Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/C8ZHkavCs1CiyaxycceNYNnaob0.roa
File:                     C8ZHkavCs1CiyaxycceNYNnaob0.roa (raw, json)
Hash identifier:          dEG3rYNElXpJZSI4D0hbBI2jqW8wcD9BiSMHwmiF8Pk=
Subject key identifier:   0B:C6:47:91:AB:C2:B3:50:A2:C9:AC:72:71:C7:8D:60:D9:DA:A1:BD
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       018CC7275A3F72999C1B4DF4B1B4C0DE1F61
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/C8ZHkavCs1CiyaxycceNYNnaob0.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205416
IP address blocks:        185.92.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5a:3f:72:99:9c:1b:4d:f4:b1:b4:c0:de:1f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc64791abc2b350a2c9ac7271c78d60d9daa1bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8e:9e:21:94:1f:d2:05:a4:17:cd:25:c3:18:
                    3c:b0:3c:13:5e:3e:08:80:df:02:b2:66:19:77:30:
                    3f:e8:9e:0b:21:48:7a:a5:c3:06:0f:5b:05:20:cd:
                    ff:e3:42:ec:70:04:d9:35:0a:1d:bb:6e:84:96:e2:
                    9c:af:4f:af:9d:73:7a:88:06:06:98:cd:20:3b:1f:
                    a3:57:70:48:7e:16:c8:41:f0:7c:96:9c:f9:68:e3:
                    b9:b0:b6:d9:ed:7b:8a:ba:f1:38:ba:d2:ad:ab:19:
                    35:39:13:e5:39:66:4b:75:6c:e3:24:21:7e:62:53:
                    8f:04:e9:ef:08:03:42:4a:0c:17:d0:f2:6f:6e:e8:
                    b5:85:ec:b1:88:c7:25:31:7d:04:9c:7f:a6:37:f6:
                    ec:d8:ff:50:a9:1c:d0:8f:58:f4:7c:16:7f:4b:cc:
                    fe:21:77:b3:9e:2d:05:56:e8:b3:5f:40:65:2f:de:
                    4c:dd:de:ee:68:3b:1b:0c:85:5f:23:1a:b7:23:6a:
                    a4:35:16:90:21:f7:68:a0:31:79:78:50:a2:b3:c2:
                    fd:df:2c:aa:a1:13:90:62:0a:09:98:21:a8:80:3d:
                    23:8c:02:27:42:a6:47:09:a7:83:4f:6a:9c:b5:65:
                    e2:53:94:a5:05:8d:05:79:73:51:f0:cd:55:fc:dd:
                    fa:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C6:47:91:AB:C2:B3:50:A2:C9:AC:72:71:C7:8D:60:D9:DA:A1:BD
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/C8ZHkavCs1CiyaxycceNYNnaob0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:2d:6d:bd:27:8e:64:83:6d:fb:98:33:3d:87:b7:b0:e4:3d:
         7d:79:4e:6a:d8:7d:a0:00:44:7c:b5:70:8c:ed:82:cc:10:9a:
         1c:1a:b7:90:04:6a:d4:e6:d3:a4:3c:3d:c0:69:26:9c:b6:47:
         f0:4d:6e:8e:8a:50:ff:75:d6:ec:65:9d:8c:79:59:3a:01:d7:
         02:4a:83:6d:3e:09:3f:86:72:2f:75:00:74:7e:b7:c5:5a:c3:
         8d:12:f0:e1:af:fa:99:51:2d:6e:10:d6:52:da:00:e2:b7:ed:
         ca:96:6d:3f:04:1d:d7:a4:e0:ec:e3:5e:f0:00:64:9e:0e:13:
         e5:e3:8b:db:c7:20:f1:32:c3:12:32:7c:84:0c:41:b0:73:43:
         8f:1e:c9:c4:ad:cd:fa:77:d9:81:6c:4d:da:0a:b7:a9:3e:28:
         47:40:ef:ab:6e:c8:64:1a:8c:1f:49:d5:fd:69:37:eb:a2:64:
         a2:5e:6a:65:3f:b0:e1:df:30:5c:9b:28:bd:35:44:59:20:3f:
         a5:9c:09:ff:13:c6:77:ad:5e:43:93:d2:13:fa:d1:4d:30:52:
         29:e2:11:65:d1:cb:65:e4:49:70:c9:2a:ff:35:36:1f:a1:bf:
         0e:9a:e0:51:c9:59:b3:41:2f:de:93:2d:40:3e:a3:59:4c:6f:
         49:59:9b:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1o/cpmcG030sbTA3h9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM2NDc5MWFiYzJiMzUwYTJjOWFjNzI3MWM3OGQ2MGQ5ZGFhMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg46eIZQf0gWkF80lwxg8sDwTXj4I
gN8CsmYZdzA/6J4LIUh6pcMGD1sFIM3/40LscATZNQodu26EluKcr0+vnXN6iAYG
mM0gOx+jV3BIfhbIQfB8lpz5aOO5sLbZ7XuKuvE4utKtqxk1ORPlOWZLdWzjJCF+
YlOPBOnvCANCSgwX0PJvbui1heyxiMclMX0EnH+mN/bs2P9QqRzQj1j0fBZ/S8z+
IXezni0FVuizX0BlL95M3d7uaDsbDIVfIxq3I2qkNRaQIfdooDF5eFCis8L93yyq
oROQYgoJmCGogD0jjAInQqZHCaeDT2qctWXiU5SlBY0FeXNR8M1V/N36VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvGR5GrwrNQosmscnHHjWDZ2qG9MB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvQzhaSGthdkNzMUNpeWF4eWNjZU5ZTm5hb2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzUMA0G
CSqGSIb3DQEBCwUAA4IBAQCOLW29J45kg237mDM9h7ew5D19eU5q2H2gAER8tXCM
7YLMEJocGreQBGrU5tOkPD3AaSactkfwTW6OilD/ddbsZZ2MeVk6AdcCSoNtPgk/
hnIvdQB0frfFWsONEvDhr/qZUS1uENZS2gDit+3Klm0/BB3XpODs417wAGSeDhPl
44vbxyDxMsMSMnyEDEGwc0OPHsnErc36d9mBbE3aCrepPihHQO+rbshkGowfSdX9
aTfromSiXmplP7Dh3zBcmyi9NURZID+lnAn/E8Z3rV5Dk9IT+tFNMFIp4hFl0ctl
5ElwySr/NTYfob8OmuBRyVmzQS/eky1APqNZTG9JWZsY
-----END CERTIFICATE-----