Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/_E3djcmmkPnjgtij8nldWaBpLeA.roa
File:                     _E3djcmmkPnjgtij8nldWaBpLeA.roa (raw, json)
Hash identifier:          iYTWpNgjZ8coYyJfm0wjuo46oPi2xlkktIhOPK85kwY=
Subject key identifier:   FC:4D:DD:8D:C9:A6:90:F9:E3:82:D8:A3:F2:79:5D:59:A0:69:2D:E0
Certificate issuer:       /CN=08818cbb0f9d1e573773d791138a0122f28bec56
Certificate serial:       018CC34915A64739CF41D6872B3BC7D1539D
Authority key identifier: 08:81:8C:BB:0F:9D:1E:57:37:73:D7:91:13:8A:01:22:F2:8B:EC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIGMuw-dHlc3c9eRE4oBIvKL7FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/_E3djcmmkPnjgtij8nldWaBpLeA.roa
Signing time:             Mon 01 Jan 2024 04:29:55 +0000
ROA not before:           Mon 01 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206818
IP address blocks:        185.158.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/CIGMuw-dHlc3c9eRE4oBIvKL7FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/CIGMuw-dHlc3c9eRE4oBIvKL7FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIGMuw-dHlc3c9eRE4oBIvKL7FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:15:a6:47:39:cf:41:d6:87:2b:3b:c7:d1:53:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08818cbb0f9d1e573773d791138a0122f28bec56
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc4ddd8dc9a690f9e382d8a3f2795d59a0692de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5c:b9:d6:d2:5f:6d:14:14:41:9e:ab:06:75:
                    64:dd:a5:35:3e:36:a0:4d:71:70:d5:e4:34:31:28:
                    8c:be:69:68:3f:8d:2b:de:6c:b4:57:7b:57:39:47:
                    aa:f5:c2:c6:6b:c9:af:bb:52:32:2e:01:01:da:80:
                    a6:9e:df:5b:96:ba:fb:cb:38:ca:79:64:92:0c:75:
                    d0:9c:ea:04:86:d2:92:11:83:c4:f7:08:44:4a:d4:
                    a6:32:09:c9:59:e1:e4:6e:75:a0:2c:e1:19:93:37:
                    64:35:82:7f:39:f8:62:e3:0e:27:d2:54:75:2a:c1:
                    81:b1:ed:1f:5d:b8:7d:a7:4b:20:ba:cf:25:27:11:
                    e3:b8:28:0a:e1:a2:e0:97:32:c2:02:62:fe:b5:7b:
                    c2:43:ba:53:eb:93:e8:85:50:06:4a:9c:98:4e:88:
                    3b:48:dc:e4:50:e8:30:13:6d:16:ae:5c:f0:02:50:
                    93:b4:d6:4b:0b:c0:e8:32:55:79:89:68:4a:b3:d0:
                    b7:14:23:83:66:3a:c5:e6:78:51:23:1e:72:db:be:
                    b0:e3:53:75:a2:84:36:ea:a7:83:41:5c:8d:68:cc:
                    0c:41:94:af:52:91:e7:27:c7:14:84:1c:a9:b0:8d:
                    fe:a3:63:36:cd:09:62:b6:3d:7f:59:66:42:30:7e:
                    c6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4D:DD:8D:C9:A6:90:F9:E3:82:D8:A3:F2:79:5D:59:A0:69:2D:E0
            X509v3 Authority Key Identifier:
                keyid:08:81:8C:BB:0F:9D:1E:57:37:73:D7:91:13:8A:01:22:F2:8B:EC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIGMuw-dHlc3c9eRE4oBIvKL7FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/_E3djcmmkPnjgtij8nldWaBpLeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/CIGMuw-dHlc3c9eRE4oBIvKL7FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:12:05:55:2b:b0:22:68:9f:4c:6a:cd:8a:90:ef:81:a4:3a:
         2d:46:d1:08:4a:44:76:27:40:d9:3b:27:9f:ca:a0:47:15:bc:
         6f:58:48:02:7f:8b:c7:07:58:41:ef:59:1a:14:fa:fe:59:c5:
         6d:ee:59:b0:83:d5:67:3a:e7:11:96:b9:67:dd:c3:a4:05:5c:
         eb:02:91:1f:be:52:3f:2f:c1:f4:e9:e7:fb:2c:54:ea:a6:b3:
         2a:7c:88:87:fd:78:7f:5c:de:fb:47:c9:c1:c0:70:d9:8f:e0:
         1c:a1:7d:c4:c2:55:e3:fb:00:bd:36:3a:40:9d:14:b1:9e:2c:
         17:96:92:d9:34:a1:e0:c4:c5:4f:0f:a4:72:d2:16:84:a5:3b:
         8d:b4:7a:e6:52:eb:dc:1d:36:70:bc:1f:2d:2b:ed:5a:c2:88:
         f3:78:aa:03:ba:af:8e:1b:a0:36:ac:5f:9d:b9:37:f7:3c:a0:
         f9:ae:c8:5b:25:8e:8d:b6:8d:75:28:90:46:4d:bd:d1:16:9e:
         24:48:48:46:87:12:ff:d9:eb:ac:01:fc:cf:5e:db:27:78:0b:
         80:a1:40:d5:9e:91:aa:fc:c0:95:20:e5:b9:60:1f:1b:f8:25:
         1d:76:71:c6:e7:19:b4:e2:a7:f9:ce:68:b1:8c:2a:f2:a8:a6:
         18:57:cb:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRWmRznPQdaHKzvH0VOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODE4Y2JiMGY5ZDFlNTczNzczZDc5MTEzOGEwMTIyZjI4
YmVjNTYwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzRkZGQ4ZGM5YTY5MGY5ZTM4MmQ4YTNmMjc5NWQ1OWEwNjkyZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFy51tJfbRQUQZ6rBnVk3aU1Pjag
TXFw1eQ0MSiMvmloP40r3my0V3tXOUeq9cLGa8mvu1IyLgEB2oCmnt9blrr7yzjK
eWSSDHXQnOoEhtKSEYPE9whEStSmMgnJWeHkbnWgLOEZkzdkNYJ/Ofhi4w4n0lR1
KsGBse0fXbh9p0sgus8lJxHjuCgK4aLglzLCAmL+tXvCQ7pT65PohVAGSpyYTog7
SNzkUOgwE20WrlzwAlCTtNZLC8DoMlV5iWhKs9C3FCODZjrF5nhRIx5y276w41N1
ooQ26qeDQVyNaMwMQZSvUpHnJ8cUhBypsI3+o2M2zQlitj1/WWZCMH7GfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxN3Y3JppD544LYo/J5XVmgaS3gMB8GA1UdIwQY
MBaAFAiBjLsPnR5XN3PXkROKASLyi+xWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lHTXV3LWRIbGMzYzllUkU0b0JJdktMN0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yZTA1MzYtNGNhMi00YWZlLTgzZDYt
MzM2ZTg3NGYzZDg3LzEvX0UzZGpjbW1rUG5qZ3RpajhubGRXYUJwTGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yZTA1MzYtNGNhMi00YWZlLTgzZDYtMzM2ZTg3NGYzZDg3
LzEvQ0lHTXV3LWRIbGMzYzllUkU0b0JJdktMN0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ5+MA0G
CSqGSIb3DQEBCwUAA4IBAQCGEgVVK7AiaJ9Mas2KkO+BpDotRtEISkR2J0DZOyef
yqBHFbxvWEgCf4vHB1hB71kaFPr+WcVt7lmwg9VnOucRlrln3cOkBVzrApEfvlI/
L8H06ef7LFTqprMqfIiH/Xh/XN77R8nBwHDZj+AcoX3EwlXj+wC9NjpAnRSxniwX
lpLZNKHgxMVPD6Ry0haEpTuNtHrmUuvcHTZwvB8tK+1awojzeKoDuq+OG6A2rF+d
uTf3PKD5rshbJY6Nto11KJBGTb3RFp4kSEhGhxL/2eusAfzPXtsneAuAoUDVnpGq
/MCVIOW5YB8b+CUddnHG5xm04qf5zmixjCryqKYYV8uC
-----END CERTIFICATE-----