Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/p8EOtxAQPNX44lqN-_D41rg_ESY.roa
File:                     p8EOtxAQPNX44lqN-_D41rg_ESY.roa (raw, json)
Hash identifier:          Oa4UJGrEknxUxIjhnqbLKy96F0IZAnCA6R2xy1o0Udg=
Subject key identifier:   A7:C1:0E:B7:10:10:3C:D5:F8:E2:5A:8D:FB:F0:F8:D6:B8:3F:11:26
Certificate issuer:       /CN=b0a5699a08c7bfd707cfb06d3213f5cacbf28257
Certificate serial:       018EAD71677ADDEB5952BD6476471C1D0218
Authority key identifier: B0:A5:69:9A:08:C7:BF:D7:07:CF:B0:6D:32:13:F5:CA:CB:F2:82:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKVpmgjHv9cHz7BtMhP1ysvyglc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/p8EOtxAQPNX44lqN-_D41rg_ESY.roa
Signing time:             Fri 05 Apr 2024 08:47:54 +0000
ROA not before:           Fri 05 Apr 2024 08:47:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216135
IP address blocks:        185.171.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/sKVpmgjHv9cHz7BtMhP1ysvyglc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/sKVpmgjHv9cHz7BtMhP1ysvyglc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKVpmgjHv9cHz7BtMhP1ysvyglc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:71:67:7a:dd:eb:59:52:bd:64:76:47:1c:1d:02:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0a5699a08c7bfd707cfb06d3213f5cacbf28257
        Validity
            Not Before: Apr  5 08:47:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7c10eb710103cd5f8e25a8dfbf0f8d6b83f1126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:05:f2:83:27:19:31:f3:14:6f:66:af:f9:b9:
                    df:c8:6b:14:df:76:b9:27:dc:65:70:7e:ea:d3:ea:
                    5e:6a:29:9e:73:17:8f:f3:af:01:8f:45:0f:03:a3:
                    53:5a:3b:45:7b:67:3b:35:6d:e7:9a:64:61:41:e1:
                    3f:70:02:63:8f:d1:23:0a:1e:12:08:f9:ec:a1:d5:
                    10:13:dd:08:dd:3b:0f:89:8a:f3:59:8b:40:3e:b7:
                    7b:c5:90:8c:9e:b8:07:d3:55:61:a5:90:60:0f:f3:
                    bc:ba:38:5c:a2:1e:7a:b9:91:97:f3:6b:70:27:98:
                    9a:a3:da:70:fa:19:8b:8d:88:b8:81:29:84:7f:dd:
                    6f:79:fd:5b:35:e0:76:2a:a4:cb:76:54:0c:1a:cd:
                    75:03:9f:2f:50:e3:6a:86:f2:57:4e:3e:ec:90:58:
                    66:e6:6d:2e:09:e2:12:b2:6c:5a:22:af:4f:fe:c4:
                    97:e3:2d:49:dd:22:78:86:0b:41:4b:d6:55:bc:30:
                    32:95:5e:10:14:88:52:97:37:de:a5:29:26:45:c1:
                    04:aa:f0:ea:b8:ac:76:5b:5c:68:c8:58:fe:a9:be:
                    27:98:ea:7e:3c:e8:28:a4:61:f3:33:83:17:78:db:
                    14:42:9e:96:05:b6:83:4c:26:62:85:39:e4:df:28:
                    d7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C1:0E:B7:10:10:3C:D5:F8:E2:5A:8D:FB:F0:F8:D6:B8:3F:11:26
            X509v3 Authority Key Identifier:
                keyid:B0:A5:69:9A:08:C7:BF:D7:07:CF:B0:6D:32:13:F5:CA:CB:F2:82:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKVpmgjHv9cHz7BtMhP1ysvyglc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/p8EOtxAQPNX44lqN-_D41rg_ESY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/sKVpmgjHv9cHz7BtMhP1ysvyglc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:92:fe:f2:c4:26:35:0b:9f:83:ea:05:0f:1f:a6:d7:af:ba:
         78:b2:dc:34:b5:7f:31:bc:9f:67:9f:48:9c:63:d8:52:5f:c1:
         f0:7a:51:88:5c:67:ad:57:68:e7:6c:69:e3:5d:aa:f2:60:45:
         38:53:b1:79:06:6a:79:68:c0:ab:21:84:9c:7b:ff:7f:89:67:
         2c:21:27:74:fb:35:1b:f4:a4:42:0a:78:9b:1f:2b:0c:4c:ff:
         dd:bf:6f:c0:a7:9c:fc:3e:3e:b8:9e:48:83:5d:8a:83:da:42:
         95:4c:42:67:6e:67:0c:22:63:06:f2:6c:dd:c2:f0:55:74:98:
         a6:1d:1b:b2:63:6d:2a:15:d9:aa:d7:fb:b8:7b:01:03:3e:e0:
         44:4c:03:93:e0:ce:83:e8:84:d8:3d:1e:bb:fd:a0:ae:c2:2c:
         81:78:3d:f8:91:cc:a9:7d:1a:d6:40:38:b1:21:24:e1:db:a7:
         5d:14:a0:3c:eb:e5:52:6b:52:e8:c7:9a:44:6e:92:fd:14:1b:
         21:f9:dc:cf:54:0b:62:07:ed:6c:7a:f9:70:1a:7a:16:c7:81:
         a5:fb:6f:b5:48:27:2b:40:07:71:bc:12:04:7b:80:2e:c8:e1:
         99:c4:f3:db:03:5d:7f:94:51:2e:d3:29:d6:83:08:e5:06:1e:
         ae:c2:b3:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6tcWd63etZUr1kdkccHQIYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTU2OTlhMDhjN2JmZDcwN2NmYjA2ZDMyMTNmNWNhY2Jm
MjgyNTcwHhcNMjQwNDA1MDg0NzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2MxMGViNzEwMTAzY2Q1ZjhlMjVhOGRmYmYwZjhkNmI4M2YxMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AXygycZMfMUb2av+bnfyGsU33a5
J9xlcH7q0+peaimecxeP868Bj0UPA6NTWjtFe2c7NW3nmmRhQeE/cAJjj9EjCh4S
CPnsodUQE90I3TsPiYrzWYtAPrd7xZCMnrgH01VhpZBgD/O8ujhcoh56uZGX82tw
J5iao9pw+hmLjYi4gSmEf91vef1bNeB2KqTLdlQMGs11A58vUONqhvJXTj7skFhm
5m0uCeISsmxaIq9P/sSX4y1J3SJ4hgtBS9ZVvDAylV4QFIhSlzfepSkmRcEEqvDq
uKx2W1xoyFj+qb4nmOp+POgopGHzM4MXeNsUQp6WBbaDTCZihTnk3yjXIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfBDrcQEDzV+OJajfvw+Na4PxEmMB8GA1UdIwQY
MBaAFLClaZoIx7/XB8+wbTIT9crL8oJXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tWcG1nakh2OWNIejdCdE1oUDF5c3Z5Z2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8zZmQ2ZTktMTdkMy00MDE5LTg2Njkt
OTY2NmQ5NzYyODVkLzEvcDhFT3R4QVFQTlg0NGxxTi1fRDQxcmdfRVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8zZmQ2ZTktMTdkMy00MDE5LTg2NjktOTY2NmQ5NzYyODVk
LzEvc0tWcG1nakh2OWNIejdCdE1oUDF5c3Z5Z2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaukMA0G
CSqGSIb3DQEBCwUAA4IBAQA+kv7yxCY1C5+D6gUPH6bXr7p4stw0tX8xvJ9nn0ic
Y9hSX8HwelGIXGetV2jnbGnjXaryYEU4U7F5Bmp5aMCrIYSce/9/iWcsISd0+zUb
9KRCCnibHysMTP/dv2/Ap5z8Pj64nkiDXYqD2kKVTEJnbmcMImMG8mzdwvBVdJim
HRuyY20qFdmq1/u4ewEDPuBETAOT4M6D6ITYPR67/aCuwiyBeD34kcypfRrWQDix
ISTh26ddFKA86+VSa1Lox5pEbpL9FBsh+dzPVAtiB+1sevlwGnoWx4Gl+2+1SCcr
QAdxvBIEe4AuyOGZxPPbA11/lFEu0ynWgwjlBh6uwrPG
-----END CERTIFICATE-----