Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/8cUBNmosKNwSESOMqk4TGHsM4WI.roa
File:                     8cUBNmosKNwSESOMqk4TGHsM4WI.roa (raw, json)
Hash identifier:          b6YsZciffhtEXiR20xF11TavRx0x05Ye1wifdADOfpE=
Subject key identifier:   F1:C5:01:36:6A:2C:28:DC:12:11:23:8C:AA:4E:13:18:7B:0C:E1:62
Certificate issuer:       /CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
Certificate serial:       018CC5DC2BADFA3ED3DADBD3632F5A72D994
Authority key identifier: 6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/8cUBNmosKNwSESOMqk4TGHsM4WI.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212973
IP address blocks:        185.1.175.0/24 maxlen: 24
                          2001:7f8:f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2b:ad:fa:3e:d3:da:db:d3:63:2f:5a:72:d9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1c501366a2c28dc1211238caa4e13187b0ce162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1e:be:39:a1:db:77:40:34:2a:4d:85:cb:57:
                    cc:63:c6:3b:79:17:29:4e:79:42:11:cb:d7:77:82:
                    3f:8d:09:ce:f1:91:6a:2d:76:30:0e:58:d8:d7:d8:
                    7e:c3:0c:5e:ab:5c:a2:af:10:ca:ac:97:0b:46:99:
                    76:70:e2:1a:d1:8a:7d:0e:cf:bb:0a:ad:da:9b:7d:
                    4f:f6:96:23:6a:44:9a:90:d4:92:e2:a1:5c:39:15:
                    e2:8e:72:68:dc:1a:0a:39:7b:1f:f4:0b:a4:7f:98:
                    48:b7:28:42:f6:9c:3e:14:5b:df:54:ed:f7:3c:5f:
                    e4:8e:c8:32:a2:23:8a:88:4f:58:db:6b:bb:55:c9:
                    12:94:71:62:dd:95:b5:cc:ed:72:41:72:ef:34:8d:
                    28:c1:04:1f:1f:0c:e7:74:86:da:84:e2:51:f2:0c:
                    18:5f:6f:bd:26:b7:2d:f4:8d:2b:a2:45:d7:55:ad:
                    f1:31:7b:d0:68:4f:e3:95:6a:3b:b3:04:e6:05:69:
                    2c:c6:e2:36:be:e6:d2:fa:aa:a3:e7:8f:3a:51:5c:
                    24:b4:3b:b9:9a:3a:67:96:ae:f4:4f:20:5f:4f:7e:
                    83:38:c5:48:91:b5:ee:ab:cd:6c:49:f8:28:1c:6a:
                    08:73:03:d2:eb:5e:98:37:9d:8d:2e:04:e3:fd:36:
                    f3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C5:01:36:6A:2C:28:DC:12:11:23:8C:AA:4E:13:18:7B:0C:E1:62
            X509v3 Authority Key Identifier:
                keyid:6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/8cUBNmosKNwSESOMqk4TGHsM4WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.175.0/24
                IPv6:
                  2001:7f8:f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:6a:00:c0:d8:19:14:e9:ec:23:b2:c4:47:e7:59:ae:14:34:
         d9:fe:d2:f4:73:d0:ae:f6:b7:46:41:3f:fd:2d:e3:f6:7f:e5:
         b8:72:12:3a:af:48:51:4a:0c:09:fa:24:e9:c3:be:49:f8:5e:
         50:2f:ab:2b:0a:ad:58:1e:c7:74:a5:99:50:b2:fb:b0:35:0c:
         6c:a8:62:fe:1e:95:42:f3:13:31:71:f7:f7:95:60:18:38:46:
         fe:0b:ee:72:89:7b:7b:2b:6b:6c:75:05:06:78:b6:68:e9:88:
         da:54:1e:fa:78:f0:f9:9f:16:5c:da:33:ba:ec:0a:6c:91:ea:
         02:6e:1f:fa:bd:f1:5a:a2:02:dc:4e:63:ae:18:a2:24:11:23:
         ac:45:32:44:3c:45:62:7f:fd:e9:d1:e8:d3:fd:02:fc:b1:53:
         df:e1:37:61:3d:d7:55:f5:e6:37:18:0c:87:0b:b7:18:84:0b:
         b9:85:7c:78:5b:ca:43:dc:f7:83:e3:b5:d5:ea:6b:42:21:78:
         94:ee:b5:ce:00:43:45:eb:a6:e3:6e:07:67:1b:a9:e9:59:77:
         c1:e3:6d:0b:bd:a5:9b:40:39:1c:b9:88:6d:f0:ec:f4:34:43:
         51:d8:4c:4d:ad:d6:87:1e:ff:02:fa:2a:b0:fd:48:3c:33:c0:
         f1:77:82:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3Cut+j7T2tvTYy9actmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTg2ZDFjMTY3NmE1OWE0NmFjZjM3MzM2MTkyZTk4NWNm
ZjBlNWIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWM1MDEzNjZhMmMyOGRjMTIxMTIzOGNhYTRlMTMxODdiMGNlMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh6+OaHbd0A0Kk2Fy1fMY8Y7eRcp
TnlCEcvXd4I/jQnO8ZFqLXYwDljY19h+wwxeq1yirxDKrJcLRpl2cOIa0Yp9Ds+7
Cq3am31P9pYjakSakNSS4qFcORXijnJo3BoKOXsf9Aukf5hItyhC9pw+FFvfVO33
PF/kjsgyoiOKiE9Y22u7VckSlHFi3ZW1zO1yQXLvNI0owQQfHwzndIbahOJR8gwY
X2+9Jrct9I0rokXXVa3xMXvQaE/jlWo7swTmBWksxuI2vubS+qqj5486UVwktDu5
mjpnlq70TyBfT36DOMVIkbXuq81sSfgoHGoIcwPS616YN52NLgTj/TbzDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPHFATZqLCjcEhEjjKpOExh7DOFiMB8GA1UdIwQY
MBaAFG+obRwWdqWaRqzzczYZLphc/w5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYt
NmFhYjJiMWI5MjJjLzEvOGNVQk5tb3NLTndTRVNPTXFrNFRHSHNNNFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYtNmFhYjJiMWI5MjJj
LzEvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGvMA8E
AgACMAkDBwAgAQf4APgwDQYJKoZIhvcNAQELBQADggEBABhqAMDYGRTp7COyxEfn
Wa4UNNn+0vRz0K72t0ZBP/0t4/Z/5bhyEjqvSFFKDAn6JOnDvkn4XlAvqysKrVge
x3SlmVCy+7A1DGyoYv4elULzEzFx9/eVYBg4Rv4L7nKJe3sra2x1BQZ4tmjpiNpU
Hvp48PmfFlzaM7rsCmyR6gJuH/q98VqiAtxOY64YoiQRI6xFMkQ8RWJ//enR6NP9
AvyxU9/hN2E911X15jcYDIcLtxiEC7mFfHhbykPc94PjtdXqa0IheJTutc4AQ0Xr
puNuB2cbqelZd8HjbQu9pZtAORy5iG3w7PQ0Q1HYTE2t1oce/wL6KrD9SDwzwPF3
gqg=
-----END CERTIFICATE-----