0:57:
         45:48:ac:a4:ea:e5:af:13:d3:ca:27:5e:7f:4d:5e:84:7b:3c:
         8d:42:8c:ad:21:65:d3:2d:11:a9:c8:98:72:0a:01:59:78:14:
         dc:86:4b:d8:85:e7:2f:fc:ee:dd:9f:1a:0c:0d:68:7f:66:5b:
         28:83:39:91:01:d5:da:df:03:5c:a1:84:3f:ab:cf:6f:b3:61:
         56:9c:47:3e:1a:b8:c7:f5:fb:d2:7a:46:91:4b:fe:92:bf:ac:
         f1:16:00:93:b9:3d:ff:a7:ea:4b:e1:bb:3e:2b:c8:73:64:c7:
         3e:71:0b:96:dd:af:ed:9c:58:68:0d:fc:96:83:34:c8:de:a1:
         a7:b4:f9:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/uR9LrIP0BdpPyaQOWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTZmMjg5NDhjODMyZjJkNDM0YmI0NGQ1ZGUwZWExMjI2
MDFiMDUwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmNmMjg1OWI5YmUxYjI0ZjJkODFjMWU5MTBjNDJkYWViYzQyN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilUjDnsR9p17v3Me8jV9Ueivf0Dr
561e9ccrQVNnXn87FUernMCq/9Q3s9OCCJk4x2o+mYp2w8RxHtIRkVntlacIiB3k
PvthOcoROCHIXa97+ogYE7U2H9EG/eI9AwgsF7AltOpkj7DgLWA8myqeRachuy6a
Iu5YnNCWTwqLZaMIp2OGO1LHcx7kvPnyjH+YtLE8gQwJPbDe4mq3QSdQ341htzAm
Od8A3W61UNNr0S+MQB0X1VbX+T4L/eeUd2btQb5BC1ZgFz4UnU4h6o1/h5D6DQWm
JzliMKxEo9MNn89lyRRUZRAjfMi7c50v1TkxlbYgozSG9gENsxU6x49pJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbPKFm5vhsk8tgcHpEMQtrrxCeqMB8GA1UdIwQY
MBaAFH9W8olIyDLy1DS7RNXeDqEiYBsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFieWlVaklNdkxVTkx0RTFkNE9vU0pnR3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yMWZiY2EtODBlMC00YjhjLTg2MjIt
NGU4NmFkNjRmNzc0LzEvdHM4b1dibS1HeVR5MkJ3ZWtReEMydXZFSjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yMWZiY2EtODBlMC00YjhjLTg2MjItNGU4NmFkNjRmNzc0
LzEvZjFieWlVaklNdkxVTkx0RTFkNE9vU0pnR3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuShuMA0G
CSqGSIb3DQEBCwUAA4IBAQCNxpp/tWqyf2zKXJE2mpzL6hs2/j/H4qtSS5PwGHX5
FAIhH2SqlcAkCpjtsoiCkRDxPqZLPMWZtSuP86gB4chFRnzRDos6XbwBIYXu9PDo
QLjDnm0k/Ahxh3e23PrT94QXbJ0RovVPDLPrnUdtQySTUZGIgmFuRggtxSLswFdF
SKyk6uWvE9PKJ15/TV6EezyNQoytIWXTLRGpyJhyCgFZeBTchkvYhecv/O7dnxoM
DWh/ZlsogzmRAdXa3wNcoYQ/q89vs2FWnEc+GrjH9fvSekaRS/6Sv6zxFgCTuT3/
p+pL4bs+K8hzZMc+cQuW3a/tnFhoDfyWgzTI3qGntPlY
-----END CERTIFICATE-----