Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/8av_LqS1mtCGG20BlQlKKHzIukY.roa
File:                     8av_LqS1mtCGG20BlQlKKHzIukY.roa (raw, json)
Hash identifier:          xCZnDMEaFWrS/KgHUSNH4mODnDt7GxO89ppkCUhtUG8=
Subject key identifier:   F1:AB:FF:2E:A4:B5:9A:D0:86:1B:6D:01:95:09:4A:28:7C:C8:BA:46
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018CC94D4F025DD8C68971253504CD367DB5
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/8av_LqS1mtCGG20BlQlKKHzIukY.roa
Signing time:             Tue 02 Jan 2024 08:32:16 +0000
ROA not before:           Tue 02 Jan 2024 08:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212781
IP address blocks:        185.107.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4f:02:5d:d8:c6:89:71:25:35:04:cd:36:7d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  2 08:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1abff2ea4b59ad0861b6d0195094a287cc8ba46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:50:e6:7c:0b:2b:11:8d:6a:1c:cb:8b:7e:c7:
                    a7:00:a4:22:67:be:29:17:59:37:90:c1:ad:cd:61:
                    65:62:91:e4:48:91:56:1a:8e:f9:88:0f:ef:3a:e9:
                    74:2d:05:9d:bc:f5:46:32:88:cb:3a:cb:9f:01:95:
                    a2:6e:1f:6c:2d:fc:40:53:8f:3b:b6:ae:1d:a6:35:
                    43:a8:0d:95:91:09:cb:4a:b7:82:a9:45:3f:9d:67:
                    a1:25:a5:9f:b8:3c:2e:61:4d:bc:05:af:fa:91:79:
                    b8:d2:31:79:ab:20:01:88:49:88:8b:2a:42:18:f0:
                    d2:f5:c0:03:5c:a5:f2:cc:c9:48:80:fb:0a:0b:5f:
                    c6:c7:8a:6d:fe:c3:5c:e2:01:b3:ce:aa:aa:f5:62:
                    40:34:de:92:47:1b:e0:c5:75:4b:5a:92:3d:43:58:
                    3c:37:23:32:22:91:34:c3:3e:68:a2:7a:c9:88:4c:
                    23:e7:57:40:e3:3c:5a:ef:4f:c5:71:25:20:81:e1:
                    25:c4:09:75:e0:62:ce:ba:97:3c:58:18:39:c3:ba:
                    ae:6e:bb:7c:6d:cb:61:86:60:e4:27:47:0a:93:b4:
                    3c:6f:1b:9b:c1:a1:7d:65:56:e6:b0:a2:3c:63:4a:
                    a4:1c:49:f3:58:6a:4f:0d:a1:f5:d6:5b:61:b1:99:
                    a6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AB:FF:2E:A4:B5:9A:D0:86:1B:6D:01:95:09:4A:28:7C:C8:BA:46
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/8av_LqS1mtCGG20BlQlKKHzIukY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:99:15:8b:b4:f5:c8:d8:5b:aa:b7:6e:45:ca:65:86:c0:01:
         c6:5d:2f:fa:88:31:85:c5:c8:d9:12:96:d4:ab:e5:c2:bf:00:
         6c:c8:83:66:2f:3c:11:0c:a1:be:85:ea:dd:0b:ba:d6:c8:c6:
         87:00:71:9d:a4:1a:b9:4c:92:4f:7c:b3:4e:b4:be:bd:18:de:
         94:4a:38:4b:e0:47:20:75:7f:34:fe:75:4a:db:c9:e7:36:5e:
         91:a8:27:77:ac:41:30:c2:e6:04:1e:72:95:10:7a:52:35:e0:
         59:aa:5a:25:f5:46:68:67:89:31:24:1f:59:cc:9d:cd:cf:bb:
         be:3b:61:2d:fb:bc:ef:00:31:40:27:89:b6:80:a2:df:6b:14:
         e2:b5:04:a8:5b:4f:03:9c:60:94:e1:8c:92:8d:e2:d9:48:d7:
         98:34:cc:8c:f7:50:43:df:cc:60:3c:50:3d:58:99:01:b5:d2:
         0a:c4:7e:62:c7:2b:8d:6f:0e:da:33:d6:8b:0d:bb:11:25:bd:
         5a:a9:74:6d:e0:43:21:b6:dc:d1:3b:e2:47:ad:36:57:fe:1b:
         58:08:1d:eb:db:fd:b6:fd:36:99:ba:28:f7:ed:b1:0f:12:92:
         a0:37:9c:27:fe:a6:e9:65:b0:76:65:b4:73:d7:92:e5:93:8a:
         93:f4:8c:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTU8CXdjGiXElNQTNNn21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwMTAyMDgzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFiZmYyZWE0YjU5YWQwODYxYjZkMDE5NTA5NGEyODdjYzhiYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1DmfAsrEY1qHMuLfsenAKQiZ74p
F1k3kMGtzWFlYpHkSJFWGo75iA/vOul0LQWdvPVGMojLOsufAZWibh9sLfxAU487
tq4dpjVDqA2VkQnLSreCqUU/nWehJaWfuDwuYU28Ba/6kXm40jF5qyABiEmIiypC
GPDS9cADXKXyzMlIgPsKC1/Gx4pt/sNc4gGzzqqq9WJANN6SRxvgxXVLWpI9Q1g8
NyMyIpE0wz5oonrJiEwj51dA4zxa70/FcSUggeElxAl14GLOupc8WBg5w7qubrt8
bcthhmDkJ0cKk7Q8bxubwaF9ZVbmsKI8Y0qkHEnzWGpPDaH11lthsZmm1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGr/y6ktZrQhhttAZUJSih8yLpGMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvOGF2X0xxUzFtdENHRzIwQmxRbEtLSHpJdWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBrmRWLtPXI2Fuqt25FymWGwAHGXS/6iDGFxcjZEpbU
q+XCvwBsyINmLzwRDKG+herdC7rWyMaHAHGdpBq5TJJPfLNOtL69GN6USjhL4Ecg
dX80/nVK28nnNl6RqCd3rEEwwuYEHnKVEHpSNeBZqlol9UZoZ4kxJB9ZzJ3Nz7u+
O2Et+7zvADFAJ4m2gKLfaxTitQSoW08DnGCU4YySjeLZSNeYNMyM91BD38xgPFA9
WJkBtdIKxH5ixyuNbw7aM9aLDbsRJb1aqXRt4EMhttzRO+JHrTZX/htYCB3r2/22
/TaZuij37bEPEpKgN5wn/qbpZbB2ZbRz15Llk4qT9Ix5
-----END CERTIFICATE-----