Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/oQkgBCVI3nvmcx_z_p5c9q49d8o.roa
File:                     oQkgBCVI3nvmcx_z_p5c9q49d8o.roa (raw, json)
Hash identifier:          sAYDpXQFXIz/8pVpumXAQRNgVPgEz3yhzv0UPHtjZUs=
Subject key identifier:   A1:09:20:04:25:48:DE:7B:E6:73:1F:F3:FE:9E:5C:F6:AE:3D:77:CA
Certificate issuer:       /CN=8ad7629c11b68020d73d9b65c54e5043c3414194
Certificate serial:       018CCA29B375CEE872396756F9FD9D049422
Authority key identifier: 8A:D7:62:9C:11:B6:80:20:D7:3D:9B:65:C5:4E:50:43:C3:41:41:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itdinBG2gCDXPZtlxU5QQ8NBQZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/oQkgBCVI3nvmcx_z_p5c9q49d8o.roa
Signing time:             Tue 02 Jan 2024 12:32:59 +0000
ROA not before:           Tue 02 Jan 2024 12:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        185.229.248.0/24 maxlen: 24
                          2a10:b680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/itdinBG2gCDXPZtlxU5QQ8NBQZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/itdinBG2gCDXPZtlxU5QQ8NBQZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itdinBG2gCDXPZtlxU5QQ8NBQZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:04:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:b3:75:ce:e8:72:39:67:56:f9:fd:9d:04:94:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad7629c11b68020d73d9b65c54e5043c3414194
        Validity
            Not Before: Jan  2 12:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10920042548de7be6731ff3fe9e5cf6ae3d77ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:86:1c:44:bb:e8:a0:e1:b0:90:3a:01:49:77:
                    1f:ad:86:34:b5:f3:ad:d1:13:c3:fa:9e:2a:f2:f2:
                    38:c1:8c:ae:75:12:e5:a7:57:21:97:e9:e4:26:57:
                    a7:9c:45:29:68:c3:e0:2a:2c:dd:76:37:05:e4:ef:
                    51:5b:87:6b:ca:96:43:c4:82:c9:2a:a0:6b:58:e3:
                    35:26:fb:5d:e1:15:85:d0:b7:e4:40:d6:47:42:65:
                    72:2a:e5:33:e9:53:57:c1:35:5c:6c:60:89:89:19:
                    b3:14:19:77:73:8c:f6:00:3e:5a:f7:92:4c:ca:ba:
                    95:d7:1d:f7:84:12:2a:f6:d7:54:31:04:9c:ea:60:
                    8b:36:03:64:de:e2:24:ce:91:63:10:c7:39:23:59:
                    41:fe:56:01:a3:f4:11:83:a1:b2:64:3c:85:d1:3b:
                    7a:a1:19:9c:e1:04:58:4f:0b:25:22:a1:10:37:7f:
                    2d:28:b7:ec:6c:26:f3:82:f2:50:b1:ad:97:57:9a:
                    b6:8b:f3:f7:a7:92:42:e9:91:1a:6f:4f:38:9c:8c:
                    16:9c:88:09:96:b9:3a:b7:95:f6:30:34:2a:05:2f:
                    1a:f8:fd:41:11:aa:69:76:75:40:b1:da:cb:9b:5d:
                    f0:c6:d5:60:07:d1:24:e9:34:78:0c:f2:c8:06:c8:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:09:20:04:25:48:DE:7B:E6:73:1F:F3:FE:9E:5C:F6:AE:3D:77:CA
            X509v3 Authority Key Identifier:
                keyid:8A:D7:62:9C:11:B6:80:20:D7:3D:9B:65:C5:4E:50:43:C3:41:41:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itdinBG2gCDXPZtlxU5QQ8NBQZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/oQkgBCVI3nvmcx_z_p5c9q49d8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ee97b4-feca-4d3d-82d3-1538e2a3ad22/1/itdinBG2gCDXPZtlxU5QQ8NBQZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.248.0/24
                IPv6:
                  2a10:b680::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:35:c0:38:f3:8e:dc:58:3c:74:fa:6e:4e:e9:10:4d:bf:81:
         b0:3d:d7:21:b0:1c:52:d9:3e:54:4c:d0:69:f3:eb:85:08:ea:
         15:7d:b9:a1:32:fa:77:69:2a:d3:f9:97:80:ff:71:d6:6e:2c:
         4c:dc:63:b5:88:78:3f:76:08:25:74:99:e2:62:11:f8:ca:56:
         b2:7f:a4:33:1e:54:d6:71:d2:12:76:95:09:33:43:74:ba:c0:
         d7:19:54:7a:ad:05:35:e8:52:55:1a:73:32:1d:ae:cd:e5:48:
         ff:11:0e:75:1a:3d:88:29:a0:6a:e1:93:8f:09:8b:78:2a:19:
         e6:70:d9:67:54:4c:2a:d6:54:63:3d:52:73:31:3a:1b:18:8e:
         5b:79:d6:78:1d:c7:dc:e3:b2:cb:ac:0d:de:b8:53:99:2c:d9:
         4f:9c:b0:63:f4:67:f1:53:6c:d9:3d:8c:d3:a1:05:80:f3:ec:
         5e:54:32:d8:fa:56:85:6b:4a:46:09:a0:7c:29:dc:21:aa:4d:
         12:fd:18:ed:05:cc:e3:58:32:3f:cc:8a:f8:7b:96:45:55:6d:
         75:ae:7b:65:90:9a:4b:a1:fd:3c:84:15:bb:1e:30:16:c4:64:
         a9:39:3f:79:0c:31:fe:3d:2f:8d:7f:c4:d6:36:17:06:98:1e:
         fa:3e:87:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKbN1zuhyOWdW+f2dBJQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDc2MjljMTFiNjgwMjBkNzNkOWI2NWM1NGU1MDQzYzM0
MTQxOTQwHhcNMjQwMTAyMTIzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA5MjAwNDI1NDhkZTdiZTY3MzFmZjNmZTllNWNmNmFlM2Q3N2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoYcRLvooOGwkDoBSXcfrYY0tfOt
0RPD+p4q8vI4wYyudRLlp1chl+nkJlennEUpaMPgKizddjcF5O9RW4drypZDxILJ
KqBrWOM1Jvtd4RWF0LfkQNZHQmVyKuUz6VNXwTVcbGCJiRmzFBl3c4z2AD5a95JM
yrqV1x33hBIq9tdUMQSc6mCLNgNk3uIkzpFjEMc5I1lB/lYBo/QRg6GyZDyF0Tt6
oRmc4QRYTwslIqEQN38tKLfsbCbzgvJQsa2XV5q2i/P3p5JC6ZEab084nIwWnIgJ
lrk6t5X2MDQqBS8a+P1BEappdnVAsdrLm13wxtVgB9Ek6TR4DPLIBsjs8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKEJIAQlSN575nMf8/6eXPauPXfKMB8GA1UdIwQY
MBaAFIrXYpwRtoAg1z2bZcVOUEPDQUGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRkaW5CRzJnQ0RYUFp0bHhVNVFROE5CUVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lZTk3YjQtZmVjYS00ZDNkLTgyZDMt
MTUzOGUyYTNhZDIyLzEvb1FrZ0JDVkkzbnZtY3hfel9wNWM5cTQ5ZDhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lZTk3YjQtZmVjYS00ZDNkLTgyZDMtMTUzOGUyYTNhZDIy
LzEvaXRkaW5CRzJnQ0RYUFp0bHhVNVFROE5CUVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueX4MA0E
AgACMAcDBQAqELaAMA0GCSqGSIb3DQEBCwUAA4IBAQAGNcA4847cWDx0+m5O6RBN
v4GwPdchsBxS2T5UTNBp8+uFCOoVfbmhMvp3aSrT+ZeA/3HWbixM3GO1iHg/dggl
dJniYhH4ylayf6QzHlTWcdISdpUJM0N0usDXGVR6rQU16FJVGnMyHa7N5Uj/EQ51
Gj2IKaBq4ZOPCYt4KhnmcNlnVEwq1lRjPVJzMTobGI5bedZ4Hcfc47LLrA3euFOZ
LNlPnLBj9GfxU2zZPYzToQWA8+xeVDLY+laFa0pGCaB8Kdwhqk0S/RjtBczjWDI/
zIr4e5ZFVW11rntlkJpLof08hBW7HjAWxGSpOT95DDH+PS+Nf8TWNhcGmB76Pofu
-----END CERTIFICATE-----