Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/8AcU0ylWRv-7wOTpsECOfbNEhxo.roa
File:                     8AcU0ylWRv-7wOTpsECOfbNEhxo.roa (raw, json)
Hash identifier:          MonoVXCtDGMn/qCdMo6ibzsgM9XUethFZ8zs8ekJq/Y=
Subject key identifier:   F0:07:14:D3:29:56:46:FF:BB:C0:E4:E9:B0:40:8E:7D:B3:44:87:1A
Certificate issuer:       /CN=dfc0b1df0e7bd00045ebe10302c320ffbdba0716
Certificate serial:       019188E4D2125FD0437FBE8EF63EDC889118
Authority key identifier: DF:C0:B1:DF:0E:7B:D0:00:45:EB:E1:03:02:C3:20:FF:BD:BA:07:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/38Cx3w570ABF6-EDAsMg_726BxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/8AcU0ylWRv-7wOTpsECOfbNEhxo.roa
Signing time:             Sun 25 Aug 2024 09:36:23 +0000
ROA not before:           Sun 25 Aug 2024 09:36:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200043
IP address blocks:        185.24.118.0/23 maxlen: 24
                          185.173.212.0/22 maxlen: 24
                          185.173.212.0/23 maxlen: 23
                          185.173.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/38Cx3w570ABF6-EDAsMg_726BxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/38Cx3w570ABF6-EDAsMg_726BxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/38Cx3w570ABF6-EDAsMg_726BxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:88:e4:d2:12:5f:d0:43:7f:be:8e:f6:3e:dc:88:91:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfc0b1df0e7bd00045ebe10302c320ffbdba0716
        Validity
            Not Before: Aug 25 09:36:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f00714d3295646ffbbc0e4e9b0408e7db344871a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:64:b8:61:5e:61:ca:78:b0:df:9a:28:9d:3b:
                    dd:6e:37:bf:e5:dc:13:5e:e9:92:cc:0a:d7:6f:5e:
                    d3:e4:74:3b:10:e9:07:eb:ce:3c:c1:98:6b:58:ea:
                    b0:a3:e2:b4:cd:f3:cd:97:0c:12:a3:e9:e3:53:eb:
                    ba:e9:a7:e5:ed:d2:d3:5f:c7:49:50:ad:da:ac:48:
                    22:51:12:7c:eb:06:06:7c:8b:6b:02:4e:c0:af:4b:
                    a2:ff:fc:ea:76:40:35:8c:c4:14:ea:b1:e7:18:6f:
                    96:2d:76:dc:97:23:f3:ab:e4:82:a9:64:f8:9d:9a:
                    b8:3d:b8:65:57:2c:e0:11:66:9d:aa:5b:04:e2:e8:
                    71:35:f2:86:d3:b9:14:d8:ff:d2:a1:ea:8f:e9:8c:
                    05:97:09:9f:d8:16:45:75:a8:95:d6:25:cd:d6:c7:
                    5f:e6:50:35:c6:9e:91:07:23:ab:8b:16:9d:b0:49:
                    6b:10:1d:57:c6:df:06:cf:eb:0c:10:20:23:52:e2:
                    6f:39:04:ed:11:3f:00:fe:dd:32:e0:e7:8d:f5:5f:
                    d4:ce:87:df:ba:22:88:63:7c:1e:ee:4b:59:1e:f4:
                    52:8e:27:49:62:c6:68:ec:3c:a3:e9:1b:e0:cc:91:
                    b2:fc:73:da:fc:82:9f:7f:a5:e3:a6:1f:33:45:74:
                    40:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:07:14:D3:29:56:46:FF:BB:C0:E4:E9:B0:40:8E:7D:B3:44:87:1A
            X509v3 Authority Key Identifier:
                keyid:DF:C0:B1:DF:0E:7B:D0:00:45:EB:E1:03:02:C3:20:FF:BD:BA:07:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/38Cx3w570ABF6-EDAsMg_726BxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/8AcU0ylWRv-7wOTpsECOfbNEhxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a3c775-39c5-4bbb-b33e-d929e2b76d68/1/38Cx3w570ABF6-EDAsMg_726BxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.118.0/23
                  185.173.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:b4:53:2b:e0:2a:c6:1a:c8:65:e0:4c:d2:50:18:7f:b9:8e:
         91:e8:31:66:be:de:9b:68:ed:e5:6f:cd:50:65:93:be:df:66:
         ca:3c:c2:10:8f:1a:2a:7c:12:11:0f:ef:86:10:a4:fc:0e:b1:
         f0:78:b6:4b:53:64:2d:81:e6:ac:cf:0f:5a:6e:cd:1e:06:66:
         24:e9:7f:99:f6:2e:ed:9a:c2:d5:76:e1:02:05:42:9a:f9:ab:
         d8:9b:45:2f:9a:7c:06:49:67:37:26:31:18:05:12:1d:b9:62:
         b8:58:da:f4:4f:96:3c:d8:7e:8a:36:61:ff:7b:52:f8:b7:cd:
         7f:83:a9:27:b2:87:86:ec:31:b2:f6:02:63:62:a2:e3:40:89:
         69:51:17:c2:5e:39:0d:6b:9f:75:0d:ee:10:1c:a3:3f:56:3b:
         ea:af:8d:fa:01:b5:59:43:13:03:48:0c:db:c9:97:c0:c3:79:
         28:2e:cf:ba:fa:bc:42:97:b2:a0:84:96:e9:d1:26:36:b9:bc:
         6a:fe:79:d5:27:3c:38:12:1b:37:ed:15:aa:fb:77:4a:0b:ad:
         7c:86:a1:c5:b9:7c:f0:27:82:cb:f0:08:7c:aa:a3:9b:36:3a:
         6e:76:db:f1:cc:1e:74:11:03:a8:cf:eb:e2:78:f8:8e:28:7d:
         70:60:f1:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGI5NISX9BDf76O9j7ciJEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYzBiMWRmMGU3YmQwMDA0NWViZTEwMzAyYzMyMGZmYmRi
YTA3MTYwHhcNMjQwODI1MDkzNjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA3MTRkMzI5NTY0NmZmYmJjMGU0ZTliMDQwOGU3ZGIzNDQ4NzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGS4YV5hyniw35oonTvdbje/5dwT
XumSzArXb17T5HQ7EOkH6848wZhrWOqwo+K0zfPNlwwSo+njU+u66afl7dLTX8dJ
UK3arEgiURJ86wYGfItrAk7Ar0ui//zqdkA1jMQU6rHnGG+WLXbclyPzq+SCqWT4
nZq4PbhlVyzgEWadqlsE4uhxNfKG07kU2P/SoeqP6YwFlwmf2BZFdaiV1iXN1sdf
5lA1xp6RByOrixadsElrEB1Xxt8Gz+sMECAjUuJvOQTtET8A/t0y4OeN9V/Uzoff
uiKIY3we7ktZHvRSjidJYsZo7Dyj6RvgzJGy/HPa/IKff6Xjph8zRXRAWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAHFNMpVkb/u8Dk6bBAjn2zRIcaMB8GA1UdIwQY
MBaAFN/Asd8Oe9AARevhAwLDIP+9ugcWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzhDeDN3NTcwQUJGNi1FREFzTWdfNzI2QnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hM2M3NzUtMzljNS00YmJiLWIzM2Ut
ZDkyOWUyYjc2ZDY4LzEvOEFjVTB5bFdSdi03d09UcHNFQ09mYk5FaHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hM2M3NzUtMzljNS00YmJiLWIzM2UtZDkyOWUyYjc2ZDY4
LzEvMzhDeDN3NTcwQUJGNi1FREFzTWdfNzI2QnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuRh2AwQC
ua3UMA0GCSqGSIb3DQEBCwUAA4IBAQA2tFMr4CrGGshl4EzSUBh/uY6R6DFmvt6b
aO3lb81QZZO+32bKPMIQjxoqfBIRD++GEKT8DrHweLZLU2Qtgeaszw9abs0eBmYk
6X+Z9i7tmsLVduECBUKa+avYm0UvmnwGSWc3JjEYBRIduWK4WNr0T5Y82H6KNmH/
e1L4t81/g6knsoeG7DGy9gJjYqLjQIlpURfCXjkNa591De4QHKM/Vjvqr436AbVZ
QxMDSAzbyZfAw3koLs+6+rxCl7KghJbp0SY2ubxq/nnVJzw4Ehs37RWq+3dKC618
hqHFuXzwJ4LL8Ah8qqObNjpudtvxzB50EQOoz+viePiOKH1wYPGI
-----END CERTIFICATE-----