Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/8Q-y22wcN_oCaQN0a5uPDeWXUm8.roa
File:                     8Q-y22wcN_oCaQN0a5uPDeWXUm8.roa (raw, json)
Hash identifier:          v/8wsnypWO4wHwzqDRXNRNmY5AVQJw72Ip/z2l7M84M=
Subject key identifier:   F1:0F:B2:DB:6C:1C:37:FA:02:69:03:74:6B:9B:8F:0D:E5:97:52:6F
Certificate issuer:       /CN=7a8746a76cda8369009d28941ef156239c6a63a1
Certificate serial:       018CC424DD30CAA2BBC356778A6109AB8138
Authority key identifier: 7A:87:46:A7:6C:DA:83:69:00:9D:28:94:1E:F1:56:23:9C:6A:63:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eodGp2zag2kAnSiUHvFWI5xqY6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/8Q-y22wcN_oCaQN0a5uPDeWXUm8.roa
Signing time:             Mon 01 Jan 2024 08:29:59 +0000
ROA not before:           Mon 01 Jan 2024 08:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        217.161.12.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/eodGp2zag2kAnSiUHvFWI5xqY6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/eodGp2zag2kAnSiUHvFWI5xqY6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eodGp2zag2kAnSiUHvFWI5xqY6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:dd:30:ca:a2:bb:c3:56:77:8a:61:09:ab:81:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a8746a76cda8369009d28941ef156239c6a63a1
        Validity
            Not Before: Jan  1 08:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f10fb2db6c1c37fa026903746b9b8f0de597526f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fa:b2:51:fc:f8:93:d0:cb:48:53:1d:e3:23:
                    3a:85:37:6e:d0:41:ff:e6:f3:d9:87:5f:ef:fd:c3:
                    bf:da:7e:30:09:69:7c:fb:92:c3:3b:00:a4:2c:f9:
                    bf:2e:2b:a8:c2:92:e5:28:91:77:f8:11:bc:2d:8f:
                    f6:c0:88:b4:d2:8d:54:8c:e5:25:db:9f:58:ea:c5:
                    e7:3e:82:87:04:7d:b5:8e:f0:27:d6:49:bf:1a:f1:
                    8c:43:04:a6:b8:72:5c:f1:fb:23:34:fa:42:d9:26:
                    3a:3d:c4:f2:24:0f:e7:c7:a5:30:e1:09:df:b5:e5:
                    f4:9f:2c:29:7b:8a:f1:70:76:8d:91:91:e9:7b:7c:
                    7d:08:0a:31:6d:90:c1:3a:cc:ea:54:14:6d:00:bc:
                    67:b9:93:56:b6:f0:e9:84:9d:c9:b0:cb:b9:85:7a:
                    33:97:21:08:3c:89:4a:8b:ff:bf:2c:52:0e:c2:64:
                    c9:0e:f0:64:5f:aa:25:57:25:d0:91:77:85:c0:d5:
                    78:93:36:02:b0:e3:c1:04:62:68:71:39:fe:6e:81:
                    6d:85:6f:26:06:85:1c:b8:cc:24:57:5d:b4:e1:28:
                    54:b7:8d:a3:40:48:df:94:70:aa:e4:ed:43:41:95:
                    1c:33:98:b5:2f:0a:bb:3d:a0:fb:26:c3:09:cb:df:
                    6c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0F:B2:DB:6C:1C:37:FA:02:69:03:74:6B:9B:8F:0D:E5:97:52:6F
            X509v3 Authority Key Identifier:
                keyid:7A:87:46:A7:6C:DA:83:69:00:9D:28:94:1E:F1:56:23:9C:6A:63:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eodGp2zag2kAnSiUHvFWI5xqY6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/8Q-y22wcN_oCaQN0a5uPDeWXUm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/913e12-f5ed-46f4-982c-52dedddee393/1/eodGp2zag2kAnSiUHvFWI5xqY6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.161.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:50:6a:80:99:2b:ec:9a:8b:3b:60:ce:fc:a7:87:88:87:da:
         50:41:89:a5:09:38:2f:84:29:b3:57:22:2b:5c:e6:53:26:29:
         6b:de:d6:8b:da:c7:27:79:07:ef:c8:eb:89:1e:60:ed:04:dc:
         4e:98:9d:c3:41:02:e2:56:50:bd:6a:04:9e:2e:91:88:3c:1c:
         60:24:58:fd:87:13:78:0a:3b:5a:37:4d:35:6a:08:27:ae:5a:
         82:88:58:09:56:4b:51:3d:60:99:dc:63:da:e8:2c:9d:86:32:
         5b:5e:27:80:6b:54:97:14:f6:5a:85:70:f1:41:ac:5c:61:6b:
         f3:17:12:73:83:33:e4:0b:d4:7f:4c:67:e2:3a:bb:89:f6:7b:
         26:a6:01:77:44:14:5e:15:ae:83:49:b0:48:bb:e9:37:15:96:
         c9:13:5e:22:c7:40:3a:0c:24:3e:6c:f8:86:25:99:37:cd:31:
         d2:68:bf:c6:47:45:df:60:50:30:1e:df:0f:38:e5:16:99:90:
         c0:6b:3d:9e:c6:0c:58:e7:8d:5a:8e:52:da:e5:1c:8f:bc:57:
         e7:3d:c1:28:fc:20:b8:71:88:4f:e8:5d:dc:67:c3:e4:85:53:
         b6:cf:02:84:d6:e9:ca:3c:92:9b:ea:31:5f:d6:ec:00:7f:f8:
         4c:ab:f2:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJN0wyqK7w1Z3imEJq4E4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhODc0NmE3NmNkYTgzNjkwMDlkMjg5NDFlZjE1NjIzOWM2
YTYzYTEwHhcNMjQwMTAxMDgyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTBmYjJkYjZjMWMzN2ZhMDI2OTAzNzQ2YjliOGYwZGU1OTc1MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfqyUfz4k9DLSFMd4yM6hTdu0EH/
5vPZh1/v/cO/2n4wCWl8+5LDOwCkLPm/LiuowpLlKJF3+BG8LY/2wIi00o1UjOUl
259Y6sXnPoKHBH21jvAn1km/GvGMQwSmuHJc8fsjNPpC2SY6PcTyJA/nx6Uw4Qnf
teX0nywpe4rxcHaNkZHpe3x9CAoxbZDBOszqVBRtALxnuZNWtvDphJ3JsMu5hXoz
lyEIPIlKi/+/LFIOwmTJDvBkX6olVyXQkXeFwNV4kzYCsOPBBGJocTn+boFthW8m
BoUcuMwkV1204ShUt42jQEjflHCq5O1DQZUcM5i1Lwq7PaD7JsMJy99sfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEPsttsHDf6AmkDdGubjw3ll1JvMB8GA1UdIwQY
MBaAFHqHRqds2oNpAJ0olB7xViOcamOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW9kR3AyemFnMmtBblNpVUh2RldJNXhxWTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi85MTNlMTItZjVlZC00NmY0LTk4MmMt
NTJkZWRkZGVlMzkzLzEvOFEteTIyd2NOX29DYVFOMGE1dVBEZVdYVW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi85MTNlMTItZjVlZC00NmY0LTk4MmMtNTJkZWRkZGVlMzkz
LzEvZW9kR3AyemFnMmtBblNpVUh2RldJNXhxWTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2aEMMA0G
CSqGSIb3DQEBCwUAA4IBAQBSUGqAmSvsmos7YM78p4eIh9pQQYmlCTgvhCmzVyIr
XOZTJilr3taL2scneQfvyOuJHmDtBNxOmJ3DQQLiVlC9agSeLpGIPBxgJFj9hxN4
CjtaN001aggnrlqCiFgJVktRPWCZ3GPa6CydhjJbXieAa1SXFPZahXDxQaxcYWvz
FxJzgzPkC9R/TGfiOruJ9nsmpgF3RBReFa6DSbBIu+k3FZbJE14ix0A6DCQ+bPiG
JZk3zTHSaL/GR0XfYFAwHt8POOUWmZDAaz2exgxY541ajlLa5RyPvFfnPcEo/CC4
cYhP6F3cZ8PkhVO2zwKE1unKPJKb6jFf1uwAf/hMq/K8
-----END CERTIFICATE-----