Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/8NBHc7gm0eh1nHc-Q-_WmT8VGhY.roa
File:                     8NBHc7gm0eh1nHc-Q-_WmT8VGhY.roa (raw, json)
Hash identifier:          YJJh3xWRLb4F8S+2pFSVvM8DxcOL3t/Bm/Pq0flOah0=
Subject key identifier:   F0:D0:47:73:B8:26:D1:E8:75:9C:77:3E:43:EF:D6:99:3F:15:1A:16
Certificate issuer:       /CN=0e6d8fd77dade3d3f96cb49931948c2729ada0de
Certificate serial:       01912201BBB6AC012FCE1A9A73860CF5275E
Authority key identifier: 0E:6D:8F:D7:7D:AD:E3:D3:F9:6C:B4:99:31:94:8C:27:29:AD:A0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/8NBHc7gm0eh1nHc-Q-_WmT8VGhY.roa
Signing time:             Mon 05 Aug 2024 10:07:04 +0000
ROA not before:           Mon 05 Aug 2024 10:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9161
IP address blocks:        195.110.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:01:bb:b6:ac:01:2f:ce:1a:9a:73:86:0c:f5:27:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e6d8fd77dade3d3f96cb49931948c2729ada0de
        Validity
            Not Before: Aug  5 10:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0d04773b826d1e8759c773e43efd6993f151a16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:8d:29:dd:9f:12:ac:31:6b:02:63:64:37:
                    0b:c0:aa:bd:84:41:ea:94:e4:79:f6:28:d5:d1:49:
                    e1:97:52:f2:72:65:ed:6f:db:c4:ec:ab:ab:59:68:
                    d6:5b:72:af:3f:66:7b:c1:48:ea:95:24:49:be:a5:
                    20:02:35:60:64:61:53:e1:53:cc:53:0f:2d:af:91:
                    1b:fd:f6:96:15:b1:96:e5:0a:1e:bf:62:2b:d0:46:
                    e0:80:27:0e:01:31:7c:dc:a4:d6:a5:b7:ee:2a:c6:
                    1d:79:56:e5:8e:e6:c1:48:47:81:1b:85:fa:50:b2:
                    f6:fb:65:04:f9:38:f0:95:72:26:a4:68:ae:dc:46:
                    da:29:c0:f4:ac:9c:d6:94:9e:8e:e2:eb:7f:2f:bb:
                    ac:be:ce:f8:4d:67:2b:16:fa:08:cb:19:1f:4e:5f:
                    e6:e7:01:1d:de:98:ca:29:a3:f7:2f:a8:d2:ad:92:
                    e8:01:af:79:56:27:ff:5c:b1:fd:08:ef:8b:1c:5a:
                    bc:23:1c:92:4b:6c:c9:d9:c0:3a:bf:6f:21:d7:39:
                    7f:f5:81:8c:a5:d8:75:aa:4f:e7:9e:6a:fb:07:ed:
                    71:5e:84:76:4a:53:ca:b8:7b:36:5f:87:9f:61:df:
                    a8:c9:49:d5:df:94:0d:29:59:e0:c7:92:e7:92:27:
                    6f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D0:47:73:B8:26:D1:E8:75:9C:77:3E:43:EF:D6:99:3F:15:1A:16
            X509v3 Authority Key Identifier:
                keyid:0E:6D:8F:D7:7D:AD:E3:D3:F9:6C:B4:99:31:94:8C:27:29:AD:A0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/8NBHc7gm0eh1nHc-Q-_WmT8VGhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         97:fb:c0:42:19:36:6f:7d:fc:ca:37:7e:14:e8:b7:4d:16:07:
         a9:e6:ac:58:08:e8:23:5f:91:82:2c:f7:35:99:20:25:06:ac:
         cc:72:81:62:2c:0a:06:dc:a9:2e:6f:06:04:d4:94:45:fe:72:
         c1:68:40:60:cc:13:a7:b7:aa:91:0f:6a:d4:17:8f:81:ee:1b:
         26:25:a3:ff:e8:5e:ac:e0:40:30:b8:be:4d:44:64:ce:8a:e8:
         f5:5a:a2:fc:fb:d5:30:06:78:f3:cb:a3:33:10:dd:76:ea:c6:
         77:fc:80:cb:f4:85:75:a5:7e:22:8f:cb:30:08:1e:47:a4:09:
         e1:60:95:ff:be:68:9a:1e:bf:79:5b:6b:d7:af:f2:06:c1:4b:
         06:3b:bd:d5:a0:02:8d:09:6d:44:29:e6:d5:94:66:1a:46:e5:
         37:fe:c0:d9:01:a7:da:82:08:76:e1:90:56:c3:f5:16:a2:df:
         5e:77:ff:a4:80:db:14:ce:38:7a:0f:c0:a5:7a:07:54:f0:6f:
         67:d3:51:77:80:92:8f:66:6c:0d:f3:a0:7d:c9:39:53:01:35:
         24:04:98:ec:e3:03:ec:d8:58:1c:08:dd:62:d2:72:30:6b:63:
         2d:30:31:20:3e:ab:9e:b3:02:92:4e:7b:e1:bf:b8:88:5b:bc:
         59:89:b0:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEiAbu2rAEvzhqac4YM9SdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNmQ4ZmQ3N2RhZGUzZDNmOTZjYjQ5OTMxOTQ4YzI3Mjlh
ZGEwZGUwHhcNMjQwODA1MTAwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGQwNDc3M2I4MjZkMWU4NzU5Yzc3M2U0M2VmZDY5OTNmMTUxYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyGNKd2fEqwxawJjZDcLwKq9hEHq
lOR59ijV0Unhl1LycmXtb9vE7KurWWjWW3KvP2Z7wUjqlSRJvqUgAjVgZGFT4VPM
Uw8tr5Eb/faWFbGW5Qoev2Ir0EbggCcOATF83KTWpbfuKsYdeVbljubBSEeBG4X6
ULL2+2UE+TjwlXImpGiu3EbaKcD0rJzWlJ6O4ut/L7usvs74TWcrFvoIyxkfTl/m
5wEd3pjKKaP3L6jSrZLoAa95Vif/XLH9CO+LHFq8IxySS2zJ2cA6v28h1zl/9YGM
pdh1qk/nnmr7B+1xXoR2SlPKuHs2X4efYd+oyUnV35QNKVngx5LnkidvZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDQR3O4JtHodZx3PkPv1pk/FRoWMB8GA1UdIwQY
MBaAFA5tj9d9rePT+Wy0mTGUjCcpraDeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG0yUDEzMnQ0OVA1YkxTWk1aU01KeW10b040LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82OTc3Y2QtNDM0My00YjRjLThjZWEt
YmQzNWMwNDhiOTMwLzEvOE5CSGM3Z20wZWgxbkhjLVEtX1dtVDhWR2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82OTc3Y2QtNDM0My00YjRjLThjZWEtYmQzNWMwNDhiOTMw
LzEvRG0yUDEzMnQ0OVA1YkxTWk1aU01KeW10b040LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw26gMA0G
CSqGSIb3DQEBCwUAA4IBAQCX+8BCGTZvffzKN34U6LdNFgep5qxYCOgjX5GCLPc1
mSAlBqzMcoFiLAoG3KkubwYE1JRF/nLBaEBgzBOnt6qRD2rUF4+B7hsmJaP/6F6s
4EAwuL5NRGTOiuj1WqL8+9UwBnjzy6MzEN126sZ3/IDL9IV1pX4ij8swCB5HpAnh
YJX/vmiaHr95W2vXr/IGwUsGO73VoAKNCW1EKebVlGYaRuU3/sDZAafaggh24ZBW
w/UWot9ed/+kgNsUzjh6D8ClegdU8G9n01F3gJKPZmwN86B9yTlTATUkBJjs4wPs
2FgcCN1i0nIwa2MtMDEgPqueswKSTnvhv7iIW7xZibA8
-----END CERTIFICATE-----