Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/hV8KEcpRE5_qhKhu_0Y-CM1F67I.roa
File:                     hV8KEcpRE5_qhKhu_0Y-CM1F67I.roa (raw, json)
Hash identifier:          fDQbGBohxB1iQdnYQCwXfl705tqi66ggTApdWp7E4Ac=
Subject key identifier:   85:5F:0A:11:CA:51:13:9F:EA:84:A8:6E:FF:46:3E:08:CD:45:EB:B2
Certificate issuer:       /CN=3e8dd43928edfb1200efbc62c441f9cd29048585
Certificate serial:       018CC348DC9426A0D1D2F442CFFE2E6595F5
Authority key identifier: 3E:8D:D4:39:28:ED:FB:12:00:EF:BC:62:C4:41:F9:CD:29:04:85:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Po3UOSjt-xIA77xixEH5zSkEhYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/hV8KEcpRE5_qhKhu_0Y-CM1F67I.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60049
IP address blocks:        185.57.232.0/22 maxlen: 24
                          2a02:46e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/Po3UOSjt-xIA77xixEH5zSkEhYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/Po3UOSjt-xIA77xixEH5zSkEhYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Po3UOSjt-xIA77xixEH5zSkEhYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dc:94:26:a0:d1:d2:f4:42:cf:fe:2e:65:95:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e8dd43928edfb1200efbc62c441f9cd29048585
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=855f0a11ca51139fea84a86eff463e08cd45ebb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7a:c2:35:74:ed:0f:57:c5:30:f4:17:8a:d9:
                    c8:51:d2:35:45:15:9f:94:33:a6:ab:be:b2:50:0e:
                    37:47:37:51:89:06:7c:76:f9:4a:9e:91:6d:5e:cb:
                    2b:be:51:25:b0:26:b5:ad:ab:54:60:7d:c1:89:63:
                    8a:97:e5:ea:95:66:5b:cf:78:c2:96:03:45:83:0e:
                    dc:8b:bb:4b:d9:ba:54:8e:a5:8c:71:98:3f:54:d3:
                    45:07:3c:39:ef:16:80:54:05:ca:dc:04:a9:ab:ea:
                    e7:c3:e1:db:10:eb:0a:26:ed:a5:7b:c0:9a:b7:e2:
                    50:b2:90:4e:cb:e5:84:6d:c4:59:3b:a1:cf:05:44:
                    cd:4d:58:55:4f:49:8e:80:6a:ad:ab:5e:e6:c6:5c:
                    a5:89:53:18:60:c9:25:ca:45:45:9f:9a:8b:32:e7:
                    b7:3a:99:e4:52:bb:14:86:eb:14:bd:d7:55:da:92:
                    73:6c:e3:f9:03:cb:54:61:27:68:f7:31:e9:eb:8d:
                    69:ac:f3:32:96:b4:05:d6:ac:fe:03:a1:d2:19:ff:
                    9e:74:9e:0e:ec:58:46:d1:04:a0:e9:cc:19:0b:4b:
                    11:db:c7:ab:c7:c7:f6:c0:e1:26:ed:65:e9:77:79:
                    c3:ed:e7:4c:f6:9c:5c:0c:ec:b9:37:88:cf:88:1a:
                    a1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5F:0A:11:CA:51:13:9F:EA:84:A8:6E:FF:46:3E:08:CD:45:EB:B2
            X509v3 Authority Key Identifier:
                keyid:3E:8D:D4:39:28:ED:FB:12:00:EF:BC:62:C4:41:F9:CD:29:04:85:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Po3UOSjt-xIA77xixEH5zSkEhYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/hV8KEcpRE5_qhKhu_0Y-CM1F67I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f7ecb7-ff6d-45e0-98d6-c77bae3d3ed1/1/Po3UOSjt-xIA77xixEH5zSkEhYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.232.0/22
                IPv6:
                  2a02:46e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:21:0b:f9:03:78:a9:c3:a7:22:6e:d0:6c:cf:25:c4:4f:29:
         d4:0f:7c:10:48:21:51:f4:e1:e7:31:03:39:92:fb:df:e7:db:
         7c:59:e3:44:29:30:d5:70:7e:ce:a4:0b:86:c7:ad:62:a6:12:
         96:62:69:33:f3:7f:4e:88:66:40:f2:7a:9a:62:66:f8:91:18:
         c7:44:e5:f3:a9:54:4d:78:d1:47:c3:dd:ad:5f:59:f3:7b:c0:
         87:ed:62:fe:52:ee:d1:16:a3:a9:d8:ac:92:4d:21:a0:62:26:
         f5:46:cb:0f:a3:28:84:e8:8b:cc:12:cf:af:e0:cf:2c:4b:eb:
         0b:24:1e:e9:2c:4d:34:a3:9a:17:a0:54:90:59:c3:d3:9d:d1:
         e8:9c:12:e7:f7:c7:6f:6b:87:0f:f4:aa:1f:11:a2:03:53:0e:
         cb:8b:b9:90:86:23:c1:25:02:77:bc:94:1b:f2:51:51:28:f0:
         de:01:5a:32:ae:de:f3:1e:9a:0e:63:55:ca:26:bb:46:04:04:
         27:43:7e:72:b9:f5:c1:5f:d4:15:00:c6:fb:5c:2a:87:9b:26:
         34:a7:11:b0:63:dd:1e:14:42:d8:e9:16:5a:72:fb:76:08:b5:
         99:71:ba:2c:1f:1a:3d:86:61:d3:a7:25:f7:ae:b2:d3:47:4b:
         51:37:1c:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSNyUJqDR0vRCz/4uZZX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlOGRkNDM5MjhlZGZiMTIwMGVmYmM2MmM0NDFmOWNkMjkw
NDg1ODUwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVmMGExMWNhNTExMzlmZWE4NGE4NmVmZjQ2M2UwOGNkNDVlYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nrCNXTtD1fFMPQXitnIUdI1RRWf
lDOmq76yUA43RzdRiQZ8dvlKnpFtXssrvlElsCa1ratUYH3BiWOKl+XqlWZbz3jC
lgNFgw7ci7tL2bpUjqWMcZg/VNNFBzw57xaAVAXK3ASpq+rnw+HbEOsKJu2le8Ca
t+JQspBOy+WEbcRZO6HPBUTNTVhVT0mOgGqtq17mxlyliVMYYMklykVFn5qLMue3
OpnkUrsUhusUvddV2pJzbOP5A8tUYSdo9zHp641prPMylrQF1qz+A6HSGf+edJ4O
7FhG0QSg6cwZC0sR28erx8f2wOEm7WXpd3nD7edM9pxcDOy5N4jPiBqh2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIVfChHKUROf6oSobv9GPgjNReuyMB8GA1UdIwQY
MBaAFD6N1Dko7fsSAO+8YsRB+c0pBIWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG8zVU9TanQteElBNzd4aXhFSDV6U2tFaFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mN2VjYjctZmY2ZC00NWUwLTk4ZDYt
Yzc3YmFlM2QzZWQxLzEvaFY4S0VjcFJFNV9xaEtodV8wWS1DTTFGNjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mN2VjYjctZmY2ZC00NWUwLTk4ZDYtYzc3YmFlM2QzZWQx
LzEvUG8zVU9TanQteElBNzd4aXhFSDV6U2tFaFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTnoMA0E
AgACMAcDBQAqAkbgMA0GCSqGSIb3DQEBCwUAA4IBAQB2IQv5A3ipw6cibtBszyXE
TynUD3wQSCFR9OHnMQM5kvvf59t8WeNEKTDVcH7OpAuGx61iphKWYmkz839OiGZA
8nqaYmb4kRjHROXzqVRNeNFHw92tX1nze8CH7WL+Uu7RFqOp2KySTSGgYib1RssP
oyiE6IvMEs+v4M8sS+sLJB7pLE00o5oXoFSQWcPTndHonBLn98dva4cP9KofEaID
Uw7Li7mQhiPBJQJ3vJQb8lFRKPDeAVoyrt7zHpoOY1XKJrtGBAQnQ35yufXBX9QV
AMb7XCqHmyY0pxGwY90eFELY6RZacvt2CLWZcbosHxo9hmHTpyX3rrLTR0tRNxz+
-----END CERTIFICATE-----