Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/C8ia9jHzJUaakWVOvCT2v2wMRSY.roa
File:                     C8ia9jHzJUaakWVOvCT2v2wMRSY.roa (raw, json)
Hash identifier:          l5WSPtenq8aURsPAc1Vgn0IBfgcAELePFJa+YLPocOM=
Subject key identifier:   0B:C8:9A:F6:31:F3:25:46:9A:91:65:4E:BC:24:F6:BF:6C:0C:45:26
Certificate issuer:       /CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
Certificate serial:       018CC3B68F35CE1F43A6B2BA40C5632A35F3
Authority key identifier: 67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/C8ia9jHzJUaakWVOvCT2v2wMRSY.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        185.18.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8f:35:ce:1f:43:a6:b2:ba:40:c5:63:2a:35:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc89af631f325469a91654ebc24f6bf6c0c4526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d2:83:15:10:7b:97:11:ff:58:e2:1c:b1:66:
                    6e:d4:f9:bb:5e:ac:56:a8:7e:7f:a2:e1:ee:c3:6e:
                    19:eb:62:97:93:22:e9:22:c9:22:8f:5e:8b:04:8c:
                    24:0f:c8:97:fd:7c:61:ea:36:87:eb:59:db:98:c4:
                    83:7a:dd:31:0a:d8:80:f9:31:5e:ac:e6:09:de:46:
                    0c:b4:fa:e1:32:7c:96:33:1c:c0:50:8a:f5:2a:82:
                    b7:43:5b:e4:d9:5d:5f:d3:a8:d2:77:b1:21:9b:11:
                    1e:57:45:8f:50:8a:d8:81:43:ee:4a:ba:a8:8c:61:
                    c4:f3:72:d0:25:b8:cf:2b:ab:c5:5c:ea:d7:ef:0c:
                    6f:49:27:88:42:95:5e:d9:54:49:c3:0c:dc:05:e1:
                    0a:6b:3f:ab:cb:5d:fd:fb:6b:22:cf:e3:62:de:8a:
                    9a:33:6b:60:96:ca:31:84:b6:c0:2e:78:25:85:e4:
                    05:3c:b1:aa:82:ba:a2:0c:8f:f9:50:37:3a:19:37:
                    88:f9:0e:88:11:62:12:a9:f4:fc:9e:94:3b:38:84:
                    76:6d:28:39:28:a8:44:42:bd:a9:2e:16:82:28:b0:
                    4f:3c:29:44:38:56:73:27:0f:06:df:6b:b2:4c:86:
                    84:03:07:eb:70:86:dd:3f:6d:5d:0c:b2:d5:b0:b2:
                    68:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C8:9A:F6:31:F3:25:46:9A:91:65:4E:BC:24:F6:BF:6C:0C:45:26
            X509v3 Authority Key Identifier:
                keyid:67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/C8ia9jHzJUaakWVOvCT2v2wMRSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:6c:82:21:e5:1d:44:51:2c:ad:ae:04:15:13:bf:bc:e0:f9:
         55:4b:0a:43:7a:20:95:bd:5c:c0:ae:3d:52:9d:45:66:c6:34:
         76:54:09:e0:10:e1:6b:ec:a6:ae:61:44:24:4d:ae:72:96:a9:
         46:0b:d9:3c:ae:93:a4:ab:59:98:bc:e5:c3:e9:63:19:48:1d:
         71:79:34:f6:d0:f6:84:69:ca:70:91:4b:72:75:6b:54:5f:a1:
         99:41:eb:f4:32:40:d4:0c:59:22:0c:5a:f4:cc:a4:97:2e:bb:
         82:7e:00:7b:de:fb:0b:cf:13:e9:18:5e:90:de:8e:5f:2e:cf:
         43:72:38:83:e8:a8:28:f0:9f:fd:c5:44:42:74:f3:6f:ee:82:
         19:f8:24:f6:87:57:df:c5:18:68:27:40:36:99:9d:e5:79:cd:
         d0:f2:ae:7c:c1:00:0a:ed:5b:b7:48:b7:84:ba:11:3e:9c:9c:
         7c:fa:a8:b1:a1:e6:7c:ba:36:50:ec:07:42:57:3a:e1:8e:ff:
         45:42:44:fa:31:1c:a0:21:86:f0:fc:19:64:4e:66:4f:f5:09:
         63:d0:4a:71:33:13:fa:17:12:a2:6d:ff:4c:8b:b3:71:96:a0:
         a9:95:e2:d1:7f:7a:41:53:6c:b6:52:bb:93:31:74:ee:63:f0:
         26:d1:24:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDto81zh9DprK6QMVjKjXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MmYwZTQyYjA4YWE0NTFmYzU4M2EzNThlYzM3MGZmYmQy
ZGFjNjgwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM4OWFmNjMxZjMyNTQ2OWE5MTY1NGViYzI0ZjZiZjZjMGM0NTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NKDFRB7lxH/WOIcsWZu1Pm7XqxW
qH5/ouHuw24Z62KXkyLpIskij16LBIwkD8iX/Xxh6jaH61nbmMSDet0xCtiA+TFe
rOYJ3kYMtPrhMnyWMxzAUIr1KoK3Q1vk2V1f06jSd7EhmxEeV0WPUIrYgUPuSrqo
jGHE83LQJbjPK6vFXOrX7wxvSSeIQpVe2VRJwwzcBeEKaz+ry139+2siz+Ni3oqa
M2tglsoxhLbALnglheQFPLGqgrqiDI/5UDc6GTeI+Q6IEWISqfT8npQ7OIR2bSg5
KKhEQr2pLhaCKLBPPClEOFZzJw8G32uyTIaEAwfrcIbdP21dDLLVsLJokwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvImvYx8yVGmpFlTrwk9r9sDEUmMB8GA1UdIwQY
MBaAFGcvDkKwiqRR/Fg6NY7DcP+9LaxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTct
ZjBiOTYyZjUyNDE0LzEvQzhpYTlqSHpKVWFha1dWT3ZDVDJ2MndNUlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTctZjBiOTYyZjUyNDE0
LzEvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRL6MA0G
CSqGSIb3DQEBCwUAA4IBAQBnbIIh5R1EUSytrgQVE7+84PlVSwpDeiCVvVzArj1S
nUVmxjR2VAngEOFr7KauYUQkTa5ylqlGC9k8rpOkq1mYvOXD6WMZSB1xeTT20PaE
acpwkUtydWtUX6GZQev0MkDUDFkiDFr0zKSXLruCfgB73vsLzxPpGF6Q3o5fLs9D
cjiD6Kgo8J/9xURCdPNv7oIZ+CT2h1ffxRhoJ0A2mZ3lec3Q8q58wQAK7Vu3SLeE
uhE+nJx8+qixoeZ8ujZQ7AdCVzrhjv9FQkT6MRygIYbw/BlkTmZP9Qlj0EpxMxP6
FxKibf9Mi7NxlqCpleLRf3pBU2y2UruTMXTuY/Am0SRB
-----END CERTIFICATE-----