Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/8JxzypQVwuc8HLJDSgWq3HARqu4.roa
File:                     8JxzypQVwuc8HLJDSgWq3HARqu4.roa (raw, json)
Hash identifier:          AoVVUUyhhwTPHfgdjmL5oWfDC6j824RCWlR/WG6WaWY=
Subject key identifier:   F0:9C:73:CA:94:15:C2:E7:3C:1C:B2:43:4A:05:AA:DC:70:11:AA:EE
Certificate issuer:       /CN=8a7b85c316586b199d26bfc48fe2598939cb6fde
Certificate serial:       018CC34912C66CEADC272BADF547082D95AC
Authority key identifier: 8A:7B:85:C3:16:58:6B:19:9D:26:BF:C4:8F:E2:59:89:39:CB:6F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/inuFwxZYaxmdJr_Ej-JZiTnLb94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/8JxzypQVwuc8HLJDSgWq3HARqu4.roa
Signing time:             Mon 01 Jan 2024 04:29:55 +0000
ROA not before:           Mon 01 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22612
IP address blocks:        185.61.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/inuFwxZYaxmdJr_Ej-JZiTnLb94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/inuFwxZYaxmdJr_Ej-JZiTnLb94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/inuFwxZYaxmdJr_Ej-JZiTnLb94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:12:c6:6c:ea:dc:27:2b:ad:f5:47:08:2d:95:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7b85c316586b199d26bfc48fe2598939cb6fde
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f09c73ca9415c2e73c1cb2434a05aadc7011aaee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c2:b3:1a:04:16:3c:99:c3:67:95:29:b8:df:
                    45:5e:82:32:95:7d:df:19:2c:e5:34:6f:55:67:74:
                    b9:18:a6:40:41:21:97:d0:7a:0c:71:f6:2b:87:f3:
                    91:e9:58:82:97:e0:12:03:e0:71:40:b7:a9:00:64:
                    42:a8:23:58:72:e5:60:b4:42:b7:ec:3e:c3:2b:d9:
                    6a:c1:43:75:8d:1b:32:47:80:a3:8d:27:8f:f2:67:
                    fb:60:a7:60:28:07:21:11:1d:04:34:5a:cd:64:ab:
                    c4:68:f1:0f:70:31:b3:ca:fc:4f:c6:df:f0:c8:7f:
                    f5:2a:e9:9a:d0:ea:b3:24:c9:36:07:d8:94:60:3e:
                    37:e7:d8:2c:cd:b0:59:6d:0a:77:a4:da:7b:bf:60:
                    92:44:7c:21:a3:20:97:a2:7d:46:c6:0f:9b:6c:80:
                    2f:7e:42:af:2b:c2:a0:82:6d:32:66:dc:92:fb:af:
                    32:ee:68:95:b4:fb:08:b6:18:fc:37:b4:06:3d:2c:
                    46:22:47:7d:e1:59:9b:52:73:74:9c:1c:1b:83:6e:
                    bc:c0:cd:15:ce:58:24:29:0e:1b:95:1c:5c:46:de:
                    30:05:e7:36:66:16:59:28:d6:7d:e3:e5:5a:10:41:
                    07:34:85:27:36:4a:f5:81:d3:07:ca:8f:ec:f7:67:
                    7b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9C:73:CA:94:15:C2:E7:3C:1C:B2:43:4A:05:AA:DC:70:11:AA:EE
            X509v3 Authority Key Identifier:
                keyid:8A:7B:85:C3:16:58:6B:19:9D:26:BF:C4:8F:E2:59:89:39:CB:6F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/inuFwxZYaxmdJr_Ej-JZiTnLb94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/8JxzypQVwuc8HLJDSgWq3HARqu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/0db348-8ca8-40de-82cd-29f20dc8eaf4/1/inuFwxZYaxmdJr_Ej-JZiTnLb94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:a6:4f:29:7d:33:bc:92:af:e9:09:96:4c:c3:04:bb:91:cb:
         15:50:88:05:54:82:2b:78:51:af:6b:ca:92:5f:4c:6e:8f:80:
         87:c1:02:25:bb:f5:54:8c:b1:34:c3:eb:99:65:94:dd:ec:fd:
         60:33:56:38:e7:1c:d7:3e:d8:f1:a5:98:56:ab:b4:8a:fb:55:
         f7:d4:50:4c:44:e4:67:71:fc:0f:b9:5a:d6:e8:03:4d:9d:38:
         d2:11:22:60:7e:5a:3b:ef:d1:1d:d2:6e:c5:b4:49:bd:fe:09:
         7c:29:93:e8:b3:81:3f:2d:fc:92:ea:09:ae:7f:e9:57:87:c1:
         4a:78:bc:32:eb:a8:b4:04:f0:24:ed:79:8a:11:ad:d4:6a:41:
         ef:68:cc:50:31:6d:5a:0c:4f:da:85:f1:35:e4:ed:03:d3:4f:
         40:09:b7:29:13:3b:30:a3:f4:61:6b:69:8b:d6:4b:50:9f:7b:
         cd:c0:5e:2c:9c:a7:f8:4c:a1:09:47:80:73:3e:37:ed:63:52:
         a5:8e:e0:a5:0a:3f:9a:47:f7:4c:e5:1d:ae:ad:79:e7:1d:8e:
         ec:b1:d1:95:bb:e9:10:86:50:fe:75:b0:03:96:14:f2:10:13:
         d7:ee:93:e6:e1:46:05:c0:e5:68:8d:76:c5:1a:c2:37:bf:03:
         ad:fa:95:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRLGbOrcJyut9UcILZWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhN2I4NWMzMTY1ODZiMTk5ZDI2YmZjNDhmZTI1OTg5Mzlj
YjZmZGUwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDljNzNjYTk0MTVjMmU3M2MxY2IyNDM0YTA1YWFkYzcwMTFhYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8KzGgQWPJnDZ5UpuN9FXoIylX3f
GSzlNG9VZ3S5GKZAQSGX0HoMcfYrh/OR6ViCl+ASA+BxQLepAGRCqCNYcuVgtEK3
7D7DK9lqwUN1jRsyR4CjjSeP8mf7YKdgKAchER0ENFrNZKvEaPEPcDGzyvxPxt/w
yH/1Kuma0OqzJMk2B9iUYD4359gszbBZbQp3pNp7v2CSRHwhoyCXon1Gxg+bbIAv
fkKvK8Kggm0yZtyS+68y7miVtPsIthj8N7QGPSxGIkd94VmbUnN0nBwbg268wM0V
zlgkKQ4blRxcRt4wBec2ZhZZKNZ94+VaEEEHNIUnNkr1gdMHyo/s92d7NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCcc8qUFcLnPByyQ0oFqtxwEaruMB8GA1UdIwQY
MBaAFIp7hcMWWGsZnSa/xI/iWYk5y2/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW51Rnd4WllheG1kSnJfRWotSlppVG5MYjk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8wZGIzNDgtOGNhOC00MGRlLTgyY2Qt
MjlmMjBkYzhlYWY0LzEvOEp4enlwUVZ3dWM4SExKRFNnV3EzSEFScXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8wZGIzNDgtOGNhOC00MGRlLTgyY2QtMjlmMjBkYzhlYWY0
LzEvaW51Rnd4WllheG1kSnJfRWotSlppVG5MYjk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT2YMA0G
CSqGSIb3DQEBCwUAA4IBAQA3pk8pfTO8kq/pCZZMwwS7kcsVUIgFVIIreFGva8qS
X0xuj4CHwQIlu/VUjLE0w+uZZZTd7P1gM1Y45xzXPtjxpZhWq7SK+1X31FBMRORn
cfwPuVrW6ANNnTjSESJgflo779Ed0m7FtEm9/gl8KZPos4E/LfyS6gmuf+lXh8FK
eLwy66i0BPAk7XmKEa3UakHvaMxQMW1aDE/ahfE15O0D009ACbcpEzswo/Rha2mL
1ktQn3vNwF4snKf4TKEJR4BzPjftY1KljuClCj+aR/dM5R2urXnnHY7ssdGVu+kQ
hlD+dbADlhTyEBPX7pPm4UYFwOVojXbFGsI3vwOt+pWN
-----END CERTIFICATE-----