Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8Tv9WeFm1P6Fj44Ge2q76c8UmV4.roa
File:                     8Tv9WeFm1P6Fj44Ge2q76c8UmV4.roa (raw, json)
Hash identifier:          KOVkgkgu7WO2+H1bGxkWITDxg9/q/sFZ8S4tX9gyP/I=
Subject key identifier:   F1:3B:FD:59:E1:66:D4:FE:85:8F:8E:06:7B:6A:BB:E9:CF:14:99:5E
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A880FE037AE04CB3B31E57C65C8EE
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8Tv9WeFm1P6Fj44Ge2q76c8UmV4.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207288
IP address blocks:        141.101.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:88:0f:e0:37:ae:04:cb:3b:31:e5:7c:65:c8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f13bfd59e166d4fe858f8e067b6abbe9cf14995e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:6b:07:a8:b4:b1:4e:5a:16:ae:8d:df:97:
                    0c:ba:0b:88:11:97:77:71:3e:b9:67:c1:f4:1a:f9:
                    55:32:1b:6c:a3:7f:b3:1e:6f:dd:f1:e6:b1:f9:be:
                    53:e3:a4:d8:dd:62:f4:40:36:95:65:00:59:a0:22:
                    39:63:b7:3b:99:7c:4a:25:8f:a6:9a:ea:01:2a:08:
                    08:ce:dd:88:24:bc:24:63:03:92:7f:cd:b7:2f:6c:
                    51:c7:bd:79:dc:3e:5e:09:c9:24:91:a7:9e:c7:cd:
                    7b:5c:80:0a:30:bf:4f:b2:5f:f9:73:9e:42:05:da:
                    f6:f2:f1:e8:1e:5c:7b:bb:29:d6:3c:a9:42:93:1e:
                    46:af:94:cc:09:91:2b:99:9d:d5:a1:35:d7:b6:67:
                    d7:bc:25:85:56:a8:84:68:9c:e4:66:11:fd:55:19:
                    bb:8d:08:7b:48:ee:af:18:91:82:d4:b7:af:e6:27:
                    97:a2:5d:5b:98:ab:d3:0b:b0:bf:a7:6c:a3:e9:f8:
                    2f:17:06:08:4b:49:44:0c:e0:79:f6:3d:da:a0:7c:
                    74:9a:10:90:4d:3b:27:f7:bb:95:7a:21:c1:ca:de:
                    5a:68:c6:ab:a5:ea:de:57:8d:67:b1:06:6e:00:e4:
                    81:de:f1:22:49:c9:e8:30:21:83:dd:d9:d6:80:ba:
                    63:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:3B:FD:59:E1:66:D4:FE:85:8F:8E:06:7B:6A:BB:E9:CF:14:99:5E
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8Tv9WeFm1P6Fj44Ge2q76c8UmV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c8:bf:ae:19:f4:cd:b9:49:2c:17:90:9d:63:a9:15:76:e7:
         b5:95:ea:56:da:41:c3:ae:2a:8d:28:9f:16:99:b8:d1:c0:57:
         8d:02:3e:d6:62:37:53:4a:ff:44:29:3a:56:a4:47:6f:cc:6a:
         78:dd:ed:a1:cc:7c:ce:20:8e:51:a2:1d:48:c7:e7:e0:67:56:
         07:d4:e0:8e:a5:b7:52:cd:c5:b4:95:ad:ee:1d:ba:83:78:64:
         b9:85:0c:1e:ea:9f:46:41:2e:5c:86:4c:c3:68:56:94:36:24:
         73:50:3d:f0:21:15:d3:d2:37:f8:a1:c0:a8:e2:b3:da:6a:cf:
         3e:36:cb:31:d1:4a:0b:12:d6:da:22:ec:38:e6:a9:02:67:1c:
         41:45:80:53:80:ce:c3:34:01:8e:dd:6e:44:33:02:ca:18:b7:
         35:af:45:bb:f7:8c:48:cf:cd:25:4f:af:af:9a:21:27:ef:9d:
         87:28:2f:a5:1d:af:14:31:21:fa:9a:29:19:04:b3:30:71:ce:
         23:2f:6f:a3:e6:f4:a0:74:93:29:3e:7d:da:12:4a:05:d1:34:
         be:11:26:09:cc:fe:5a:58:14:af:92:03:ea:05:0c:c1:ae:d2:
         8b:2a:56:fa:65:f3:13:b8:9f:20:01:55:f4:ba:49:67:42:d8:
         29:fc:bf:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSogP4DeuBMs7MeV8ZcjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTNiZmQ1OWUxNjZkNGZlODU4ZjhlMDY3YjZhYmJlOWNmMTQ5OTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTZrB6i0sU5aFq6N35cMuguIEZd3
cT65Z8H0GvlVMhtso3+zHm/d8eax+b5T46TY3WL0QDaVZQBZoCI5Y7c7mXxKJY+m
muoBKggIzt2IJLwkYwOSf823L2xRx7153D5eCckkkaeex817XIAKML9Psl/5c55C
Bdr28vHoHlx7uynWPKlCkx5Gr5TMCZErmZ3VoTXXtmfXvCWFVqiEaJzkZhH9VRm7
jQh7SO6vGJGC1Lev5ieXol1bmKvTC7C/p2yj6fgvFwYIS0lEDOB59j3aoHx0mhCQ
TTsn97uVeiHByt5aaMarpereV41nsQZuAOSB3vEiScnoMCGD3dnWgLpjzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPE7/VnhZtT+hY+OBntqu+nPFJleMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvOFR2OVdlRm0xUDZGajQ0R2UycTc2YzhVbVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXfMA0G
CSqGSIb3DQEBCwUAA4IBAQAtyL+uGfTNuUksF5CdY6kVdue1lepW2kHDriqNKJ8W
mbjRwFeNAj7WYjdTSv9EKTpWpEdvzGp43e2hzHzOII5Roh1Ix+fgZ1YH1OCOpbdS
zcW0la3uHbqDeGS5hQwe6p9GQS5chkzDaFaUNiRzUD3wIRXT0jf4ocCo4rPaas8+
Nssx0UoLEtbaIuw45qkCZxxBRYBTgM7DNAGO3W5EMwLKGLc1r0W794xIz80lT6+v
miEn752HKC+lHa8UMSH6mikZBLMwcc4jL2+j5vSgdJMpPn3aEkoF0TS+ESYJzP5a
WBSvkgPqBQzBrtKLKlb6ZfMTuJ8gAVX0uklnQtgp/L+r
-----END CERTIFICATE-----