Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8M8BGnRjAuXGBjFAfPMeYDqmdiU.roa
File:                     8M8BGnRjAuXGBjFAfPMeYDqmdiU.roa (raw, json)
Hash identifier:          +/b+BR4cJBPIsBLcRrcwky35l8moAfFY5Bs6vAYuQqk=
Subject key identifier:   F0:CF:01:1A:74:63:02:E5:C6:06:31:40:7C:F3:1E:60:3A:A6:76:25
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369AF1181C3F0E03BBF61F54F8235B1
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8M8BGnRjAuXGBjFAfPMeYDqmdiU.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60694
IP address blocks:        89.40.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:af:11:81:c3:f0:e0:3b:bf:61:f5:4f:82:35:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0cf011a746302e5c60631407cf31e603aa67625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b4:6b:5e:86:33:ad:1c:d9:54:68:0a:ed:0a:
                    73:d2:88:8b:96:67:8c:5a:3e:17:14:df:d5:82:9f:
                    91:67:94:cf:36:c4:e4:c0:87:89:89:b2:b7:7c:43:
                    cb:83:e9:b7:83:0d:18:d8:12:02:ec:d7:64:84:34:
                    9a:ee:04:67:73:13:c0:25:70:17:85:dd:8f:3a:eb:
                    00:2e:f1:09:0a:32:e1:59:c5:f7:36:2a:86:05:67:
                    ca:0b:36:1b:70:22:2d:9b:f6:71:6d:e8:74:a9:45:
                    5b:f6:af:25:da:f5:20:e6:6d:90:ca:c9:5e:77:16:
                    3d:51:0c:85:60:2b:5e:c6:cd:5b:37:7a:a3:f2:f8:
                    10:1b:7a:74:df:7f:d4:89:82:de:ee:db:96:9f:1e:
                    9f:ec:72:5a:a0:c7:c1:96:69:d4:14:c7:dd:a7:8c:
                    76:5d:35:ec:cd:9b:81:f5:de:2e:cc:03:11:81:08:
                    88:d8:c1:41:34:1a:51:51:db:c9:b9:80:cb:ed:65:
                    18:9b:47:44:36:d3:2c:45:8e:73:3b:1a:ba:3f:b2:
                    e6:3b:34:fe:5e:a8:02:ec:7a:30:24:0a:34:8d:d6:
                    82:bb:b6:52:d6:01:26:42:0c:af:74:96:6c:0c:e4:
                    a8:c8:51:51:c0:ac:19:03:0b:56:f2:ca:c3:ff:17:
                    00:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CF:01:1A:74:63:02:E5:C6:06:31:40:7C:F3:1E:60:3A:A6:76:25
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8M8BGnRjAuXGBjFAfPMeYDqmdiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:71:52:98:86:90:37:04:8f:c8:31:e3:bf:85:1c:5f:58:0e:
         5a:e8:4a:14:5e:95:8e:f0:ec:93:fe:46:82:1c:d4:b3:4d:df:
         ee:33:7e:db:a7:14:87:81:0c:fc:eb:41:73:70:2b:55:13:62:
         4b:b5:97:5a:a5:29:48:bb:97:66:54:78:d9:7f:03:59:e5:68:
         0e:60:68:52:53:f7:73:fa:50:89:18:88:cd:40:ce:16:4b:b5:
         22:2e:13:c4:04:3b:11:89:e1:52:49:70:31:d4:20:4c:0b:1a:
         0c:aa:00:14:f4:10:c6:38:bd:59:a0:78:e0:35:13:43:a2:f4:
         14:61:e9:5c:af:bb:56:74:94:ad:f7:b2:b0:2f:29:1f:a7:15:
         dc:7b:d0:4d:72:03:ec:e2:67:94:aa:90:6d:a0:d6:3c:c3:57:
         83:a5:6c:bc:d6:de:47:f9:d9:54:44:11:65:28:2c:e1:61:b1:
         5b:6d:5e:77:c9:01:aa:12:72:f2:26:e8:af:f6:3c:19:b7:45:
         68:8b:66:8a:0a:aa:dd:f7:8f:e4:f6:a4:3f:1b:24:69:97:c8:
         4e:35:5c:23:1e:ed:2c:ec:37:a1:ca:84:0f:f3:e3:ad:b9:e3:
         d0:8b:4e:7b:3e:76:c1:66:0a:15:ac:9b:7b:c9:b9:f8:fb:51:
         d8:fe:eb:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaa8RgcPw4Du/YfVPgjWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNmMDExYTc0NjMwMmU1YzYwNjMxNDA3Y2YzMWU2MDNhYTY3NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbRrXoYzrRzZVGgK7Qpz0oiLlmeM
Wj4XFN/Vgp+RZ5TPNsTkwIeJibK3fEPLg+m3gw0Y2BIC7NdkhDSa7gRncxPAJXAX
hd2POusALvEJCjLhWcX3NiqGBWfKCzYbcCItm/Zxbeh0qUVb9q8l2vUg5m2Qysle
dxY9UQyFYCtexs1bN3qj8vgQG3p033/UiYLe7tuWnx6f7HJaoMfBlmnUFMfdp4x2
XTXszZuB9d4uzAMRgQiI2MFBNBpRUdvJuYDL7WUYm0dENtMsRY5zOxq6P7LmOzT+
XqgC7HowJAo0jdaCu7ZS1gEmQgyvdJZsDOSoyFFRwKwZAwtW8srD/xcAuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPDPARp0YwLlxgYxQHzzHmA6pnYlMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzhNOEJHblJqQXVYR0JqRkFmUE1lWURxbWRpVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZKKcw
DQYJKoZIhvcNAQELBQADggEBAGJxUpiGkDcEj8gx47+FHF9YDlroShRelY7w7JP+
RoIc1LNN3+4zftunFIeBDPzrQXNwK1UTYku1l1qlKUi7l2ZUeNl/A1nlaA5gaFJT
93P6UIkYiM1AzhZLtSIuE8QEOxGJ4VJJcDHUIEwLGgyqABT0EMY4vVmgeOA1E0Oi
9BRh6Vyvu1Z0lK33srAvKR+nFdx70E1yA+ziZ5SqkG2g1jzDV4OlbLzW3kf52VRE
EWUoLOFhsVttXnfJAaoScvIm6K/2PBm3RWiLZooKqt33j+T2pD8bJGmXyE41XCMe
7SzsN6HKhA/z462549CLTns+dsFmChWsm3vJufj7Udj+6yk=
-----END CERTIFICATE-----