Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8dRFBxE7q7wYj5Gn_IZMeSxa7Q0.roa
File:                     8dRFBxE7q7wYj5Gn_IZMeSxa7Q0.roa (raw, json)
Hash identifier:          0iyoldQs0UzbfYTDSjyE/7C446a3IWX9kaNVDAWoKp0=
Subject key identifier:   F1:D4:45:07:11:3B:AB:BC:18:8F:91:A7:FC:86:4C:79:2C:5A:ED:0D
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C68B033128084DE761C32AFA8827
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8dRFBxE7q7wYj5Gn_IZMeSxa7Q0.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62563
IP address blocks:        193.108.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c6:8b:03:31:28:08:4d:e7:61:c3:2a:fa:88:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d44507113babbc188f91a7fc864c792c5aed0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:51:ba:2e:c3:3a:e1:98:92:ed:46:30:11:
                    b8:3d:55:05:e3:a8:52:8c:0e:b7:d7:fb:f0:54:1e:
                    23:9e:af:af:d0:17:fc:e9:75:a7:5d:c0:04:f2:c3:
                    7d:54:8e:81:47:88:4e:9e:a1:15:ba:ec:29:17:2c:
                    d8:87:ef:2e:ad:c0:e0:4d:ab:de:3a:f8:b9:cc:97:
                    63:92:43:dc:2c:42:3c:74:ba:38:bc:a1:a5:55:56:
                    89:e5:ec:e3:ab:57:2a:ba:ce:f5:0d:0d:71:6b:35:
                    8e:90:bb:04:65:78:90:a9:a7:f3:d2:b3:96:1a:2e:
                    58:62:88:3f:8f:09:58:2f:4e:06:2b:a7:fc:02:41:
                    1d:4d:87:b0:33:72:77:d7:a6:6c:de:7f:b0:a8:02:
                    65:af:ab:c5:23:cc:be:71:03:92:89:f1:ba:a5:9f:
                    a8:ef:e7:19:70:2c:cf:66:5e:51:4d:49:16:90:41:
                    33:af:0c:d9:bc:18:f3:f3:59:62:74:61:88:a1:b7:
                    d3:38:bd:97:8f:11:cb:2f:0f:1a:04:6b:31:6b:88:
                    8c:53:74:43:20:95:a2:b6:82:f0:a7:b5:c5:c8:bd:
                    74:8d:c4:73:e6:12:6c:b6:45:9c:6e:68:d9:6b:46:
                    e3:44:15:30:24:a6:bb:62:a8:7f:0c:e9:47:b9:86:
                    92:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D4:45:07:11:3B:AB:BC:18:8F:91:A7:FC:86:4C:79:2C:5A:ED:0D
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/8dRFBxE7q7wYj5Gn_IZMeSxa7Q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:9a:a9:da:5b:7e:a2:b0:2c:ef:8f:5f:3e:0c:33:37:d2:73:
         ee:6f:6b:d9:2c:aa:c0:82:80:66:78:13:08:a9:95:62:bf:1a:
         aa:86:c9:fa:49:01:5f:f7:31:80:40:e3:e8:fd:21:29:48:8f:
         59:ce:04:9e:c4:0a:ee:f1:88:32:84:59:42:ae:c6:f5:14:d7:
         36:b9:1b:77:d5:82:b7:f8:3e:11:6b:88:1b:60:0f:e0:a9:6f:
         8b:dd:56:c7:62:a5:44:e1:72:07:be:75:14:a8:4d:83:93:83:
         bb:95:fa:e4:38:74:17:f7:6f:ee:3d:8b:4f:6d:73:59:0b:0d:
         62:ed:0d:ed:38:ad:2c:7d:86:af:cd:6a:56:db:b4:ba:f5:05:
         dc:4e:77:fe:05:a3:9b:d8:75:5a:9b:df:26:08:7f:3b:45:43:
         f9:19:ac:da:c1:36:1c:c9:7d:3e:eb:86:93:91:3c:44:ce:24:
         f6:80:80:33:f3:32:b3:f2:52:65:31:37:ba:ff:94:92:05:14:
         8b:f8:3f:8f:24:98:b0:82:cc:31:d2:d5:a1:dd:75:7a:f1:b7:
         ba:af:94:82:27:2f:7d:3f:ce:76:5a:e8:60:68:63:41:5f:da:
         73:05:68:0a:1e:5b:c8:e5:9a:15:ca:8d:a5:11:9b:de:ca:39:
         da:cb:97:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMaLAzEoCE3nYcMq+ognMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ0NDUwNzExM2JhYmJjMTg4ZjkxYTdmYzg2NGM3OTJjNWFlZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKFRui7DOuGYku1GMBG4PVUF46hS
jA631/vwVB4jnq+v0Bf86XWnXcAE8sN9VI6BR4hOnqEVuuwpFyzYh+8urcDgTave
Ovi5zJdjkkPcLEI8dLo4vKGlVVaJ5ezjq1cqus71DQ1xazWOkLsEZXiQqafz0rOW
Gi5YYog/jwlYL04GK6f8AkEdTYewM3J316Zs3n+wqAJlr6vFI8y+cQOSifG6pZ+o
7+cZcCzPZl5RTUkWkEEzrwzZvBjz81lidGGIobfTOL2XjxHLLw8aBGsxa4iMU3RD
IJWitoLwp7XFyL10jcRz5hJstkWcbmjZa0bjRBUwJKa7Yqh/DOlHuYaSmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHURQcRO6u8GI+Rp/yGTHksWu0NMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvOGRSRkJ4RTdxN3dZajVHbl9JWk1lU3hhN1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw6MA0G
CSqGSIb3DQEBCwUAA4IBAQAhmqnaW36isCzvj18+DDM30nPub2vZLKrAgoBmeBMI
qZVivxqqhsn6SQFf9zGAQOPo/SEpSI9ZzgSexAru8YgyhFlCrsb1FNc2uRt31YK3
+D4Ra4gbYA/gqW+L3VbHYqVE4XIHvnUUqE2Dk4O7lfrkOHQX92/uPYtPbXNZCw1i
7Q3tOK0sfYavzWpW27S69QXcTnf+BaOb2HVam98mCH87RUP5GazawTYcyX0+64aT
kTxEziT2gIAz8zKz8lJlMTe6/5SSBRSL+D+PJJiwgswx0tWh3XV68be6r5SCJy99
P852WuhgaGNBX9pzBWgKHlvI5ZoVyo2lEZveyjnay5fK
-----END CERTIFICATE-----