Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/8_dsS8Stz6tn9y-M5SKMoQp0-Zg.roa
File:                     8_dsS8Stz6tn9y-M5SKMoQp0-Zg.roa (raw, json)
Hash identifier:          0kuMt/1qGwmmbLC/G2DNAlWjSeKiZeNH2M8/yNWNW9U=
Subject key identifier:   F3:F7:6C:4B:C4:AD:CF:AB:67:F7:2F:8C:E5:22:8C:A1:0A:74:F9:98
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948FDF29E847BDA5E73D9BB5D2C6A9
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/8_dsS8Stz6tn9y-M5SKMoQp0-Zg.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        195.82.132.0/23 maxlen: 24
                          91.212.45.0/24 maxlen: 24
                          45.91.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8f:df:29:e8:47:bd:a5:e7:3d:9b:b5:d2:c6:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3f76c4bc4adcfab67f72f8ce5228ca10a74f998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bf:26:9a:6d:95:10:4c:60:d2:84:5a:f0:e8:
                    d0:f9:54:7c:9c:81:a2:16:29:64:de:07:53:a1:37:
                    17:eb:bd:0f:2b:64:76:29:99:eb:6f:02:0e:57:cf:
                    5e:88:76:6e:96:de:bb:28:b1:43:1e:cb:5d:86:d6:
                    51:b3:77:c0:3c:cc:3a:16:b6:66:c9:84:e9:47:cf:
                    02:81:9f:3a:14:b3:cb:af:5d:39:ad:39:e0:d1:7b:
                    6e:eb:f2:5c:27:b7:a4:2d:a2:a5:eb:52:b2:94:7d:
                    f3:bf:60:37:27:48:77:9a:49:76:15:89:1b:a7:c1:
                    78:07:b5:82:9a:f5:db:11:16:d8:0a:a5:bd:9f:44:
                    0d:64:a6:cb:f0:5f:69:d0:84:45:99:2d:6d:fd:4a:
                    01:43:e4:78:1e:cf:56:91:f0:63:9f:17:cd:1a:4a:
                    33:7b:89:b1:20:e2:7b:34:b5:ae:15:db:bc:7d:26:
                    b7:df:98:d0:a0:6f:24:3e:c1:03:6b:77:18:3c:a4:
                    1e:47:ec:23:8f:1f:c8:90:84:e4:27:16:18:3d:50:
                    80:3f:5e:f7:c4:1a:69:c2:03:21:b3:3a:07:21:07:
                    07:94:92:b2:eb:51:8e:e7:7f:3d:f9:dc:8f:66:75:
                    3c:a9:49:dd:36:df:45:7b:da:3b:d2:90:14:74:39:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F7:6C:4B:C4:AD:CF:AB:67:F7:2F:8C:E5:22:8C:A1:0A:74:F9:98
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/8_dsS8Stz6tn9y-M5SKMoQp0-Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.116.0/24
                  91.212.45.0/24
                  195.82.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:e6:9a:c3:c6:10:d5:d0:b3:f1:23:54:eb:c2:0a:d5:0b:21:
         fe:e1:74:2f:b5:95:29:db:83:84:9b:6e:84:a9:ca:34:7c:f3:
         e9:31:b9:79:b7:ca:91:05:47:1b:00:2a:4c:35:4b:4d:88:af:
         7e:ce:a3:64:09:3c:c4:b0:b4:5c:81:a3:fa:b8:03:81:bf:92:
         00:9e:31:b0:8a:ea:67:28:10:7d:55:9e:90:4b:4b:48:c3:3a:
         c6:76:9f:db:10:8f:fc:9f:4f:dd:ed:6f:e3:52:eb:1b:aa:37:
         0e:d4:14:a9:3c:f4:cb:f4:bd:d4:52:f0:61:91:d3:3c:54:45:
         96:31:9e:b3:00:38:58:38:a9:3c:10:f7:78:06:de:75:6d:59:
         b7:49:1c:64:8d:ae:43:e8:78:2e:79:ec:9a:40:b7:7f:cb:5c:
         5b:3b:d9:60:2b:1e:1e:81:b8:9e:8f:7a:a7:76:51:bf:c9:48:
         3c:23:e8:ab:c4:64:ec:f3:63:86:e6:b5:f3:44:08:5b:5d:8f:
         3a:2a:94:49:0f:7d:c8:04:84:fb:51:87:df:12:74:c3:0c:db:
         e8:bb:d9:60:ff:39:2f:a6:f3:21:69:20:d0:f7:5f:88:2a:37:
         ff:ca:e9:97:a7:ee:e0:06:da:20:01:a0:23:9d:19:e1:10:e9:
         ff:0c:b2:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlI/fKehHvaXnPZu10sapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y3NmM0YmM0YWRjZmFiNjdmNzJmOGNlNTIyOGNhMTBhNzRmOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA178mmm2VEExg0oRa8OjQ+VR8nIGi
Filk3gdToTcX670PK2R2KZnrbwIOV89eiHZult67KLFDHstdhtZRs3fAPMw6FrZm
yYTpR88CgZ86FLPLr105rTng0Xtu6/JcJ7ekLaKl61KylH3zv2A3J0h3mkl2FYkb
p8F4B7WCmvXbERbYCqW9n0QNZKbL8F9p0IRFmS1t/UoBQ+R4Hs9WkfBjnxfNGkoz
e4mxIOJ7NLWuFdu8fSa335jQoG8kPsEDa3cYPKQeR+wjjx/IkITkJxYYPVCAP173
xBppwgMhszoHIQcHlJKy61GO5389+dyPZnU8qUndNt9Fe9o70pAUdDlpwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPP3bEvErc+rZ/cvjOUijKEKdPmYMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvOF9kc1M4U3R6NnRuOXktTTVTS01vUXAwLVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVt0AwQA
W9QtAwQBw1KEMA0GCSqGSIb3DQEBCwUAA4IBAQBF5prDxhDV0LPxI1TrwgrVCyH+
4XQvtZUp24OEm26Eqco0fPPpMbl5t8qRBUcbACpMNUtNiK9+zqNkCTzEsLRcgaP6
uAOBv5IAnjGwiupnKBB9VZ6QS0tIwzrGdp/bEI/8n0/d7W/jUusbqjcO1BSpPPTL
9L3UUvBhkdM8VEWWMZ6zADhYOKk8EPd4Bt51bVm3SRxkja5D6HgueeyaQLd/y1xb
O9lgKx4egbiej3qndlG/yUg8I+irxGTs82OG5rXzRAhbXY86KpRJD33IBIT7UYff
EnTDDNvou9lg/zkvpvMhaSDQ91+IKjf/yumXp+7gBtogAaAjnRnhEOn/DLIz
-----END CERTIFICATE-----