Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/iiHavQKXUy6JmviBClir8d1T0QU.roa
File:                     iiHavQKXUy6JmviBClir8d1T0QU.roa (raw, json)
Hash identifier:          lbWkG2Wmme7UktR8dD01ehE8hfeUSbexySVHZ3Oym3I=
Subject key identifier:   8A:21:DA:BD:02:97:53:2E:89:9A:F8:81:0A:58:AB:F1:DD:53:D1:05
Certificate issuer:       /CN=d1fd3436d7a19a7343fa800d87a01af183da318b
Certificate serial:       018CC7941829D02C98A0AAC2DBE05785F39F
Authority key identifier: D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/iiHavQKXUy6JmviBClir8d1T0QU.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47215
IP address blocks:        185.13.208.0/22 maxlen: 24
                          2a03:a540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:18:29:d0:2c:98:a0:aa:c2:db:e0:57:85:f3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1fd3436d7a19a7343fa800d87a01af183da318b
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a21dabd0297532e899af8810a58abf1dd53d105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:20:94:d4:84:de:6a:de:27:31:8c:df:f7:1d:
                    e6:04:8d:35:e3:b6:c7:db:db:61:4e:11:73:5a:96:
                    e9:54:41:12:af:d1:7e:98:72:27:57:1d:3a:dc:47:
                    22:78:a2:fb:fd:6c:a2:ec:4a:15:8e:b2:84:e0:6a:
                    21:92:fe:4c:97:fb:f0:8c:01:bf:c0:ed:dc:6f:ac:
                    8c:66:3f:0e:e3:12:d8:20:db:bc:54:fe:de:87:09:
                    a1:d1:79:ca:df:41:b6:b3:18:b3:ce:9e:a7:93:b4:
                    f4:82:07:cd:95:a8:cd:4c:67:a6:40:c4:fb:82:c1:
                    bb:1d:61:b2:9c:92:9d:11:87:bb:ac:be:4c:f0:08:
                    7c:89:df:d7:2c:e2:80:70:9f:df:27:0c:9e:0f:07:
                    99:ea:42:06:82:7d:69:cf:8c:8a:f9:29:a5:15:44:
                    29:1d:35:50:06:da:81:42:91:e3:1a:27:ac:7d:bc:
                    f5:2b:df:71:a0:fe:f0:47:55:c4:61:47:6e:1b:42:
                    15:a3:ce:cb:5a:15:bc:74:23:28:c6:f8:88:bb:b5:
                    c6:a8:35:4b:f2:75:69:36:cf:88:1c:b5:76:65:70:
                    01:fb:d8:99:54:9d:cd:b2:9f:ca:6b:7c:16:58:79:
                    6b:fc:05:7e:54:8f:5c:35:9e:cf:fc:32:34:32:4a:
                    ae:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:21:DA:BD:02:97:53:2E:89:9A:F8:81:0A:58:AB:F1:DD:53:D1:05
            X509v3 Authority Key Identifier:
                keyid:D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/iiHavQKXUy6JmviBClir8d1T0QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.208.0/22
                IPv6:
                  2a03:a540::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:b0:83:04:e3:2d:3f:0c:20:1f:77:1d:8b:03:65:da:94:af:
         8f:45:24:b4:7d:db:87:2b:28:7d:bf:7f:8f:fe:36:cb:25:80:
         93:7e:c3:b6:ba:24:13:5a:f9:d0:71:df:0c:16:7c:4e:c9:96:
         4a:db:3e:b3:d8:b9:a5:02:e9:f0:03:66:a1:f3:b8:f1:a2:ef:
         75:d9:ae:0f:2c:d0:4d:98:5b:7b:73:ec:a2:5a:84:6c:f5:f9:
         10:cb:3f:71:ea:ee:ce:48:47:73:bb:07:8b:fc:85:b4:3d:f9:
         53:73:3b:37:21:3a:3d:dc:c2:68:77:fc:59:cb:4e:3a:40:0c:
         45:55:2c:ad:16:e4:41:95:e7:d3:91:e4:3f:ee:97:f8:cc:60:
         29:9d:4e:08:34:8f:87:ea:66:b1:65:3c:46:30:9f:19:ee:b2:
         53:55:6f:75:ae:12:32:9d:64:ae:6e:c2:c8:53:4e:f1:b3:fc:
         ae:39:85:a5:fd:41:46:35:2a:7b:b9:ff:14:29:79:cd:a7:23:
         b3:2a:b5:a6:67:ba:0d:12:80:51:89:21:71:cc:ab:b6:7f:e5:
         b3:40:8d:89:0b:82:3e:41:76:cb:a0:c0:c0:dd:b5:1d:a6:24:
         d7:3d:1e:5f:4b:cc:5e:ce:10:0b:2c:62:8b:cb:f2:bd:6d:ce:
         20:21:66:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlBgp0CyYoKrC2+BXhfOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZmQzNDM2ZDdhMTlhNzM0M2ZhODAwZDg3YTAxYWYxODNk
YTMxOGIwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIxZGFiZDAyOTc1MzJlODk5YWY4ODEwYTU4YWJmMWRkNTNkMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyCU1ITeat4nMYzf9x3mBI0147bH
29thThFzWpbpVEESr9F+mHInVx063EcieKL7/Wyi7EoVjrKE4Gohkv5Ml/vwjAG/
wO3cb6yMZj8O4xLYINu8VP7ehwmh0XnK30G2sxizzp6nk7T0ggfNlajNTGemQMT7
gsG7HWGynJKdEYe7rL5M8Ah8id/XLOKAcJ/fJwyeDweZ6kIGgn1pz4yK+SmlFUQp
HTVQBtqBQpHjGiesfbz1K99xoP7wR1XEYUduG0IVo87LWhW8dCMoxviIu7XGqDVL
8nVpNs+IHLV2ZXAB+9iZVJ3Nsp/Ka3wWWHlr/AV+VI9cNZ7P/DI0MkquWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIoh2r0Cl1MuiZr4gQpYq/HdU9EFMB8GA1UdIwQY
MBaAFNH9NDbXoZpzQ/qADYegGvGD2jGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGYwME50ZWhtbk5ELW9BTmg2QWE4WVBhTVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iY2Q1ZTgtNWQxZi00NmIxLTk2YmMt
MzlhNjZjYmUxZTRkLzEvaWlIYXZRS1hVeTZKbXZpQkNsaXI4ZDFUMFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iY2Q1ZTgtNWQxZi00NmIxLTk2YmMtMzlhNjZjYmUxZTRk
LzEvMGYwME50ZWhtbk5ELW9BTmg2QWE4WVBhTVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ3QMA0E
AgACMAcDBQAqA6VAMA0GCSqGSIb3DQEBCwUAA4IBAQAHsIME4y0/DCAfdx2LA2Xa
lK+PRSS0fduHKyh9v3+P/jbLJYCTfsO2uiQTWvnQcd8MFnxOyZZK2z6z2LmlAunw
A2ah87jxou912a4PLNBNmFt7c+yiWoRs9fkQyz9x6u7OSEdzuweL/IW0PflTczs3
ITo93MJod/xZy046QAxFVSytFuRBlefTkeQ/7pf4zGApnU4INI+H6maxZTxGMJ8Z
7rJTVW91rhIynWSubsLIU07xs/yuOYWl/UFGNSp7uf8UKXnNpyOzKrWmZ7oNEoBR
iSFxzKu2f+WzQI2JC4I+QXbLoMDA3bUdpiTXPR5fS8xezhALLGKLy/K9bc4gIWYe
-----END CERTIFICATE-----