Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/fPgXPqnUSjfYh8oJwN272Gzd5cs.roa
File:                     fPgXPqnUSjfYh8oJwN272Gzd5cs.roa (raw, json)
Hash identifier:          n1k+ZcTmISZvkNKNX0kUU6PYK4cnNgOQZCBBKL7LDHo=
Subject key identifier:   7C:F8:17:3E:A9:D4:4A:37:D8:87:CA:09:C0:DD:BB:D8:6C:DD:E5:CB
Certificate issuer:       /CN=8aa698f83e3429c89e34c8f2efb5b1201a18fcf7
Certificate serial:       018CC492F926D351961ACF32EFAD1EC3C9A0
Authority key identifier: 8A:A6:98:F8:3E:34:29:C8:9E:34:C8:F2:EF:B5:B1:20:1A:18:FC:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqaY-D40KcieNMjy77WxIBoY_Pc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/fPgXPqnUSjfYh8oJwN272Gzd5cs.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        195.8.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/iqaY-D40KcieNMjy77WxIBoY_Pc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/iqaY-D40KcieNMjy77WxIBoY_Pc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqaY-D40KcieNMjy77WxIBoY_Pc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f9:26:d3:51:96:1a:cf:32:ef:ad:1e:c3:c9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa698f83e3429c89e34c8f2efb5b1201a18fcf7
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cf8173ea9d44a37d887ca09c0ddbbd86cdde5cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b4:b4:2f:98:1d:63:cd:ce:72:3c:75:15:8a:
                    b5:b4:ba:81:01:aa:a3:2b:45:5b:01:5b:89:de:f4:
                    83:9f:c2:d1:ea:3b:71:cf:6f:b5:36:6f:10:d6:cc:
                    c5:d1:f4:f4:7f:ab:ce:00:cb:0f:3c:b8:5b:43:5a:
                    c1:e6:89:09:c3:cd:d5:cd:87:49:17:02:f2:a7:ae:
                    bd:dc:3f:79:bd:07:77:d7:56:0e:c8:77:e5:4b:a4:
                    3c:84:79:60:1a:f8:77:a6:f0:01:58:09:df:53:af:
                    96:17:e6:7c:3b:3b:de:8d:2a:ab:2d:35:da:f7:af:
                    c8:cc:65:ef:f8:af:1d:6f:75:0c:ed:a9:3b:4f:7e:
                    49:b4:f8:f6:62:62:90:f1:2a:35:a2:92:fc:14:8a:
                    26:fa:f4:39:01:1b:4c:ba:69:c4:25:82:d3:27:71:
                    05:23:ce:b5:df:2c:55:d3:0c:71:b0:c0:c3:1d:48:
                    12:6b:e8:45:f4:6a:d8:91:71:00:dd:65:bc:8c:0f:
                    1a:ec:63:87:8d:29:ea:b0:36:0a:79:59:6d:d1:66:
                    a6:52:0e:f6:24:4f:d6:d9:44:7e:68:70:f9:f3:0e:
                    cf:39:c9:1a:10:6a:36:ef:68:eb:56:74:dd:f6:37:
                    ed:b9:c8:19:a4:19:99:1d:e6:0b:72:3e:d9:e6:d9:
                    63:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F8:17:3E:A9:D4:4A:37:D8:87:CA:09:C0:DD:BB:D8:6C:DD:E5:CB
            X509v3 Authority Key Identifier:
                keyid:8A:A6:98:F8:3E:34:29:C8:9E:34:C8:F2:EF:B5:B1:20:1A:18:FC:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqaY-D40KcieNMjy77WxIBoY_Pc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/fPgXPqnUSjfYh8oJwN272Gzd5cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d704f2-6ed4-44c1-8e4f-4d7a84babbde/1/iqaY-D40KcieNMjy77WxIBoY_Pc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:ba:7e:a3:9c:7e:82:35:27:0c:35:cc:ad:ce:ee:ee:bb:53:
         0e:2c:32:b5:e9:e4:4e:16:51:ee:40:45:81:a4:5a:d7:31:ff:
         0a:ad:3c:63:6b:c9:d0:f4:6f:6f:bd:97:37:ae:06:3c:14:c4:
         11:e0:ae:49:07:dd:61:06:64:e2:49:d9:13:50:e1:b4:ec:49:
         27:6f:d0:61:9f:ef:1c:a0:74:b5:95:15:6e:a7:db:5a:e7:d3:
         5b:03:6e:9c:21:0b:df:8e:4f:21:c8:f7:1d:03:6c:b5:20:e3:
         22:70:bf:a2:a8:fc:ea:89:3c:cb:8c:bf:48:3a:04:1c:db:68:
         20:30:af:5c:d1:f5:b6:af:75:4c:67:69:48:0a:b2:ff:e0:d9:
         01:64:f9:61:a0:86:16:41:cb:7a:fb:86:c7:82:19:72:61:71:
         e7:29:4d:07:b5:62:d8:68:60:17:6d:ac:af:f4:45:00:7e:09:
         74:3b:05:1a:ba:fd:38:fd:1d:fd:46:27:86:ac:56:ac:4c:1b:
         75:70:1a:91:70:9a:75:e5:8e:c5:44:9d:a8:46:f9:3d:6c:59:
         74:92:db:60:5e:6a:3e:4b:ba:f1:e1:27:2d:49:07:f2:5e:7b:
         1b:1c:82:06:2e:e8:60:21:39:71:7d:c1:db:94:be:0b:ed:62:
         71:26:35:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvkm01GWGs8y760ew8mgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYTY5OGY4M2UzNDI5Yzg5ZTM0YzhmMmVmYjViMTIwMWEx
OGZjZjcwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y4MTczZWE5ZDQ0YTM3ZDg4N2NhMDljMGRkYmJkODZjZGRlNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7S0L5gdY83Ocjx1FYq1tLqBAaqj
K0VbAVuJ3vSDn8LR6jtxz2+1Nm8Q1szF0fT0f6vOAMsPPLhbQ1rB5okJw83VzYdJ
FwLyp6693D95vQd311YOyHflS6Q8hHlgGvh3pvABWAnfU6+WF+Z8OzvejSqrLTXa
96/IzGXv+K8db3UM7ak7T35JtPj2YmKQ8So1opL8FIom+vQ5ARtMumnEJYLTJ3EF
I8613yxV0wxxsMDDHUgSa+hF9GrYkXEA3WW8jA8a7GOHjSnqsDYKeVlt0WamUg72
JE/W2UR+aHD58w7POckaEGo272jrVnTd9jftucgZpBmZHeYLcj7Z5tljBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHz4Fz6p1Eo32IfKCcDdu9hs3eXLMB8GA1UdIwQY
MBaAFIqmmPg+NCnInjTI8u+1sSAaGPz3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXFhWS1ENDBLY2llTk1qeTc3V3hJQm9ZX1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNzA0ZjItNmVkNC00NGMxLThlNGYt
NGQ3YTg0YmFiYmRlLzEvZlBnWFBxblVTamZZaDhvSndOMjcyR3pkNWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNzA0ZjItNmVkNC00NGMxLThlNGYtNGQ3YTg0YmFiYmRl
LzEvaXFhWS1ENDBLY2llTk1qeTc3V3hJQm9ZX1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwggMA0G
CSqGSIb3DQEBCwUAA4IBAQBgun6jnH6CNScMNcytzu7uu1MOLDK16eROFlHuQEWB
pFrXMf8KrTxja8nQ9G9vvZc3rgY8FMQR4K5JB91hBmTiSdkTUOG07Eknb9Bhn+8c
oHS1lRVup9ta59NbA26cIQvfjk8hyPcdA2y1IOMicL+iqPzqiTzLjL9IOgQc22gg
MK9c0fW2r3VMZ2lICrL/4NkBZPlhoIYWQct6+4bHghlyYXHnKU0HtWLYaGAXbayv
9EUAfgl0OwUauv04/R39RieGrFasTBt1cBqRcJp15Y7FRJ2oRvk9bFl0kttgXmo+
S7rx4SctSQfyXnsbHIIGLuhgITlxfcHblL4L7WJxJjU+
-----END CERTIFICATE-----