Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/8Sdwm8lxmK8Xv4dB7TxXFirQduU.roa
File:                     8Sdwm8lxmK8Xv4dB7TxXFirQduU.roa (raw, json)
Hash identifier:          flPhdJ0dinICq/lULM6p2jbQ5FGnrtI22IVfp47okFA=
Subject key identifier:   F1:27:70:9B:C9:71:98:AF:17:BF:87:41:ED:3C:57:16:2A:D0:76:E5
Certificate issuer:       /CN=4345d0773c7ade08d44819e3b611bd297a3989d3
Certificate serial:       018CC5DC610FE81CF5FA22F5421724A63337
Authority key identifier: 43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/8Sdwm8lxmK8Xv4dB7TxXFirQduU.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204883
IP address blocks:        185.237.208.0/24 maxlen: 24
                          185.237.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:61:0f:e8:1c:f5:fa:22:f5:42:17:24:a6:33:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4345d0773c7ade08d44819e3b611bd297a3989d3
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f127709bc97198af17bf8741ed3c57162ad076e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0b:2b:cf:23:db:1a:bd:aa:30:a2:95:9c:6d:
                    71:7f:d0:a1:07:97:33:8c:9e:3e:3f:e6:9d:81:7e:
                    b9:74:58:99:8a:b0:ac:ef:6f:fb:39:06:f4:60:e0:
                    9c:81:30:f5:ca:a9:56:76:ed:88:45:13:6f:db:b1:
                    4f:85:4f:5d:10:2e:9a:92:e6:29:88:7c:10:84:d4:
                    14:cb:ed:1d:73:08:3f:20:77:1e:fe:52:98:38:e6:
                    6d:26:1d:c9:9d:7e:5c:45:29:94:91:f2:93:66:2f:
                    51:92:04:f4:02:99:7a:58:80:9f:8b:95:3f:72:00:
                    01:da:c1:4b:2c:65:91:b6:dc:8f:bd:6c:65:a0:4c:
                    87:f5:81:8f:00:28:d6:11:99:6a:73:70:58:13:06:
                    ec:a0:5f:59:e9:47:af:b8:14:87:5d:ec:49:97:dc:
                    da:dd:08:6a:10:0e:86:37:b1:b0:f2:51:98:f7:ee:
                    76:fe:a2:7a:4e:99:fc:b6:74:6d:67:68:0a:cd:36:
                    67:69:7f:29:04:97:fc:83:6d:19:4a:ab:26:44:43:
                    63:f2:e6:d8:d7:cd:4e:cc:6b:63:4f:65:1a:ea:1e:
                    c8:16:62:10:f9:bd:5b:e9:bc:54:79:6b:c2:8b:62:
                    f7:06:73:78:cf:e6:d8:63:6b:18:ee:5b:f1:98:bc:
                    d5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:27:70:9B:C9:71:98:AF:17:BF:87:41:ED:3C:57:16:2A:D0:76:E5
            X509v3 Authority Key Identifier:
                keyid:43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/8Sdwm8lxmK8Xv4dB7TxXFirQduU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:a5:d1:6b:99:27:bb:71:a1:20:fd:7a:06:1a:bd:50:69:b4:
         3d:81:3f:6f:8a:f3:6c:c8:50:35:13:7e:a2:58:be:3a:1a:ba:
         4b:39:85:66:60:86:1a:11:cb:fb:8b:f3:bb:be:7e:59:63:64:
         c4:82:df:7a:1e:7b:39:76:0a:27:4c:51:da:ab:0f:36:13:da:
         91:a8:ae:30:9b:28:01:9d:df:19:c3:00:a1:1b:24:d9:54:b9:
         48:ed:f4:b9:38:79:0a:29:6d:66:96:8d:b7:0c:d0:c5:9d:95:
         7e:b2:4c:20:eb:e2:b6:f0:95:64:27:b1:25:3d:d1:5d:bf:a1:
         21:fb:61:ae:2b:34:77:f2:40:4d:aa:33:0e:29:d5:df:44:4f:
         46:98:6a:34:4f:05:6e:12:d1:73:53:13:68:09:33:9e:d1:71:
         53:8b:7a:64:37:95:a2:3f:ca:5e:74:e7:f7:f8:fa:c4:1e:39:
         f2:1f:09:36:62:f1:6a:03:2c:79:59:dd:a9:49:d4:57:2a:06:
         d4:a0:19:2b:07:48:a0:66:ec:0c:40:20:05:06:d7:52:be:c7:
         39:d1:be:a7:ee:60:e4:d2:f0:96:97:62:e8:d9:ce:48:47:e0:
         9a:27:ab:5e:d6:28:81:a4:c5:bd:4f:70:05:97:f6:51:63:40:
         a8:fa:67:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GEP6Bz1+iL1QhckpjM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDVkMDc3M2M3YWRlMDhkNDQ4MTllM2I2MTFiZDI5N2Ez
OTg5ZDMwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTI3NzA5YmM5NzE5OGFmMTdiZjg3NDFlZDNjNTcxNjJhZDA3NmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAsrzyPbGr2qMKKVnG1xf9ChB5cz
jJ4+P+adgX65dFiZirCs72/7OQb0YOCcgTD1yqlWdu2IRRNv27FPhU9dEC6akuYp
iHwQhNQUy+0dcwg/IHce/lKYOOZtJh3JnX5cRSmUkfKTZi9RkgT0Apl6WICfi5U/
cgAB2sFLLGWRttyPvWxloEyH9YGPACjWEZlqc3BYEwbsoF9Z6UevuBSHXexJl9za
3QhqEA6GN7Gw8lGY9+52/qJ6Tpn8tnRtZ2gKzTZnaX8pBJf8g20ZSqsmRENj8ubY
181OzGtjT2Ua6h7IFmIQ+b1b6bxUeWvCi2L3BnN4z+bYY2sY7lvxmLzV0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEncJvJcZivF7+HQe08VxYq0HblMB8GA1UdIwQY
MBaAFENF0Hc8et4I1EgZ47YRvSl6OYnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUt
NGM5MDVhZGJmMDc2LzEvOFNkd204bHhtSzhYdjRkQjdUeFhGaXJRZHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUtNGM5MDVhZGJmMDc2
LzEvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue3QMA0G
CSqGSIb3DQEBCwUAA4IBAQAYpdFrmSe7caEg/XoGGr1QabQ9gT9vivNsyFA1E36i
WL46GrpLOYVmYIYaEcv7i/O7vn5ZY2TEgt96Hns5dgonTFHaqw82E9qRqK4wmygB
nd8ZwwChGyTZVLlI7fS5OHkKKW1mlo23DNDFnZV+skwg6+K28JVkJ7ElPdFdv6Eh
+2GuKzR38kBNqjMOKdXfRE9GmGo0TwVuEtFzUxNoCTOe0XFTi3pkN5WiP8pedOf3
+PrEHjnyHwk2YvFqAyx5Wd2pSdRXKgbUoBkrB0igZuwMQCAFBtdSvsc50b6n7mDk
0vCWl2Lo2c5IR+CaJ6te1iiBpMW9T3AFl/ZRY0Co+mc/
-----END CERTIFICATE-----