Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/8Mu07eulTAqgXuEcVhPis9I9uvM.roa
File:                     8Mu07eulTAqgXuEcVhPis9I9uvM.roa (raw, json)
Hash identifier:          4Kqr/RznDWLvKxFe9r5dYWcbDt8TInkLamHsv7IXgpc=
Subject key identifier:   F0:CB:B4:ED:EB:A5:4C:0A:A0:5E:E1:1C:56:13:E2:B3:D2:3D:BA:F3
Certificate issuer:       /CN=72d8dbea4023d69f47f89bd2082fffb2466dd2a5
Certificate serial:       018CC4255DDF9928C2CFC6276CF2B677BF30
Authority key identifier: 72:D8:DB:EA:40:23:D6:9F:47:F8:9B:D2:08:2F:FF:B2:46:6D:D2:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/8Mu07eulTAqgXuEcVhPis9I9uvM.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204816
IP address blocks:        217.20.253.0/24 maxlen: 24
                          2a12:ffc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:df:99:28:c2:cf:c6:27:6c:f2:b6:77:bf:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72d8dbea4023d69f47f89bd2082fffb2466dd2a5
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0cbb4edeba54c0aa05ee11c5613e2b3d23dbaf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:45:a3:1d:54:80:0b:30:b6:e3:25:df:23:4f:
                    6a:07:c7:6d:aa:0b:44:0b:25:61:54:94:20:4f:f5:
                    45:54:60:89:5e:98:bb:d5:b2:d0:1c:e7:6c:f8:f4:
                    4e:fe:fb:cd:13:bf:cb:fb:fc:6e:e3:73:11:50:70:
                    f9:87:01:7c:7e:33:a7:50:2b:50:d7:35:fb:e2:78:
                    af:a2:c6:9e:e0:6a:bb:9a:90:75:ad:74:e7:13:4d:
                    84:11:27:50:b8:3d:55:63:45:26:18:78:cb:f9:7c:
                    cf:7e:9c:52:a9:ea:2f:8b:ed:a1:11:62:2f:b0:29:
                    e8:c5:0b:9c:7a:f9:9e:b1:4a:40:2c:bd:bc:2f:dc:
                    03:2d:d0:a9:96:a1:11:33:58:94:62:e1:36:d7:1f:
                    d5:b0:4c:30:e0:ed:4b:98:e5:9f:32:b2:1f:dc:22:
                    fb:97:73:e1:80:30:25:78:f6:fd:8c:5d:71:e6:61:
                    5e:2a:1f:3b:5b:27:e5:e6:88:0a:e0:b4:e3:c0:3f:
                    8e:e0:15:fd:b6:dd:08:9f:f4:4e:9c:c2:d0:de:f0:
                    dd:42:46:36:20:ac:75:f2:74:a9:18:01:13:5b:5d:
                    51:52:26:db:26:18:de:65:92:5a:86:51:15:fc:c4:
                    2c:2a:76:0a:28:4d:6c:66:e2:6d:71:15:b3:19:70:
                    ce:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CB:B4:ED:EB:A5:4C:0A:A0:5E:E1:1C:56:13:E2:B3:D2:3D:BA:F3
            X509v3 Authority Key Identifier:
                keyid:72:D8:DB:EA:40:23:D6:9F:47:F8:9B:D2:08:2F:FF:B2:46:6D:D2:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ctjb6kAj1p9H-JvSCC__skZt0qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/8Mu07eulTAqgXuEcVhPis9I9uvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a9091f-27a2-42a3-952b-9ed1804f3282/1/ctjb6kAj1p9H-JvSCC__skZt0qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.253.0/24
                IPv6:
                  2a12:ffc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:b0:b5:e4:aa:d8:19:05:f0:9c:a3:30:fe:b7:6b:ad:ac:89:
         65:9e:e2:b0:46:29:bd:81:8a:42:72:cb:4d:e2:3a:6a:f7:49:
         4b:fe:8a:22:99:8b:54:03:c6:fe:61:84:3f:cb:23:86:3c:7d:
         7b:b2:f1:4b:c4:74:3a:87:0b:4b:bd:9c:a3:11:b0:48:26:ab:
         bc:15:10:55:81:e5:74:bd:b5:1c:aa:52:87:42:bb:8c:87:43:
         ff:ee:8a:a5:b0:df:80:ea:c4:03:5c:9b:18:fe:a3:fb:60:53:
         25:24:ed:e9:b8:b3:5d:ef:39:06:b6:2d:c7:f7:7a:09:97:10:
         a2:8a:71:6b:0a:f5:1e:4e:c9:58:d8:f4:dc:56:a0:cb:0d:6f:
         92:3b:8e:8e:67:e6:93:9e:67:71:e4:1e:21:59:eb:ce:2b:53:
         3a:d4:95:e5:cf:a9:67:30:5f:7b:ae:c8:23:72:2c:8e:d1:9a:
         47:95:51:0d:e9:19:ce:3c:e7:1c:d6:03:47:1d:86:74:22:cf:
         05:83:80:d6:25:2f:04:50:f7:7a:91:08:72:f7:b3:af:4c:04:
         09:ad:45:3b:2b:4b:c0:d8:f8:a5:4f:6e:08:54:cb:62:ec:38:
         0c:82:d8:01:63:67:62:8c:c4:e3:08:1f:88:5f:71:b9:4d:ee:
         3f:b1:c9:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJV3fmSjCz8YnbPK2d78wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZDhkYmVhNDAyM2Q2OWY0N2Y4OWJkMjA4MmZmZmIyNDY2
ZGQyYTUwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNiYjRlZGViYTU0YzBhYTA1ZWUxMWM1NjEzZTJiM2QyM2RiYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkWjHVSACzC24yXfI09qB8dtqgtE
CyVhVJQgT/VFVGCJXpi71bLQHOds+PRO/vvNE7/L+/xu43MRUHD5hwF8fjOnUCtQ
1zX74nivosae4Gq7mpB1rXTnE02EESdQuD1VY0UmGHjL+XzPfpxSqeovi+2hEWIv
sCnoxQucevmesUpALL28L9wDLdCplqERM1iUYuE21x/VsEww4O1LmOWfMrIf3CL7
l3PhgDAlePb9jF1x5mFeKh87Wyfl5ogK4LTjwD+O4BX9tt0In/ROnMLQ3vDdQkY2
IKx18nSpGAETW11RUibbJhjeZZJahlEV/MQsKnYKKE1sZuJtcRWzGXDOKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPDLtO3rpUwKoF7hHFYT4rPSPbrzMB8GA1UdIwQY
MBaAFHLY2+pAI9afR/ib0ggv/7JGbdKlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3RqYjZrQWoxcDlILUp2U0NDX19za1p0MHFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hOTA5MWYtMjdhMi00MmEzLTk1MmIt
OWVkMTgwNGYzMjgyLzEvOE11MDdldWxUQXFnWHVFY1ZoUGlzOUk5dXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hOTA5MWYtMjdhMi00MmEzLTk1MmItOWVkMTgwNGYzMjgy
LzEvY3RqYjZrQWoxcDlILUp2U0NDX19za1p0MHFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RT9MA0E
AgACMAcDBQMqEv/AMA0GCSqGSIb3DQEBCwUAA4IBAQAosLXkqtgZBfCcozD+t2ut
rIllnuKwRim9gYpCcstN4jpq90lL/ooimYtUA8b+YYQ/yyOGPH17svFLxHQ6hwtL
vZyjEbBIJqu8FRBVgeV0vbUcqlKHQruMh0P/7oqlsN+A6sQDXJsY/qP7YFMlJO3p
uLNd7zkGti3H93oJlxCiinFrCvUeTslY2PTcVqDLDW+SO46OZ+aTnmdx5B4hWevO
K1M61JXlz6lnMF97rsgjciyO0ZpHlVEN6RnOPOcc1gNHHYZ0Is8Fg4DWJS8EUPd6
kQhy97OvTAQJrUU7K0vA2PilT24IVMti7DgMgtgBY2dijMTjCB+IX3G5Te4/scmL
-----END CERTIFICATE-----