Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/8spWKqqpV4pNPmFRud_LmnKKGRo.roa
File:                     8spWKqqpV4pNPmFRud_LmnKKGRo.roa (raw, json)
Hash identifier:          v8ngDzcQjwPNEBA1YpUPuwYa1P2Q9nZhxuuGNXMbvbA=
Subject key identifier:   F2:CA:56:2A:AA:A9:57:8A:4D:3E:61:51:B9:DF:CB:9A:72:8A:19:1A
Certificate issuer:       /CN=b7c8df3da33938bf1b245f1c4479fd24dd9f94f0
Certificate serial:       018CC4245023025B363C793728AC21D6201F
Authority key identifier: B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/8spWKqqpV4pNPmFRud_LmnKKGRo.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200064
IP address blocks:        185.238.164.0/24 maxlen: 24
                          185.238.166.0/24 maxlen: 24
                          185.238.165.0/24 maxlen: 24
                          185.238.164.0/22 maxlen: 22
                          185.238.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:50:23:02:5b:36:3c:79:37:28:ac:21:d6:20:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7c8df3da33938bf1b245f1c4479fd24dd9f94f0
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2ca562aaaa9578a4d3e6151b9dfcb9a728a191a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d9:ff:d8:d9:05:91:7c:82:75:37:c9:4f:e7:
                    4f:a9:bb:73:0a:7b:dd:0c:77:8d:7b:5c:45:ad:a5:
                    ac:37:1b:01:46:0a:36:d9:86:9e:96:ea:ae:26:dd:
                    a1:47:3b:bf:ee:9a:ff:8b:6c:29:d0:db:43:17:fd:
                    d7:28:f4:a7:a0:70:aa:24:20:c2:61:6f:71:0d:da:
                    97:af:d7:2c:71:11:b0:ce:ea:7a:20:b3:ba:41:ea:
                    53:5a:e3:51:67:45:d4:50:1e:a2:35:0a:90:df:bb:
                    57:0a:6c:40:67:39:74:60:f4:d7:43:00:c5:79:c2:
                    72:ec:fb:10:6c:31:cd:85:eb:13:32:55:94:27:70:
                    fd:18:5c:11:32:6e:28:f2:27:28:3c:1c:31:a7:41:
                    d6:3a:63:17:f3:69:40:22:5e:43:a5:48:23:fe:03:
                    c8:64:a5:d5:fc:15:82:99:59:44:f2:7f:35:4a:88:
                    31:de:92:b3:4b:cf:19:86:af:92:f5:78:a2:b3:e9:
                    39:48:96:07:c1:99:24:86:9c:90:a4:58:44:1c:59:
                    26:67:94:65:24:84:d3:de:fe:10:91:7b:84:c6:d0:
                    04:78:b3:a7:25:54:70:45:9b:fc:ca:90:e1:6d:82:
                    a3:18:c6:b3:dd:9f:51:b1:2f:9e:8c:0b:b6:2c:c6:
                    36:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CA:56:2A:AA:A9:57:8A:4D:3E:61:51:B9:DF:CB:9A:72:8A:19:1A
            X509v3 Authority Key Identifier:
                keyid:B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/8spWKqqpV4pNPmFRud_LmnKKGRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:c0:82:4a:7f:f5:4a:2c:fa:cc:07:fc:fc:df:bd:81:22:14:
         2e:1e:6d:e9:13:43:35:fa:20:86:d0:2a:ae:8d:6a:19:de:66:
         2b:46:67:90:41:0c:f8:1a:0c:28:69:31:f9:10:1b:a7:01:24:
         f7:82:46:cd:25:58:1e:b3:99:52:b6:85:a1:a5:18:c6:93:4e:
         f7:51:46:23:21:2e:a5:0e:59:76:4d:91:c0:5d:51:f4:73:8b:
         d8:41:56:c5:9a:52:92:7a:27:82:4c:5e:56:e3:3b:4a:ba:f7:
         17:e4:3c:33:f9:ca:7f:f3:e9:30:91:6c:1e:b5:d6:c8:f3:6c:
         a6:21:16:d6:b7:07:67:7b:b4:35:bd:0c:62:12:a4:e4:02:b7:
         c9:44:19:64:ad:e0:85:6b:a9:55:17:b1:3e:ec:72:54:12:49:
         43:74:70:c9:b5:f3:28:e7:75:c8:2e:5d:e7:b8:78:bb:46:31:
         a9:7f:9e:32:88:86:88:09:42:28:af:25:43:ee:3a:82:d0:64:
         13:f4:8f:24:11:40:58:03:64:93:b9:c9:36:a7:0d:36:43:bc:
         07:39:c0:d9:5d:47:34:e2:3c:fe:82:fb:86:99:21:c7:c1:a8:
         7b:4f:96:e5:49:9e:f4:21:99:88:e9:06:c2:06:ef:18:c7:c5:
         e5:52:85:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFAjAls2PHk3KKwh1iAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YzhkZjNkYTMzOTM4YmYxYjI0NWYxYzQ0NzlmZDI0ZGQ5
Zjk0ZjAwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNhNTYyYWFhYTk1NzhhNGQzZTYxNTFiOWRmY2I5YTcyOGExOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9n/2NkFkXyCdTfJT+dPqbtzCnvd
DHeNe1xFraWsNxsBRgo22YaeluquJt2hRzu/7pr/i2wp0NtDF/3XKPSnoHCqJCDC
YW9xDdqXr9cscRGwzup6ILO6QepTWuNRZ0XUUB6iNQqQ37tXCmxAZzl0YPTXQwDF
ecJy7PsQbDHNhesTMlWUJ3D9GFwRMm4o8icoPBwxp0HWOmMX82lAIl5DpUgj/gPI
ZKXV/BWCmVlE8n81Sogx3pKzS88Zhq+S9Xiis+k5SJYHwZkkhpyQpFhEHFkmZ5Rl
JITT3v4QkXuExtAEeLOnJVRwRZv8ypDhbYKjGMaz3Z9RsS+ejAu2LMY20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLKViqqqVeKTT5hUbnfy5pyihkaMB8GA1UdIwQY
MBaAFLfI3z2jOTi/GyRfHER5/STdn5TwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDhqZlBhTTVPTDhiSkY4Y1JIbjlKTjJmbFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny80ZGQxOTgtOTNjYi00NTljLWJlZTIt
MmQxZGFhMjk5ZTgzLzEvOHNwV0txcXBWNHBOUG1GUnVkX0xtbktLR1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny80ZGQxOTgtOTNjYi00NTljLWJlZTItMmQxZGFhMjk5ZTgz
LzEvdDhqZlBhTTVPTDhiSkY4Y1JIbjlKTjJmbFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue6kMA0G
CSqGSIb3DQEBCwUAA4IBAQC4wIJKf/VKLPrMB/z8372BIhQuHm3pE0M1+iCG0Cqu
jWoZ3mYrRmeQQQz4GgwoaTH5EBunAST3gkbNJVges5lStoWhpRjGk073UUYjIS6l
Dll2TZHAXVH0c4vYQVbFmlKSeieCTF5W4ztKuvcX5Dwz+cp/8+kwkWwetdbI82ym
IRbWtwdne7Q1vQxiEqTkArfJRBlkreCFa6lVF7E+7HJUEklDdHDJtfMo53XILl3n
uHi7RjGpf54yiIaICUIoryVD7jqC0GQT9I8kEUBYA2STuck2pw02Q7wHOcDZXUc0
4jz+gvuGmSHHwah7T5blSZ70IZmI6QbCBu8Yx8XlUoVM
-----END CERTIFICATE-----