Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/8WsEEEpSEME1nCLV-8kLVkvoLNQ.roa
File:                     8WsEEEpSEME1nCLV-8kLVkvoLNQ.roa (raw, json)
Hash identifier:          G5p+HkdeBDuP3NCYNn1lIoUBUJUkY4n/HuoyF14cfX8=
Subject key identifier:   F1:6B:04:10:4A:52:10:C1:35:9C:22:D5:FB:C9:0B:56:4B:E8:2C:D4
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC87152FAEEC81239946CA74D20F91CEC
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/8WsEEEpSEME1nCLV-8kLVkvoLNQ.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208626
IP address blocks:        95.181.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:52:fa:ee:c8:12:39:94:6c:a7:4d:20:f9:1c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f16b04104a5210c1359c22d5fbc90b564be82cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:fe:d7:48:4c:31:02:f7:f6:cc:16:bc:29:
                    80:7e:ad:45:10:6e:ef:0c:e6:69:d8:c9:35:10:fb:
                    f3:1d:1b:e3:72:68:cb:50:d7:2f:8d:ef:00:ab:e4:
                    eb:75:fd:45:aa:f4:ce:99:47:dd:fb:0e:63:ef:75:
                    39:6a:51:bb:40:b1:70:e2:bf:10:60:41:37:1e:16:
                    e5:0d:7a:62:49:b4:a0:8d:7d:a5:fa:34:44:ad:3f:
                    fb:5f:ca:88:f4:63:02:13:78:44:10:71:fa:02:26:
                    fe:09:75:8c:43:1b:50:20:de:a6:64:61:21:2f:25:
                    fe:5b:eb:05:54:d9:9d:14:77:4c:4f:81:39:7f:54:
                    79:66:e2:8d:e8:35:1c:14:2a:e8:86:e2:29:46:03:
                    96:cf:f8:3f:9d:49:fd:ad:5b:2f:71:57:02:71:4e:
                    b2:ab:9f:f9:9c:12:47:21:8b:34:b6:8c:19:5d:db:
                    a5:60:0d:82:89:fc:d2:8b:19:0d:7b:7a:de:a6:18:
                    76:26:0e:e1:5d:55:db:c7:e7:4d:9a:55:f7:e7:97:
                    f6:70:1c:05:5e:c4:f3:c1:a5:a1:37:2c:45:32:4c:
                    59:58:57:cd:7a:21:42:c1:33:7b:e2:9e:95:71:96:
                    d4:2f:0b:cf:41:79:ab:08:fb:02:b7:7c:67:3d:76:
                    c1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:6B:04:10:4A:52:10:C1:35:9C:22:D5:FB:C9:0B:56:4B:E8:2C:D4
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/8WsEEEpSEME1nCLV-8kLVkvoLNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7e:2f:27:c6:cf:bf:b8:6e:d9:be:30:60:bc:32:85:64:50:
         dd:ad:1d:cb:78:55:87:8c:7f:cd:53:38:75:0c:bc:24:ed:8c:
         cc:c3:11:6e:31:3a:51:54:1d:bd:43:68:fd:0d:c3:aa:06:16:
         20:d2:8b:93:79:81:53:73:31:5f:a6:51:0c:51:e6:2b:3c:77:
         5e:a9:0e:96:4c:47:b8:d4:50:db:53:e1:95:f2:60:6c:e5:e3:
         26:95:a2:1c:4d:61:e3:88:b1:dd:15:bb:ce:bb:79:ce:eb:f0:
         f9:43:2c:29:70:46:a8:63:f7:12:45:5c:02:c7:d9:60:b1:a6:
         40:b5:5c:df:f3:26:72:b2:64:95:4f:ad:f5:00:15:73:6e:46:
         c5:f3:c9:72:a9:e1:2b:ab:20:e4:8c:de:3c:0b:b6:63:a7:ef:
         d8:f2:cf:3f:45:db:97:14:88:07:b3:8f:71:a9:8c:46:32:24:
         e3:3b:b5:c5:db:4b:ea:ef:71:85:8e:87:fa:ae:96:69:6e:ce:
         f4:cf:e4:02:95:bb:3c:9f:12:9e:88:f8:fd:c9:9e:fc:af:b4:
         04:69:eb:21:82:d3:96:8d:7a:5b:83:63:47:5b:5b:28:94:26:
         4a:78:9e:f5:0f:c5:08:e8:39:04:9a:71:d3:c6:8f:bc:9b:53:
         d2:87:96:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVL67sgSOZRsp00g+RzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTZiMDQxMDRhNTIxMGMxMzU5YzIyZDVmYmM5MGI1NjRiZTgyY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro3+10hMMQL39swWvCmAfq1FEG7v
DOZp2Mk1EPvzHRvjcmjLUNcvje8Aq+Trdf1FqvTOmUfd+w5j73U5alG7QLFw4r8Q
YEE3HhblDXpiSbSgjX2l+jRErT/7X8qI9GMCE3hEEHH6Aib+CXWMQxtQIN6mZGEh
LyX+W+sFVNmdFHdMT4E5f1R5ZuKN6DUcFCrohuIpRgOWz/g/nUn9rVsvcVcCcU6y
q5/5nBJHIYs0towZXdulYA2CifzSixkNe3rephh2Jg7hXVXbx+dNmlX355f2cBwF
XsTzwaWhNyxFMkxZWFfNeiFCwTN74p6VcZbULwvPQXmrCPsCt3xnPXbBaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFrBBBKUhDBNZwi1fvJC1ZL6CzUMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvOFdzRUVFcFNFTUUxbkNMVi04a0xWa3ZvTE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WkMA0G
CSqGSIb3DQEBCwUAA4IBAQCGfi8nxs+/uG7ZvjBgvDKFZFDdrR3LeFWHjH/NUzh1
DLwk7YzMwxFuMTpRVB29Q2j9DcOqBhYg0ouTeYFTczFfplEMUeYrPHdeqQ6WTEe4
1FDbU+GV8mBs5eMmlaIcTWHjiLHdFbvOu3nO6/D5QywpcEaoY/cSRVwCx9lgsaZA
tVzf8yZysmSVT631ABVzbkbF88lyqeErqyDkjN48C7Zjp+/Y8s8/RduXFIgHs49x
qYxGMiTjO7XF20vq73GFjof6rpZpbs70z+QClbs8nxKeiPj9yZ78r7QEaeshgtOW
jXpbg2NHW1solCZKeJ71D8UI6DkEmnHTxo+8m1PSh5Zx
-----END CERTIFICATE-----