Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/8OIf3s5rbAL6PwOmVlkJPZkibW0.roa
File:                     8OIf3s5rbAL6PwOmVlkJPZkibW0.roa (raw, json)
Hash identifier:          y1YjjfFfDEHPJHpjFrXiaM4kWlR3FUi3I1alIgKjv4A=
Subject key identifier:   F0:E2:1F:DE:CE:6B:6C:02:FA:3F:03:A6:56:59:09:3D:99:22:6D:6D
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE4C2E5DE5F33465D9BCED5738981B
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/8OIf3s5rbAL6PwOmVlkJPZkibW0.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        185.221.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4c:2e:5d:e5:f3:34:65:d9:bc:ed:57:38:98:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0e21fdece6b6c02fa3f03a65659093d99226d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0b:61:f8:07:7f:b2:a0:66:d8:eb:71:dc:b3:
                    a8:e1:30:f4:55:9e:2e:f3:58:fb:92:37:83:7e:74:
                    1c:92:f6:5e:35:68:58:5f:93:81:49:81:65:b2:f1:
                    48:3a:f2:be:07:0d:20:cd:51:d6:64:12:50:c8:2e:
                    ca:09:20:4a:ad:a8:c0:0c:8a:a9:09:50:fc:b4:e8:
                    76:1e:c0:20:28:4c:39:08:27:45:92:de:19:ae:2b:
                    0f:80:23:e9:b7:64:6e:48:50:92:6e:bc:52:ef:1b:
                    78:0d:87:a2:89:c4:0d:25:1e:26:4d:b4:a7:e1:86:
                    d0:7d:50:8a:b1:23:7b:0e:66:c0:b8:c1:d5:06:03:
                    65:92:66:79:66:ad:48:31:ec:55:e6:ae:d9:89:24:
                    cd:0a:32:56:25:e8:6a:d0:f9:f0:f4:c1:10:f0:34:
                    c3:83:fd:f3:a9:9c:26:b0:6e:89:56:3c:8f:0a:b4:
                    17:d6:38:45:e2:d4:d9:2d:64:31:24:d0:a8:4f:eb:
                    f6:19:5d:82:d1:93:fd:f5:59:13:1a:7c:5c:a1:be:
                    72:32:18:75:d4:0d:f9:04:51:59:2d:6c:46:7e:4e:
                    fc:ce:15:9a:a2:9d:f3:04:52:aa:58:6b:46:12:d7:
                    ad:0e:49:aa:bf:ef:1e:d6:87:36:64:43:9a:2d:f9:
                    06:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:E2:1F:DE:CE:6B:6C:02:FA:3F:03:A6:56:59:09:3D:99:22:6D:6D
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/8OIf3s5rbAL6PwOmVlkJPZkibW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:72:57:5b:f7:2a:cf:90:cd:2f:da:1d:16:0d:96:6e:9b:67:
         4f:33:33:4c:e2:ad:b8:ab:15:35:d6:c9:2c:27:4f:47:2d:67:
         62:29:cc:eb:10:1b:b6:c7:3f:be:36:56:ed:88:cf:d8:4e:96:
         98:1e:36:c2:60:5e:fb:29:f2:6b:2a:4f:f5:b9:d3:6b:02:26:
         02:37:68:6f:a5:38:bf:a2:2d:a1:48:83:32:17:2b:74:0e:43:
         4a:44:8d:fb:d1:18:5e:3f:cc:60:eb:1d:a8:3c:b0:ab:73:2e:
         91:3b:d5:5d:98:35:21:eb:da:de:85:6b:d3:ea:38:0a:a4:5c:
         f2:df:04:51:b2:ad:c1:96:ed:4b:40:fd:29:e1:89:4e:2c:eb:
         18:1a:f7:00:1a:f4:80:c1:29:f7:91:cd:21:15:22:6f:3b:f4:
         45:41:17:38:eb:ba:2c:6a:77:d4:15:28:f0:2f:7f:6e:4f:aa:
         99:e0:09:09:53:65:71:13:23:28:93:1d:c8:b2:c0:34:a7:6c:
         7d:9c:9c:6a:51:e6:bc:ae:8a:90:d4:0f:1d:eb:be:0f:4a:8e:
         35:50:50:2b:2b:3b:f4:79:64:b1:5e:cd:76:6c:f9:73:c2:8e:
         10:f9:79:0d:33:d9:64:28:13:2c:12:55:fe:62:53:6c:ee:34:
         4e:c0:ee:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kwuXeXzNGXZvO1XOJgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGUyMWZkZWNlNmI2YzAyZmEzZjAzYTY1NjU5MDkzZDk5MjI2ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAth+Ad/sqBm2Otx3LOo4TD0VZ4u
81j7kjeDfnQckvZeNWhYX5OBSYFlsvFIOvK+Bw0gzVHWZBJQyC7KCSBKrajADIqp
CVD8tOh2HsAgKEw5CCdFkt4ZrisPgCPpt2RuSFCSbrxS7xt4DYeiicQNJR4mTbSn
4YbQfVCKsSN7DmbAuMHVBgNlkmZ5Zq1IMexV5q7ZiSTNCjJWJehq0Pnw9MEQ8DTD
g/3zqZwmsG6JVjyPCrQX1jhF4tTZLWQxJNCoT+v2GV2C0ZP99VkTGnxcob5yMhh1
1A35BFFZLWxGfk78zhWaop3zBFKqWGtGEtetDkmqv+8e1oc2ZEOaLfkGHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDiH97Oa2wC+j8DplZZCT2ZIm1tMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvOE9JZjNzNXJiQUw2UHdPbVZsa0pQWmtpYlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAqcldb9yrPkM0v2h0WDZZum2dPMzNM4q24qxU11sks
J09HLWdiKczrEBu2xz++NlbtiM/YTpaYHjbCYF77KfJrKk/1udNrAiYCN2hvpTi/
oi2hSIMyFyt0DkNKRI370RheP8xg6x2oPLCrcy6RO9VdmDUh69rehWvT6jgKpFzy
3wRRsq3Blu1LQP0p4YlOLOsYGvcAGvSAwSn3kc0hFSJvO/RFQRc467osanfUFSjw
L39uT6qZ4AkJU2VxEyMokx3IssA0p2x9nJxqUea8roqQ1A8d674PSo41UFArKzv0
eWSxXs12bPlzwo4Q+XkNM9lkKBMsElX+YlNs7jROwO45
-----END CERTIFICATE-----