Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/1-T8kvsYGsYyD8fgpGoZannzlcVQ.roa
File:                     1-T8kvsYGsYyD8fgpGoZannzlcVQ.roa (raw, json)
Hash identifier:          i77giDSm40ppwqYCNjjHhoJuUBLUcS2k0Q266pc9k+8=
Subject key identifier:   F9:3F:24:BE:C6:06:B1:8C:83:F1:F8:29:1A:86:5A:9E:7C:E5:71:54
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA12E193F472F60084FA7DBCFC414
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/1-T8kvsYGsYyD8fgpGoZannzlcVQ.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205086
IP address blocks:        109.234.86.0/24 maxlen: 24
                          185.33.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a1:2e:19:3f:47:2f:60:08:4f:a7:db:cf:c4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f93f24bec606b18c83f1f8291a865a9e7ce57154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ae:77:78:53:f1:04:7e:f7:24:9d:20:46:96:
                    20:de:3c:df:df:fa:f5:9e:dd:0b:6f:32:e9:a7:6e:
                    f5:80:73:bb:dd:4e:24:f4:fd:fe:34:17:6d:21:94:
                    73:71:56:3f:04:c5:87:de:da:31:03:5f:48:71:28:
                    99:e1:5e:82:fe:f3:51:51:36:c0:7b:dd:f0:71:cf:
                    1b:86:ef:4b:69:23:7a:56:7c:93:68:72:80:77:f8:
                    33:ad:e5:00:ee:0d:b4:40:75:b3:44:4f:21:4a:d9:
                    c7:ab:84:12:37:69:fd:4e:85:87:65:bc:ab:5d:04:
                    7b:75:d2:a9:0d:0b:18:de:51:66:3f:9c:97:17:2c:
                    a6:ad:78:ca:77:4b:01:3d:b4:9f:a3:36:68:b5:14:
                    e4:d2:86:91:28:5f:a3:36:c4:3e:27:8a:9d:59:cc:
                    b1:1f:7b:78:11:5e:88:1d:6a:98:4f:d3:3a:b2:2c:
                    9a:88:57:19:9f:17:0e:6b:90:0e:e4:0a:cf:3f:7a:
                    9d:5f:7a:31:04:3b:0f:7e:ba:53:b8:c3:06:e9:ee:
                    53:4b:89:1d:bc:3b:a0:7e:b3:8b:10:6a:25:e4:9c:
                    8c:92:ea:d9:ce:21:27:e3:9b:0e:8b:4c:62:6c:f6:
                    61:b4:e6:3a:b9:3b:9c:89:4a:e3:f7:f1:27:af:5b:
                    53:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:3F:24:BE:C6:06:B1:8C:83:F1:F8:29:1A:86:5A:9E:7C:E5:71:54
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/1-T8kvsYGsYyD8fgpGoZannzlcVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.86.0/24
                  185.33.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:1f:93:2e:01:d6:5f:18:fe:3b:c4:26:83:fa:e9:7d:04:00:
         ec:c7:56:08:37:99:1a:86:18:91:b9:38:f1:cd:15:3a:be:11:
         f4:02:97:8a:1f:56:87:a8:86:a8:3d:d4:49:14:cd:b1:38:b7:
         ef:cb:f0:76:9c:9d:dd:e7:59:7d:d9:6a:1e:91:ff:14:41:ba:
         07:fb:ff:43:2d:4e:7b:ec:07:75:5d:10:2e:95:dc:1f:70:01:
         6d:ce:b3:3e:35:79:19:92:fa:65:d2:58:b9:a9:bc:ce:c7:f0:
         4f:f7:8c:89:50:90:de:7d:43:96:ee:54:f4:fb:1c:e0:48:14:
         e2:e9:34:37:35:dc:9c:53:0e:b7:b0:c4:83:0a:b2:23:0c:66:
         81:37:b8:4d:33:01:6e:10:e8:ee:f1:e8:30:57:de:8b:3e:e3:
         ee:02:a9:54:d6:a9:73:4f:4c:29:da:70:33:eb:1a:88:c0:cb:
         30:ee:19:ae:1b:38:e7:a6:b6:9e:56:f5:92:ac:79:37:c6:84:
         4b:ed:ad:a2:ef:c3:c0:cd:6c:06:a3:9c:3d:16:af:35:3d:9c:
         67:5a:82:15:81:cf:99:67:94:e0:9f:96:65:cd:11:9f:7c:cb:
         bd:e1:a3:a3:55:45:05:e7:02:6f:ff:ee:89:55:78:f9:57:68:
         51:62:6b:a1
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzJTKEuGT9HL2AIT6fbz8QUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTNmMjRiZWM2MDZiMThjODNmMWY4MjkxYTg2NWE5ZTdjZTU3MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq53eFPxBH73JJ0gRpYg3jzf3/r1
nt0LbzLpp271gHO73U4k9P3+NBdtIZRzcVY/BMWH3toxA19IcSiZ4V6C/vNRUTbA
e93wcc8bhu9LaSN6VnyTaHKAd/gzreUA7g20QHWzRE8hStnHq4QSN2n9ToWHZbyr
XQR7ddKpDQsY3lFmP5yXFyymrXjKd0sBPbSfozZotRTk0oaRKF+jNsQ+J4qdWcyx
H3t4EV6IHWqYT9M6siyaiFcZnxcOa5AO5ArPP3qdX3oxBDsPfrpTuMMG6e5TS4kd
vDugfrOLEGol5JyMkurZziEn45sOi0xibPZhtOY6uTuciUrj9/Enr1tTbwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPk/JL7GBrGMg/H4KRqGWp585XFUMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvMS1UOGt2c1lHc1l5RDhmZ3BHb1phbm56bGNWUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNWVhYWE3LTMxMDctNDI2OC1hYWQ2LTZmZDk3ODkyMDVi
YS8xL3ExVC1neHRxY1o5QzVzaEliOUE3VlF2bllmcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAG3qVgME
ALkhQjANBgkqhkiG9w0BAQsFAAOCAQEAFR+TLgHWXxj+O8Qmg/rpfQQA7MdWCDeZ
GoYYkbk48c0VOr4R9AKXih9Wh6iGqD3USRTNsTi378vwdpyd3edZfdlqHpH/FEG6
B/v/Qy1Oe+wHdV0QLpXcH3ABbc6zPjV5GZL6ZdJYuam8zsfwT/eMiVCQ3n1Dlu5U
9Psc4EgU4uk0NzXcnFMOt7DEgwqyIwxmgTe4TTMBbhDo7vHoMFfeiz7j7gKpVNap
c09MKdpwM+saiMDLMO4Zrhs456a2nlb1kqx5N8aES+2tou/DwM1sBqOcPRavNT2c
Z1qCFYHPmWeU4J+WZc0Rn3zLveGjo1VFBecCb//uiVV4+VdoUWJroQ==
-----END CERTIFICATE-----