Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/8KNcQqeSpz31Saljo2AW6T_RDf0.roa
File:                     8KNcQqeSpz31Saljo2AW6T_RDf0.roa (raw, json)
Hash identifier:          3qKmT0W1wOO9A7DwsHV3CDLH54RwK2tCFoR9dROxRqs=
Subject key identifier:   F0:A3:5C:42:A7:92:A7:3D:F5:49:A9:63:A3:60:16:E9:3F:D1:0D:FD
Certificate issuer:       /CN=d09da99a73ba7202418f73718932dc8d7c153e32
Certificate serial:       018CC4245A6F2968342615052742A3C5AF72
Authority key identifier: D0:9D:A9:9A:73:BA:72:02:41:8F:73:71:89:32:DC:8D:7C:15:3E:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0J2pmnO6cgJBj3NxiTLcjXwVPjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/8KNcQqeSpz31Saljo2AW6T_RDf0.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198185
IP address blocks:        130.255.8.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/0J2pmnO6cgJBj3NxiTLcjXwVPjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/0J2pmnO6cgJBj3NxiTLcjXwVPjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0J2pmnO6cgJBj3NxiTLcjXwVPjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5a:6f:29:68:34:26:15:05:27:42:a3:c5:af:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09da99a73ba7202418f73718932dc8d7c153e32
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0a35c42a792a73df549a963a36016e93fd10dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d7:94:46:4c:f2:eb:15:9b:85:32:a9:7c:e0:
                    18:5a:59:70:2c:cf:1d:33:81:ee:14:6f:29:fc:37:
                    59:e2:a8:b7:a2:7c:ca:c0:16:f6:89:17:ff:ec:b0:
                    5e:5c:7d:24:86:70:5b:80:61:42:39:fb:45:9b:68:
                    a4:87:8d:d0:8c:66:d8:72:b7:0c:f7:11:c4:ed:c0:
                    7e:18:24:46:6b:31:20:42:af:1b:4c:f7:7c:83:f5:
                    59:c8:3e:b5:57:af:e3:50:61:d4:83:81:f1:95:ab:
                    4f:22:57:ee:31:39:df:54:31:21:f7:67:af:e8:35:
                    58:37:50:35:db:2d:33:cb:d0:b4:f5:d4:61:3e:9a:
                    4a:21:ca:e6:1a:ca:f5:eb:5e:ed:a1:61:c2:48:cb:
                    a8:6e:51:4e:e0:2a:40:63:25:cd:ac:5a:c6:0e:cd:
                    d7:29:56:e4:13:c6:61:9f:30:a2:c4:42:a9:e5:03:
                    ad:95:ee:b7:43:04:6a:62:ba:71:f6:7c:42:6c:f5:
                    cb:c2:48:a0:f8:81:fc:ab:11:4a:d7:e6:a5:99:9a:
                    8a:5e:cb:e0:85:91:b3:35:cd:a0:6f:fd:db:4e:77:
                    eb:7b:9d:82:1b:1e:b9:37:43:9d:54:b1:89:3e:51:
                    e0:b8:fa:96:e3:67:30:1b:7f:ae:13:68:41:7a:a2:
                    1a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A3:5C:42:A7:92:A7:3D:F5:49:A9:63:A3:60:16:E9:3F:D1:0D:FD
            X509v3 Authority Key Identifier:
                keyid:D0:9D:A9:9A:73:BA:72:02:41:8F:73:71:89:32:DC:8D:7C:15:3E:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0J2pmnO6cgJBj3NxiTLcjXwVPjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/8KNcQqeSpz31Saljo2AW6T_RDf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/8a2ced-87ae-41ea-b3b0-dcebf6197e0e/1/0J2pmnO6cgJBj3NxiTLcjXwVPjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cc:5c:ec:41:50:0d:65:79:43:db:d7:2e:72:b9:02:97:85:ed:
         7a:18:ce:d7:4c:eb:8f:b9:a3:08:e3:21:ad:a2:64:45:b2:68:
         ad:2f:dd:8d:76:5e:d0:b7:5a:38:31:d0:39:68:ef:c5:eb:7d:
         87:6f:48:58:b1:d5:dc:7c:6a:4a:ca:30:14:2c:cd:9b:fb:ae:
         f6:a8:aa:7c:86:5b:5c:98:25:69:9d:58:ca:ee:1c:34:73:12:
         23:4f:46:f8:ef:4c:02:96:14:5c:10:56:8b:b4:dc:11:2e:71:
         85:bd:fa:2b:b8:44:74:0d:17:cc:fc:03:32:b9:95:a2:1c:94:
         6e:0e:da:30:ab:6f:a3:30:37:28:7a:a1:2d:e8:bf:3c:bb:ba:
         eb:71:6f:29:99:e9:17:08:df:20:94:02:5e:12:f2:57:a1:11:
         dd:2f:e5:8f:73:0a:bb:7c:1e:18:02:68:63:2a:4d:3f:f7:fe:
         a2:07:94:a5:3e:39:5b:03:69:07:93:dc:94:f2:7b:0b:9a:dc:
         61:b2:ce:67:ad:15:58:8c:c4:9e:93:3c:a5:0c:a6:fb:d5:6a:
         31:a3:05:9b:5e:75:a5:4f:57:e7:2c:d6:35:9f:e5:54:3d:aa:
         4e:64:54:99:39:75:9e:f3:88:75:98:31:47:22:45:6d:2e:8a:
         71:bf:eb:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFpvKWg0JhUFJ0Kjxa9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWRhOTlhNzNiYTcyMDI0MThmNzM3MTg5MzJkYzhkN2Mx
NTNlMzIwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGEzNWM0MmE3OTJhNzNkZjU0OWE5NjNhMzYwMTZlOTNmZDEwZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNeURkzy6xWbhTKpfOAYWllwLM8d
M4HuFG8p/DdZ4qi3onzKwBb2iRf/7LBeXH0khnBbgGFCOftFm2ikh43QjGbYcrcM
9xHE7cB+GCRGazEgQq8bTPd8g/VZyD61V6/jUGHUg4HxlatPIlfuMTnfVDEh92ev
6DVYN1A12y0zy9C09dRhPppKIcrmGsr1617toWHCSMuoblFO4CpAYyXNrFrGDs3X
KVbkE8ZhnzCixEKp5QOtle63QwRqYrpx9nxCbPXLwkig+IH8qxFK1+almZqKXsvg
hZGzNc2gb/3bTnfre52CGx65N0OdVLGJPlHguPqW42cwG3+uE2hBeqIa+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCjXEKnkqc99UmpY6NgFuk/0Q39MB8GA1UdIwQY
MBaAFNCdqZpzunICQY9zcYky3I18FT4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEoycG1uTzZjZ0pCajNOeGlUTGNqWHdWUGpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC84YTJjZWQtODdhZS00MWVhLWIzYjAt
ZGNlYmY2MTk3ZTBlLzEvOEtOY1FxZVNwejMxU2Fsam8yQVc2VF9SRGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC84YTJjZWQtODdhZS00MWVhLWIzYjAtZGNlYmY2MTk3ZTBl
LzEvMEoycG1uTzZjZ0pCajNOeGlUTGNqWHdWUGpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDgv8IMA0G
CSqGSIb3DQEBCwUAA4IBAQDMXOxBUA1leUPb1y5yuQKXhe16GM7XTOuPuaMI4yGt
omRFsmitL92Ndl7Qt1o4MdA5aO/F632Hb0hYsdXcfGpKyjAULM2b+672qKp8hltc
mCVpnVjK7hw0cxIjT0b470wClhRcEFaLtNwRLnGFvforuER0DRfM/AMyuZWiHJRu
Dtowq2+jMDcoeqEt6L88u7rrcW8pmekXCN8glAJeEvJXoRHdL+WPcwq7fB4YAmhj
Kk0/9/6iB5SlPjlbA2kHk9yU8nsLmtxhss5nrRVYjMSekzylDKb71WoxowWbXnWl
T1fnLNY1n+VUPapOZFSZOXWe84h1mDFHIkVtLopxv+vU
-----END CERTIFICATE-----