Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/H8vIeOJjqEw_J16_8hffnSXzFck.roa
File:                     H8vIeOJjqEw_J16_8hffnSXzFck.roa (raw, json)
Hash identifier:          tUHFIu9Wi2x9QJvlJ+pYBFlNcO8RbyOHHNnNBVf6t+w=
Subject key identifier:   1F:CB:C8:78:E2:63:A8:4C:3F:27:5E:BF:F2:17:DF:9D:25:F3:15:C9
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941812DB902FC4BD295B3A076A5AC6
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/H8vIeOJjqEw_J16_8hffnSXzFck.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47193
IP address blocks:        109.248.64.0/19 maxlen: 20
                          109.248.112.0/20 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:18:12:db:90:2f:c4:bd:29:5b:3a:07:6a:5a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fcbc878e263a84c3f275ebff217df9d25f315c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4b:14:8e:1e:2d:01:b1:f5:f0:c2:80:78:82:
                    44:dc:e1:6e:16:68:1b:c4:c3:70:99:1a:82:80:ce:
                    09:f6:9e:91:d7:7f:d0:50:ac:29:97:96:86:34:92:
                    f7:5d:75:09:24:e4:16:4f:a5:03:2b:24:6a:57:55:
                    97:cf:a3:9a:d8:ab:04:49:a9:85:f8:8d:83:d9:42:
                    69:44:21:35:1c:ba:e4:ce:6a:53:6b:95:03:5b:ce:
                    35:e9:51:0f:9a:d9:bc:2e:fd:d9:cc:f1:5b:f0:cd:
                    dc:c7:81:03:ec:cd:0c:d4:b4:77:67:05:be:c3:4f:
                    05:2b:5f:1d:67:de:06:12:25:66:0e:44:86:ed:0f:
                    af:13:07:3c:36:b6:47:d6:98:4f:32:d8:ec:e4:2b:
                    f9:58:e7:08:16:1f:fb:4e:b2:11:cd:d3:9d:f2:63:
                    9b:78:14:e1:64:31:16:bd:12:bb:55:50:8e:fd:a7:
                    97:2b:ec:9b:7c:0f:8b:fa:1c:08:ae:80:93:62:63:
                    84:5a:6f:26:61:c1:78:9f:28:16:27:bc:a3:d2:68:
                    8c:ed:66:25:ee:53:cf:ee:41:51:78:1b:9f:49:c0:
                    22:89:64:d7:e1:10:f5:ab:c8:54:07:fd:11:5c:af:
                    26:86:c2:00:bc:7d:3f:a4:94:ba:81:79:f6:99:e3:
                    21:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CB:C8:78:E2:63:A8:4C:3F:27:5E:BF:F2:17:DF:9D:25:F3:15:C9
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/H8vIeOJjqEw_J16_8hffnSXzFck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.64.0/19
                  109.248.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0d:15:04:91:f4:d1:19:a8:97:db:d2:95:5e:7e:79:31:b1:1c:
         d0:aa:a1:c4:3c:24:4a:33:62:84:ac:89:cd:22:e5:62:63:a7:
         78:07:13:a2:fc:8f:1d:96:db:21:e6:68:b7:61:e9:65:ed:15:
         ca:e1:cc:1e:9f:41:2e:04:48:42:f1:80:ed:fb:80:4a:d5:d5:
         23:c3:7a:d1:62:a5:cb:c6:2a:d8:a6:fe:59:df:dc:54:45:60:
         1c:8c:bd:a0:1c:e3:f6:2a:14:23:90:21:32:85:5a:bd:c7:98:
         40:37:d7:0a:96:58:c5:c0:66:9c:91:c2:a3:9c:1a:35:90:43:
         2e:92:a3:e2:1d:37:5c:aa:8b:b4:be:b2:6d:76:0e:1f:3e:4d:
         c8:27:ee:65:79:ae:05:e1:7d:18:d9:cc:d9:aa:47:36:bc:99:
         41:17:58:26:54:9c:4f:56:80:80:54:ec:bb:84:32:94:4d:d5:
         ba:d2:eb:7d:1c:90:43:49:f2:0f:da:c2:95:48:5c:e9:20:e6:
         4a:ca:d6:25:7e:ab:22:2c:a8:a3:36:11:8f:8f:ca:37:aa:48:
         15:43:90:52:bf:29:90:a5:a1:c4:92:55:af:75:6b:8d:20:45:
         d8:56:37:11:9c:1b:5e:fd:64:2f:07:4c:b2:f7:9d:46:14:65:
         0d:8e:eb:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlBgS25AvxL0pWzoHalrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmNiYzg3OGUyNjNhODRjM2YyNzVlYmZmMjE3ZGY5ZDI1ZjMxNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnksUjh4tAbH18MKAeIJE3OFuFmgb
xMNwmRqCgM4J9p6R13/QUKwpl5aGNJL3XXUJJOQWT6UDKyRqV1WXz6Oa2KsESamF
+I2D2UJpRCE1HLrkzmpTa5UDW8416VEPmtm8Lv3ZzPFb8M3cx4ED7M0M1LR3ZwW+
w08FK18dZ94GEiVmDkSG7Q+vEwc8NrZH1phPMtjs5Cv5WOcIFh/7TrIRzdOd8mOb
eBThZDEWvRK7VVCO/aeXK+ybfA+L+hwIroCTYmOEWm8mYcF4nygWJ7yj0miM7WYl
7lPP7kFReBufScAiiWTX4RD1q8hUB/0RXK8mhsIAvH0/pJS6gXn2meMhSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB/LyHjiY6hMPydev/IX350l8xXJMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSDh2SWVPSmpxRXdfSjE2XzhoZmZuU1h6RmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbfhAAwQE
bfhwMA0GCSqGSIb3DQEBCwUAA4IBAQANFQSR9NEZqJfb0pVefnkxsRzQqqHEPCRK
M2KErInNIuViY6d4BxOi/I8dltsh5mi3Yell7RXK4cwen0EuBEhC8YDt+4BK1dUj
w3rRYqXLxirYpv5Z39xURWAcjL2gHOP2KhQjkCEyhVq9x5hAN9cKlljFwGackcKj
nBo1kEMukqPiHTdcqou0vrJtdg4fPk3IJ+5lea4F4X0Y2czZqkc2vJlBF1gmVJxP
VoCAVOy7hDKUTdW60ut9HJBDSfIP2sKVSFzpIOZKytYlfqsiLKijNhGPj8o3qkgV
Q5BSvymQpaHEklWvdWuNIEXYVjcRnBte/WQvB0yy951GFGUNjuu5
-----END CERTIFICATE-----