Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/S-I9p18jGoNnwNmOxXkebml5z40.roa
File:                     S-I9p18jGoNnwNmOxXkebml5z40.roa (raw, json)
Hash identifier:          zftZxLU58oHh0k9H7e26oshF0f3gU+SYQnHvu9VKPWk=
Subject key identifier:   4B:E2:3D:A7:5F:23:1A:83:67:C0:D9:8E:C5:79:1E:6E:69:79:CF:8D
Certificate issuer:       /CN=8c186a56ea84c13c62768a9d17bae133cedf1045
Certificate serial:       018EF18240DBAEC3064426DEBC1F5FA01C96
Authority key identifier: 8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/S-I9p18jGoNnwNmOxXkebml5z40.roa
Signing time:             Thu 18 Apr 2024 14:00:29 +0000
ROA not before:           Thu 18 Apr 2024 14:00:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5482
IP address blocks:        51.179.192.0/18 maxlen: 24
                          217.142.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f1:82:40:db:ae:c3:06:44:26:de:bc:1f:5f:a0:1c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c186a56ea84c13c62768a9d17bae133cedf1045
        Validity
            Not Before: Apr 18 14:00:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4be23da75f231a8367c0d98ec5791e6e6979cf8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b6:b6:8f:a6:72:8e:35:ca:d8:ad:d2:a1:8b:
                    50:81:59:21:99:05:a6:08:b1:88:ab:2f:1c:32:2d:
                    90:ef:43:0b:f3:0e:1e:9a:a8:df:0d:9d:8d:7d:aa:
                    e1:a4:30:aa:7d:2d:ea:05:73:19:e6:81:af:b7:3b:
                    7c:7d:a4:7a:c5:e0:9d:10:f3:a2:3e:c6:c4:b2:65:
                    f2:94:a9:d5:16:b5:15:ec:72:b4:72:74:b7:7e:ab:
                    31:bf:47:f6:13:d4:f6:71:a2:3e:7e:f4:68:15:36:
                    4c:e7:51:1f:7c:86:46:68:dd:86:e9:63:2a:94:69:
                    c8:0f:e9:b6:18:f1:60:08:a1:07:87:b4:74:39:b5:
                    69:fc:e8:e5:e3:a2:2b:13:75:5b:9a:ab:04:d5:ae:
                    f1:28:e1:61:5c:ac:a7:0e:10:21:bf:66:79:8c:c1:
                    6a:44:28:81:b6:44:ec:ae:69:0f:43:8e:44:93:b0:
                    f3:31:50:27:1e:b6:70:03:60:b3:ce:d6:de:e6:90:
                    41:13:4b:09:6c:13:d4:53:13:71:85:0c:9b:44:ed:
                    7a:e8:0e:04:73:e5:74:17:29:44:52:69:65:2c:d1:
                    dd:70:7d:77:86:d6:3f:5c:78:7d:30:93:4b:60:a2:
                    74:b0:d6:2d:fb:eb:86:93:ef:58:93:11:1a:f2:e9:
                    7f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E2:3D:A7:5F:23:1A:83:67:C0:D9:8E:C5:79:1E:6E:69:79:CF:8D
            X509v3 Authority Key Identifier:
                keyid:8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/S-I9p18jGoNnwNmOxXkebml5z40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.179.192.0/18
                  217.142.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0e:65:29:8b:69:a7:5c:59:01:82:f3:d7:81:87:da:32:8c:a1:
         20:99:d5:03:58:b1:e9:54:1c:d1:b2:09:74:42:03:65:26:d5:
         35:68:0b:b1:c3:39:8f:2a:db:31:fe:26:0b:14:a9:36:56:7c:
         fc:41:79:34:70:e5:fe:cb:45:22:2d:82:7e:82:ed:30:63:3e:
         05:80:4e:37:72:a7:d8:52:71:43:4f:29:e7:df:9e:aa:4d:d5:
         04:c7:02:fb:39:02:8a:f3:0b:42:a6:70:03:d5:dc:b2:a5:f3:
         32:50:96:58:02:e6:ca:22:df:fe:32:2f:4b:e1:27:dc:d6:74:
         07:7e:c0:b1:7a:c5:c5:05:13:5b:1f:39:e1:91:19:e9:10:a4:
         81:a2:96:63:d1:f5:5d:99:40:87:0f:2b:bb:92:dc:71:24:e7:
         ec:76:48:33:37:a7:e3:54:11:07:d4:2f:2f:ec:14:95:35:63:
         30:ed:94:24:dd:b1:cf:c8:81:e0:b0:bc:88:dd:bb:18:11:eb:
         f4:5f:13:5c:e6:99:89:74:51:3c:34:55:36:33:fb:31:85:fe:
         d0:45:ac:a0:aa:31:7e:c1:53:c6:70:77:44:99:b2:ab:ca:44:
         99:5c:cd:a7:ff:65:82:a6:cb:dc:70:e2:47:c7:9b:c0:bc:de:
         a4:4c:18:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7xgkDbrsMGRCbevB9foByWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTg2YTU2ZWE4NGMxM2M2Mjc2OGE5ZDE3YmFlMTMzY2Vk
ZjEwNDUwHhcNMjQwNDE4MTQwMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmUyM2RhNzVmMjMxYTgzNjdjMGQ5OGVjNTc5MWU2ZTY5NzljZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5La2j6ZyjjXK2K3SoYtQgVkhmQWm
CLGIqy8cMi2Q70ML8w4emqjfDZ2NfarhpDCqfS3qBXMZ5oGvtzt8faR6xeCdEPOi
PsbEsmXylKnVFrUV7HK0cnS3fqsxv0f2E9T2caI+fvRoFTZM51EffIZGaN2G6WMq
lGnID+m2GPFgCKEHh7R0ObVp/Ojl46IrE3VbmqsE1a7xKOFhXKynDhAhv2Z5jMFq
RCiBtkTsrmkPQ45Ek7DzMVAnHrZwA2Czztbe5pBBE0sJbBPUUxNxhQybRO166A4E
c+V0FylEUmllLNHdcH13htY/XHh9MJNLYKJ0sNYt++uGk+9YkxEa8ul/DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEviPadfIxqDZ8DZjsV5Hm5pec+NMB8GA1UdIwQY
MBaAFIwYalbqhME8YnaKnRe64TPO3xBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2Qt
MjA5MmFmNjQ3MDcwLzEvUy1JOXAxOGpHb05ud05tT3hYa2VibWw1ejQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2QtMjA5MmFmNjQ3MDcw
LzEvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGM7PAAwQG
2Y5AMA0GCSqGSIb3DQEBCwUAA4IBAQAOZSmLaadcWQGC89eBh9oyjKEgmdUDWLHp
VBzRsgl0QgNlJtU1aAuxwzmPKtsx/iYLFKk2Vnz8QXk0cOX+y0UiLYJ+gu0wYz4F
gE43cqfYUnFDTynn356qTdUExwL7OQKK8wtCpnAD1dyypfMyUJZYAubKIt/+Mi9L
4Sfc1nQHfsCxesXFBRNbHznhkRnpEKSBopZj0fVdmUCHDyu7ktxxJOfsdkgzN6fj
VBEH1C8v7BSVNWMw7ZQk3bHPyIHgsLyI3bsYEev0XxNc5pmJdFE8NFU2M/sxhf7Q
RaygqjF+wVPGcHdEmbKrykSZXM2n/2WCpsvccOJHx5vAvN6kTBjA
-----END CERTIFICATE-----