Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/8X1XRbFincPlPoHG0g6T6DpHkSA.roa
File:                     8X1XRbFincPlPoHG0g6T6DpHkSA.roa (raw, json)
Hash identifier:          gnULFk4giBZNc96KqtS/RZyUtJd/Lo34FTXEZQ5bq2c=
Subject key identifier:   F1:7D:57:45:B1:62:9D:C3:E5:3E:81:C6:D2:0E:93:E8:3A:47:91:20
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC72754B01D561CE7CC827D11003202A7
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/8X1XRbFincPlPoHG0g6T6DpHkSA.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39335
IP address blocks:        2a0b:6b87::/32 maxlen: 32
                          2a0b:6b82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:54:b0:1d:56:1c:e7:cc:82:7d:11:00:32:02:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f17d5745b1629dc3e53e81c6d20e93e83a479120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d5:ee:ec:db:1f:4a:07:3c:c7:bc:c8:28:8d:
                    26:df:8f:18:46:a5:84:86:7c:71:6b:6d:be:f0:22:
                    93:84:e6:c0:1f:b3:32:d1:88:31:9c:19:e4:96:b6:
                    52:34:3c:4c:4a:b3:f4:fa:70:bb:5a:38:7c:9a:f5:
                    6d:4f:4e:aa:b9:8a:37:3c:67:26:7b:4c:36:90:e3:
                    83:c2:e4:9d:e0:d4:f0:a4:c5:67:dd:df:c2:37:1c:
                    d8:b8:dc:55:85:82:41:fe:4f:6d:e0:61:c8:3f:a0:
                    cb:c7:8b:53:36:d2:9b:6d:b4:55:11:95:12:09:2b:
                    c7:ed:b3:d3:f9:37:52:16:68:68:2c:97:7b:21:84:
                    cd:05:b8:16:b8:21:c8:59:08:e6:74:b3:c2:c0:04:
                    51:e1:2e:c4:84:76:9f:90:d5:73:8e:7d:41:f7:20:
                    9a:d7:02:72:20:3c:53:15:c1:e4:4f:83:d9:fc:48:
                    29:3c:a4:d4:09:f2:47:14:1b:60:2d:85:9e:36:d0:
                    17:2c:e5:f9:5c:e7:ed:05:60:a8:7e:1c:45:e3:d6:
                    95:38:83:3e:e2:a1:c3:f7:57:24:75:39:f5:02:61:
                    f3:29:17:12:68:6c:56:75:4d:87:5a:8e:61:ca:f7:
                    63:f1:b5:ee:57:39:cd:12:63:dc:61:03:6f:5f:11:
                    e3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7D:57:45:B1:62:9D:C3:E5:3E:81:C6:D2:0E:93:E8:3A:47:91:20
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/8X1XRbFincPlPoHG0g6T6DpHkSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b82::/32
                  2a0b:6b87::/32

    Signature Algorithm: sha256WithRSAEncryption
         d2:10:24:41:89:71:9e:e1:00:02:49:b2:ec:b8:e4:f6:77:b4:
         3b:5e:73:74:64:be:36:93:98:15:7e:25:da:36:9a:9e:1d:8b:
         b8:92:6b:2d:98:2a:ff:6d:ab:85:83:18:e0:6b:90:30:80:09:
         3f:6d:dc:5c:9d:1d:cf:38:45:9c:8f:38:37:2c:61:ca:2e:2f:
         d8:e9:bc:42:54:78:2f:4c:7b:95:75:ac:fb:63:e0:c1:da:44:
         82:30:87:5f:f0:59:01:fc:9a:ec:24:ec:79:1a:b1:64:ef:d5:
         f8:b9:a4:1f:eb:c8:81:cf:72:a4:8b:dc:7b:df:18:cd:37:e9:
         10:63:f2:65:69:10:ff:7a:cf:fb:5e:59:f0:97:91:56:12:94:
         46:58:51:98:0b:8e:2e:6f:83:df:ff:9d:85:d2:62:c4:6a:6b:
         1e:0c:f4:a7:f6:28:b7:4e:a5:81:40:15:24:a9:e7:a2:86:e5:
         40:32:a7:7c:e6:4c:f4:ac:d8:2b:cd:ea:43:0e:a3:37:e0:db:
         c1:30:46:85:c1:fb:d7:2d:9e:bf:3f:8a:78:2d:f7:57:52:9c:
         00:ab:da:12:b1:60:87:2c:77:4d:15:98:73:55:bb:01:e9:04:
         8f:2f:a4:1b:0f:6d:bd:d3:fe:b1:cd:cb:86:22:96:81:8c:82:
         9e:75:26:bb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJ1SwHVYc58yCfREAMgKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdkNTc0NWIxNjI5ZGMzZTUzZTgxYzZkMjBlOTNlODNhNDc5MTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNXu7NsfSgc8x7zIKI0m348YRqWE
hnxxa22+8CKThObAH7My0YgxnBnklrZSNDxMSrP0+nC7Wjh8mvVtT06quYo3PGcm
e0w2kOODwuSd4NTwpMVn3d/CNxzYuNxVhYJB/k9t4GHIP6DLx4tTNtKbbbRVEZUS
CSvH7bPT+TdSFmhoLJd7IYTNBbgWuCHIWQjmdLPCwARR4S7EhHafkNVzjn1B9yCa
1wJyIDxTFcHkT4PZ/EgpPKTUCfJHFBtgLYWeNtAXLOX5XOftBWCofhxF49aVOIM+
4qHD91ckdTn1AmHzKRcSaGxWdU2HWo5hyvdj8bXuVznNEmPcYQNvXxHjJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPF9V0WxYp3D5T6BxtIOk+g6R5EgMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvOFgxWFJiRmluY1BsUG9IRzBnNlQ2RHBIa1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgtrggMF
ACoLa4cwDQYJKoZIhvcNAQELBQADggEBANIQJEGJcZ7hAAJJsuy45PZ3tDtec3Rk
vjaTmBV+Jdo2mp4di7iSay2YKv9tq4WDGOBrkDCACT9t3FydHc84RZyPODcsYcou
L9jpvEJUeC9Me5V1rPtj4MHaRIIwh1/wWQH8muwk7HkasWTv1fi5pB/ryIHPcqSL
3HvfGM036RBj8mVpEP96z/teWfCXkVYSlEZYUZgLji5vg9//nYXSYsRqax4M9Kf2
KLdOpYFAFSSp56KG5UAyp3zmTPSs2CvN6kMOozfg28EwRoXB+9ctnr8/ingt91dS
nACr2hKxYIcsd00VmHNVuwHpBI8vpBsPbb3T/rHNy4YiloGMgp51Jrs=
-----END CERTIFICATE-----