Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/8pMpA6MDQoTasFGr2o3hi5QkSw8.roa
File:                     8pMpA6MDQoTasFGr2o3hi5QkSw8.roa (raw, json)
Hash identifier:          uWFMpKg6rOQC9RogrB7NUxF2KAXzg10hSRVagxNe8Zs=
Subject key identifier:   F2:93:29:03:A3:03:42:84:DA:B0:51:AB:DA:8D:E1:8B:94:24:4B:0F
Certificate issuer:       /CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
Certificate serial:       018CC794E479DFDF57F3E8C0B242BD453DB7
Authority key identifier: 84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/8pMpA6MDQoTasFGr2o3hi5QkSw8.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203576
IP address blocks:        185.179.24.0/24 maxlen: 24
                          185.179.25.0/24 maxlen: 24
                          185.179.27.0/24 maxlen: 24
                          185.179.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e4:79:df:df:57:f3:e8:c0:b2:42:bd:45:3d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2932903a3034284dab051abda8de18b94244b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:00:b3:b4:ab:6d:a3:3c:60:e9:d7:f8:cd:7f:
                    17:b1:33:68:96:c3:40:46:55:ab:f0:7c:f9:3c:d5:
                    5c:04:76:78:99:f7:1c:5c:0a:25:c0:bb:8c:ff:84:
                    5e:f0:67:d6:4b:3e:62:f5:f3:b9:d7:b7:95:1e:85:
                    f9:d3:bd:f4:29:95:5c:6e:62:39:26:d7:52:82:b7:
                    41:39:b0:14:2d:b3:88:a8:8b:73:47:d0:31:e0:55:
                    d5:41:ac:73:34:e5:1a:e0:3f:14:12:b2:f1:fd:71:
                    60:61:0a:e8:79:18:ed:36:3a:6e:5d:e4:08:27:89:
                    45:a0:9a:c8:74:08:ef:2a:49:4c:bd:c0:d9:ad:fa:
                    09:bf:b9:5f:4f:0f:dc:6e:e2:84:79:a3:06:28:ab:
                    4b:7f:c1:b5:c8:17:ec:e7:78:91:db:79:22:26:c5:
                    1b:e7:93:d6:55:d5:70:ed:82:d3:73:c8:f5:2e:55:
                    b3:27:73:b6:84:fc:5f:1c:2d:ad:74:21:fe:22:7c:
                    79:f0:f7:d1:ba:58:92:10:71:d1:b7:1a:b8:cd:b1:
                    78:2c:f1:2f:df:65:5d:e1:90:6c:5d:41:bf:a0:52:
                    98:02:6f:85:8a:9d:95:e7:85:2a:eb:57:df:3e:ab:
                    6b:85:16:b3:0e:4b:86:94:3b:1c:5f:59:a3:58:03:
                    55:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:93:29:03:A3:03:42:84:DA:B0:51:AB:DA:8D:E1:8B:94:24:4B:0F
            X509v3 Authority Key Identifier:
                keyid:84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/8pMpA6MDQoTasFGr2o3hi5QkSw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:c3:72:09:cd:e9:da:9f:49:97:29:c8:0b:47:2a:ec:fe:68:
         0f:a3:46:a4:89:3b:63:55:36:33:06:42:40:26:25:cf:e6:3a:
         f5:3f:4b:88:84:e7:45:49:4f:59:3f:23:4e:c2:5f:7b:1b:85:
         91:0b:f0:63:64:fe:13:c9:28:3b:ca:9c:05:63:3c:ce:01:7e:
         e7:08:19:5e:90:d9:77:80:90:86:b3:13:08:9f:8b:31:f2:8c:
         57:cf:3b:18:b4:24:19:ba:96:26:4f:89:19:82:4b:91:78:60:
         d8:33:e5:eb:d6:bf:2c:4b:29:b2:75:12:17:8c:2e:a8:de:96:
         df:e5:d3:18:99:76:74:d1:2d:a1:c4:43:27:9a:26:eb:0b:bf:
         28:98:9f:18:92:0e:56:79:cf:92:0c:f6:5c:60:02:fb:c0:5b:
         11:32:d9:f1:7e:4e:e7:80:41:5e:08:65:be:fb:18:7c:78:5b:
         03:29:c6:8f:57:c0:39:40:14:8e:99:7f:8d:22:64:cc:41:6b:
         e8:74:98:c0:d8:af:fa:3f:50:3e:bb:29:75:c7:d0:6d:fd:60:
         8d:2e:70:83:4c:73:b4:f8:4e:84:ad:58:f8:ea:e2:44:5c:da:
         e0:27:14:b9:22:09:23:15:52:31:1c:39:66:64:38:15:1e:ea:
         34:8b:b1:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOR5399X8+jAskK9RT23MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmJhZWI3MGIzZjFkMDY3MTYzNThhZDlhMmVjZmVmN2Qy
MTI2ZmIwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjkzMjkwM2EzMDM0Mjg0ZGFiMDUxYWJkYThkZTE4Yjk0MjQ0YjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgCztKttozxg6df4zX8XsTNolsNA
RlWr8Hz5PNVcBHZ4mfccXAolwLuM/4Re8GfWSz5i9fO517eVHoX50730KZVcbmI5
JtdSgrdBObAULbOIqItzR9Ax4FXVQaxzNOUa4D8UErLx/XFgYQroeRjtNjpuXeQI
J4lFoJrIdAjvKklMvcDZrfoJv7lfTw/cbuKEeaMGKKtLf8G1yBfs53iR23kiJsUb
55PWVdVw7YLTc8j1LlWzJ3O2hPxfHC2tdCH+Inx58PfRuliSEHHRtxq4zbF4LPEv
32Vd4ZBsXUG/oFKYAm+Fip2V54Uq61ffPqtrhRazDkuGlDscX1mjWANVXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKTKQOjA0KE2rBRq9qN4YuUJEsPMB8GA1UdIwQY
MBaAFIS7rrcLPx0GcWNYrZouz+99ISb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjct
OTc5MDJkOGE3ZmE2LzEvOHBNcEE2TURRb1Rhc0ZHcjJvM2hpNVFrU3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjctOTc5MDJkOGE3ZmE2
LzEvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubMYMA0G
CSqGSIb3DQEBCwUAA4IBAQA8w3IJzenan0mXKcgLRyrs/mgPo0akiTtjVTYzBkJA
JiXP5jr1P0uIhOdFSU9ZPyNOwl97G4WRC/BjZP4TySg7ypwFYzzOAX7nCBlekNl3
gJCGsxMIn4sx8oxXzzsYtCQZupYmT4kZgkuReGDYM+Xr1r8sSymydRIXjC6o3pbf
5dMYmXZ00S2hxEMnmibrC78omJ8Ykg5Wec+SDPZcYAL7wFsRMtnxfk7ngEFeCGW+
+xh8eFsDKcaPV8A5QBSOmX+NImTMQWvodJjA2K/6P1A+uyl1x9Bt/WCNLnCDTHO0
+E6ErVj46uJEXNrgJxS5IgkjFVIxHDlmZDgVHuo0i7E5
-----END CERTIFICATE-----