Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/L8ix0BWU-G4Lcdc94dy31zNE7oI.roa
File:                     L8ix0BWU-G4Lcdc94dy31zNE7oI.roa (raw, json)
Hash identifier:          kVLAjs6q4OGL1azmdu2ewZCcaYcMyCMpvJ1eAwCUnI0=
Subject key identifier:   2F:C8:B1:D0:15:94:F8:6E:0B:71:D7:3D:E1:DC:B7:D7:33:44:EE:82
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC72755D6AA1D8C23E1628C15F847FAD5
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/L8ix0BWU-G4Lcdc94dy31zNE7oI.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200639
IP address blocks:        185.186.10.0/24 maxlen: 24
                          185.186.9.0/24 maxlen: 24
                          2a0b:6b84::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:55:d6:aa:1d:8c:23:e1:62:8c:15:f8:47:fa:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc8b1d01594f86e0b71d73de1dcb7d73344ee82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:05:02:ed:70:cb:c5:fb:43:ad:e0:76:a4:e1:
                    59:50:0d:b7:49:ff:27:b2:8d:7d:ff:a4:8a:63:04:
                    79:04:7c:8c:0d:ae:27:20:38:18:33:b7:b2:48:2d:
                    c2:ee:e6:49:40:42:6e:16:8a:f1:a0:e6:d0:d9:cc:
                    5e:0a:d3:6c:8d:82:96:8f:9b:74:ea:6e:6f:61:ab:
                    64:70:57:a9:c6:76:1f:e4:90:3e:a6:0f:ef:4d:07:
                    e5:48:6c:c2:ff:5f:93:14:68:64:66:38:9b:d0:9f:
                    33:84:70:0d:d5:63:e7:89:bd:ec:00:40:a6:28:27:
                    29:9b:e1:1d:7f:2b:03:70:d1:09:3a:c1:87:eb:b1:
                    25:aa:63:d3:b9:e1:57:cb:a2:7b:c1:11:3d:d4:91:
                    2d:8c:bc:31:f6:82:d2:4c:17:2a:4a:f6:79:dc:41:
                    a0:d0:06:77:f0:d4:09:e6:b7:37:3b:a9:e0:75:42:
                    82:ed:ef:57:1c:6a:97:94:a4:92:51:76:0f:4b:48:
                    8f:71:9c:0d:2c:7f:6e:6a:af:20:86:60:af:cf:93:
                    68:cf:9c:dc:24:06:d8:2f:5a:d9:c9:e6:9f:e1:9b:
                    b4:91:5f:01:c1:8d:e4:dd:b0:03:23:ce:af:9d:15:
                    ef:86:6b:fa:b5:93:84:9e:6e:fb:a3:ff:c5:5e:ca:
                    c9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C8:B1:D0:15:94:F8:6E:0B:71:D7:3D:E1:DC:B7:D7:33:44:EE:82
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/L8ix0BWU-G4Lcdc94dy31zNE7oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.9.0-185.186.10.255
                IPv6:
                  2a0b:6b84::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:16:36:49:2d:30:71:46:c1:16:b9:09:d7:60:19:11:1d:6d:
         bf:d5:45:42:d6:ff:f8:b4:9c:f7:c7:23:ae:66:2a:3d:1b:5f:
         16:40:9d:cf:10:6f:7c:6f:76:f7:b9:d3:99:fe:91:98:35:85:
         a1:f4:81:a5:8a:00:04:32:6e:d6:a7:d3:b4:71:e9:9d:18:bd:
         d6:d5:5a:42:e1:a0:8b:d9:e1:bc:7b:2a:de:a5:b1:ae:df:b8:
         a2:4b:8b:3d:a7:22:6e:1b:83:31:d5:b6:0c:56:b9:9d:0e:fe:
         0a:61:b1:36:ff:b3:17:7a:41:9b:94:7b:5f:74:ab:b7:26:bc:
         7a:81:61:4a:87:55:da:29:34:e8:5d:d6:14:96:31:5d:23:4f:
         6d:fd:84:df:ef:57:ef:28:ce:50:31:07:d8:32:72:28:43:4c:
         10:13:36:56:9a:ec:c9:51:83:8b:2b:b3:59:05:c3:9b:ba:c0:
         c7:5f:94:d8:e5:71:4c:a7:ae:6b:00:4e:30:6b:c1:fe:e4:df:
         6c:36:6e:d1:2d:e1:c1:3a:6d:47:31:3a:8b:5c:3e:a0:36:90:
         44:f6:69:51:38:29:ec:b0:62:7a:97:f6:e9:86:39:1c:f7:d6:
         49:20:6f:6a:d8:40:ab:de:29:26:d5:23:07:0a:2d:1f:d1:ab:
         68:eb:fd:9b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJ1XWqh2MI+FijBX4R/rVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmM4YjFkMDE1OTRmODZlMGI3MWQ3M2RlMWRjYjdkNzMzNDRlZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wUC7XDLxftDreB2pOFZUA23Sf8n
so19/6SKYwR5BHyMDa4nIDgYM7eySC3C7uZJQEJuForxoObQ2cxeCtNsjYKWj5t0
6m5vYatkcFepxnYf5JA+pg/vTQflSGzC/1+TFGhkZjib0J8zhHAN1WPnib3sAECm
KCcpm+EdfysDcNEJOsGH67ElqmPTueFXy6J7wRE91JEtjLwx9oLSTBcqSvZ53EGg
0AZ38NQJ5rc3O6ngdUKC7e9XHGqXlKSSUXYPS0iPcZwNLH9uaq8ghmCvz5Noz5zc
JAbYL1rZyeaf4Zu0kV8BwY3k3bADI86vnRXvhmv6tZOEnm77o//FXsrJKwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC/IsdAVlPhuC3HXPeHct9czRO6CMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvTDhpeDBCV1UtRzRMY2RjOTRkeTMxek5FN29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAC5ugkD
BAC5ugowDQQCAAIwBwMFACoLa4QwDQYJKoZIhvcNAQELBQADggEBAB0WNkktMHFG
wRa5CddgGREdbb/VRULW//i0nPfHI65mKj0bXxZAnc8Qb3xvdve505n+kZg1haH0
gaWKAAQybtan07Rx6Z0YvdbVWkLhoIvZ4bx7Kt6lsa7fuKJLiz2nIm4bgzHVtgxW
uZ0O/gphsTb/sxd6QZuUe190q7cmvHqBYUqHVdopNOhd1hSWMV0jT239hN/vV+8o
zlAxB9gycihDTBATNlaa7MlRg4srs1kFw5u6wMdflNjlcUynrmsATjBrwf7k32w2
btEt4cE6bUcxOotcPqA2kET2aVE4KeywYnqX9umGORz31kkgb2rYQKveKSbVIwcK
LR/Rq2jr/Zs=
-----END CERTIFICATE-----