Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/8M-Fd7i8yn08NXFIgESg56Kaqnk.roa
File:                     8M-Fd7i8yn08NXFIgESg56Kaqnk.roa (raw, json)
Hash identifier:          YcGRltwRX/6T41YZn/4mXKbMIHtYupKsfFO4jmof3mM=
Subject key identifier:   F0:CF:85:77:B8:BC:CA:7D:3C:35:71:48:80:44:A0:E7:A2:9A:AA:79
Certificate issuer:       /CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
Certificate serial:       018CCA2A81D0FA16564BEF2647C6157D727E
Authority key identifier: 7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/8M-Fd7i8yn08NXFIgESg56Kaqnk.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        84.246.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:81:d0:fa:16:56:4b:ef:26:47:c6:15:7d:72:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0cf8577b8bcca7d3c3571488044a0e7a29aaa79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:59:47:5e:5e:da:d2:02:91:41:3d:dd:08:ac:
                    ee:56:4a:5b:9a:66:b5:10:fb:e2:53:6e:39:11:91:
                    08:ca:3f:d5:a2:7c:50:45:cb:d6:ea:5d:7b:f0:a8:
                    49:f4:b9:26:af:06:38:f5:23:8b:96:5f:bc:2f:a0:
                    5d:25:e8:bf:83:59:73:be:91:f6:db:be:cb:f6:ce:
                    29:8d:dc:b4:50:2f:18:ef:76:cd:bd:9d:da:8f:8f:
                    ed:04:9b:1a:eb:ab:3e:bf:7d:0f:87:68:09:65:ef:
                    08:b0:59:91:34:3b:72:37:b1:77:5a:4f:b7:e4:33:
                    63:27:e2:bd:ac:90:a4:a3:0b:1b:d7:21:4b:8c:5a:
                    64:7f:e5:ad:15:f6:f7:a0:21:cc:9b:b4:1f:81:65:
                    3c:7b:bd:04:ef:72:57:2e:56:eb:80:00:5a:96:3a:
                    4c:8b:00:02:db:4c:1b:b0:5b:37:10:47:12:ef:00:
                    91:3a:8f:1a:6f:40:89:b3:80:6f:6b:0c:b8:dd:78:
                    1a:3b:b0:6c:07:0e:27:cd:33:f8:84:dd:e0:fb:43:
                    e7:66:81:11:60:51:c1:2a:a4:13:b4:9b:c0:bf:75:
                    a1:f0:19:11:54:2a:28:d5:4c:6a:1e:15:2a:16:b0:
                    6a:68:3a:42:f4:2c:7c:f8:16:a0:6e:7a:74:89:b8:
                    39:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CF:85:77:B8:BC:CA:7D:3C:35:71:48:80:44:A0:E7:A2:9A:AA:79
            X509v3 Authority Key Identifier:
                keyid:7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/8M-Fd7i8yn08NXFIgESg56Kaqnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:56:c4:60:e2:2a:ab:3b:07:fb:0e:4d:51:70:2d:a1:78:19:
         e3:90:54:3f:d9:48:54:4a:b9:3b:3a:84:f5:b3:46:b0:e7:54:
         84:1b:a8:98:dc:3d:c4:87:72:cb:ad:9b:0a:c4:29:62:5e:b6:
         be:f6:e6:00:7e:06:f6:89:6a:ae:96:d9:24:5a:d1:29:59:58:
         5f:6c:62:30:3d:b9:a8:d3:f5:1e:a7:de:91:9b:15:eb:0a:68:
         70:80:2f:53:db:01:a7:5e:8f:e1:74:b2:76:5c:95:51:96:99:
         9b:06:74:8e:a6:ec:af:c5:5d:e0:0b:e8:72:ff:a9:c0:ac:2d:
         09:40:8b:5f:5f:48:cf:b1:6d:68:a2:2a:2b:91:d4:6b:ed:6e:
         9b:58:e2:fd:a8:9b:10:59:e6:2e:9d:9c:39:a9:1f:26:98:cb:
         c5:bb:9e:00:36:f6:a1:cd:e1:ec:fd:71:00:a0:14:0b:ed:dd:
         7b:a2:51:45:2a:13:14:54:29:c5:b7:34:bb:ab:4d:56:df:bc:
         5f:00:c6:a0:b4:a6:18:c0:48:11:4c:19:34:38:57:f4:72:db:
         62:9d:cc:e9:ad:08:e7:5f:b8:e2:5f:fe:ac:ae:71:89:09:d4:
         7a:2d:a1:a0:a1:4e:59:95:2f:2f:8f:23:ca:67:a7:5d:e0:5f:
         d6:8e:29:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoHQ+hZWS+8mR8YVfXJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNzIyZjg1YjMxZTc2NWQ4Zjc3YjY5MmI1ZDJhODRjMTEx
ZDgwNWQwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNmODU3N2I4YmNjYTdkM2MzNTcxNDg4MDQ0YTBlN2EyOWFhYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVlHXl7a0gKRQT3dCKzuVkpbmma1
EPviU245EZEIyj/VonxQRcvW6l178KhJ9LkmrwY49SOLll+8L6BdJei/g1lzvpH2
277L9s4pjdy0UC8Y73bNvZ3aj4/tBJsa66s+v30Ph2gJZe8IsFmRNDtyN7F3Wk+3
5DNjJ+K9rJCkowsb1yFLjFpkf+WtFfb3oCHMm7QfgWU8e70E73JXLlbrgABaljpM
iwAC20wbsFs3EEcS7wCROo8ab0CJs4Bvawy43XgaO7BsBw4nzTP4hN3g+0PnZoER
YFHBKqQTtJvAv3Wh8BkRVCoo1UxqHhUqFrBqaDpC9Cx8+Bagbnp0ibg5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDPhXe4vMp9PDVxSIBEoOeimqp5MB8GA1UdIwQY
MBaAFHxyL4WzHnZdj3e2krXSqEwRHYBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjIt
YzY4MjE4NGQ3MDRkLzEvOE0tRmQ3aTh5bjA4TlhGSWdFU2c1NkthcW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjItYzY4MjE4NGQ3MDRk
LzEvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPZQMA0G
CSqGSIb3DQEBCwUAA4IBAQApVsRg4iqrOwf7Dk1RcC2heBnjkFQ/2UhUSrk7OoT1
s0aw51SEG6iY3D3Eh3LLrZsKxCliXra+9uYAfgb2iWqultkkWtEpWVhfbGIwPbmo
0/Uep96RmxXrCmhwgC9T2wGnXo/hdLJ2XJVRlpmbBnSOpuyvxV3gC+hy/6nArC0J
QItfX0jPsW1ooiorkdRr7W6bWOL9qJsQWeYunZw5qR8mmMvFu54ANvahzeHs/XEA
oBQL7d17olFFKhMUVCnFtzS7q01W37xfAMagtKYYwEgRTBk0OFf0cttinczprQjn
X7jiX/6srnGJCdR6LaGgoU5ZlS8vjyPKZ6dd4F/WjimI
-----END CERTIFICATE-----