Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/8ZbhZdGqTuUbTiZUceH5f8a8ZfY.roa
File:                     8ZbhZdGqTuUbTiZUceH5f8a8ZfY.roa (raw, json)
Hash identifier:          /DO8Z6I7XwQSyCZTg+pjHpO8kRKYvIZd3AsUfN7zq4E=
Subject key identifier:   F1:96:E1:65:D1:AA:4E:E5:1B:4E:26:54:71:E1:F9:7F:C6:BC:65:F6
Certificate issuer:       /CN=a67f1cf27426070aeda7b26053453c283fdf7537
Certificate serial:       018CC64ACDE302AF81696FAB8F341B78BF2A
Authority key identifier: A6:7F:1C:F2:74:26:07:0A:ED:A7:B2:60:53:45:3C:28:3F:DF:75:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pn8c8nQmBwrtp7JgU0U8KD_fdTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/8ZbhZdGqTuUbTiZUceH5f8a8ZfY.roa
Signing time:             Mon 01 Jan 2024 18:30:40 +0000
ROA not before:           Mon 01 Jan 2024 18:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3242
IP address blocks:        91.207.150.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/pn8c8nQmBwrtp7JgU0U8KD_fdTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/pn8c8nQmBwrtp7JgU0U8KD_fdTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pn8c8nQmBwrtp7JgU0U8KD_fdTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:cd:e3:02:af:81:69:6f:ab:8f:34:1b:78:bf:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a67f1cf27426070aeda7b26053453c283fdf7537
        Validity
            Not Before: Jan  1 18:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f196e165d1aa4ee51b4e265471e1f97fc6bc65f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f0:bd:a5:2f:b7:c9:36:c1:d8:64:7c:9d:19:
                    45:32:bf:af:f3:fb:4b:d2:7c:2b:e3:69:60:67:ed:
                    9f:94:82:d4:1b:9a:da:46:2e:a2:82:66:81:55:f1:
                    9d:e9:df:51:aa:30:38:b9:d5:26:91:8c:b7:f1:c1:
                    e8:3a:0a:bc:ed:b8:0b:b1:7b:8d:c6:1f:79:3f:7c:
                    79:2c:d6:ce:d2:71:12:d9:17:63:98:49:c1:a0:01:
                    b0:9b:a0:61:78:4e:e3:33:8c:fd:73:ad:e8:37:ce:
                    f7:53:b4:8d:ff:ad:32:82:f4:36:d4:1d:66:2f:3e:
                    d4:f8:80:49:59:f3:d9:12:b1:81:be:8c:44:54:b7:
                    59:57:7d:9e:9e:76:20:86:f4:ab:bb:45:3e:24:91:
                    4b:6e:b1:fd:5c:b2:8d:7c:4a:91:9c:4c:c1:28:51:
                    f4:6c:24:e8:1c:c7:61:e7:37:bb:fc:9a:63:84:01:
                    c8:c0:6c:47:ca:da:6e:8e:9a:c5:9d:d1:23:a2:ed:
                    98:75:92:6c:24:80:96:f7:3f:7e:de:b7:66:e3:49:
                    08:f7:24:3f:c8:81:43:77:17:e3:a0:fd:fc:09:a0:
                    56:c3:f7:f0:49:6d:51:53:4d:b4:d5:09:3f:1c:96:
                    f3:cf:52:d8:8f:2a:a8:f3:8c:d3:5b:38:39:a1:b8:
                    f8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:96:E1:65:D1:AA:4E:E5:1B:4E:26:54:71:E1:F9:7F:C6:BC:65:F6
            X509v3 Authority Key Identifier:
                keyid:A6:7F:1C:F2:74:26:07:0A:ED:A7:B2:60:53:45:3C:28:3F:DF:75:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pn8c8nQmBwrtp7JgU0U8KD_fdTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/8ZbhZdGqTuUbTiZUceH5f8a8ZfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/12e2c4-243d-44df-b0dc-b9d668f051de/1/pn8c8nQmBwrtp7JgU0U8KD_fdTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:8e:80:ed:1f:b8:81:78:db:fa:ef:cf:c2:dd:2e:54:6a:e3:
         f6:e4:44:05:cc:83:32:c9:90:67:e4:81:08:aa:71:bf:ba:17:
         30:15:db:9c:3f:71:d0:94:3b:e5:73:23:b0:ef:79:02:75:b1:
         17:c6:c0:5a:69:c0:57:37:d8:4b:8f:e9:5e:93:8d:fa:71:ee:
         58:bd:ce:80:bd:ca:e1:43:f6:11:00:11:7e:68:bd:63:d2:ff:
         6e:91:69:04:78:fc:49:19:db:89:06:8a:44:77:c9:9d:4a:19:
         78:e5:18:73:88:cb:0b:71:51:96:ab:8f:f6:fe:e5:f9:fc:e6:
         0e:4b:12:23:57:ce:6b:3d:a1:b3:6f:09:c3:3d:08:64:ef:df:
         15:55:e6:10:a6:30:fe:73:83:33:b0:9e:97:80:e3:c7:6a:06:
         84:b0:de:8f:66:c8:2b:04:b0:a6:a3:58:d2:0e:39:a5:e3:a7:
         1c:77:96:ca:55:bf:e4:ff:23:d9:fd:76:6e:9a:4e:a9:3b:ff:
         18:95:41:f7:b5:12:d2:7d:bc:55:16:92:6a:da:a9:e6:ed:f0:
         27:37:14:67:83:6c:3b:a9:b4:c7:45:f6:56:c8:79:13:6d:24:
         91:18:a5:13:70:29:8d:e7:3e:ab:80:3b:60:80:5c:7c:27:e6:
         e1:57:70:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSs3jAq+BaW+rjzQbeL8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2N2YxY2YyNzQyNjA3MGFlZGE3YjI2MDUzNDUzYzI4M2Zk
Zjc1MzcwHhcNMjQwMTAxMTgzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTk2ZTE2NWQxYWE0ZWU1MWI0ZTI2NTQ3MWUxZjk3ZmM2YmM2NWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/C9pS+3yTbB2GR8nRlFMr+v8/tL
0nwr42lgZ+2flILUG5raRi6igmaBVfGd6d9RqjA4udUmkYy38cHoOgq87bgLsXuN
xh95P3x5LNbO0nES2RdjmEnBoAGwm6BheE7jM4z9c63oN873U7SN/60ygvQ21B1m
Lz7U+IBJWfPZErGBvoxEVLdZV32ennYghvSru0U+JJFLbrH9XLKNfEqRnEzBKFH0
bCToHMdh5ze7/JpjhAHIwGxHytpujprFndEjou2YdZJsJICW9z9+3rdm40kI9yQ/
yIFDdxfjoP38CaBWw/fwSW1RU0201Qk/HJbzz1LYjyqo84zTWzg5obj4zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGW4WXRqk7lG04mVHHh+X/GvGX2MB8GA1UdIwQY
MBaAFKZ/HPJ0JgcK7aeyYFNFPCg/33U3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG44YzhuUW1Cd3J0cDdKZ1UwVThLRF9mZFRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xMmUyYzQtMjQzZC00NGRmLWIwZGMt
YjlkNjY4ZjA1MWRlLzEvOFpiaFpkR3FUdVViVGlaVWNlSDVmOGE4WmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xMmUyYzQtMjQzZC00NGRmLWIwZGMtYjlkNjY4ZjA1MWRl
LzEvcG44YzhuUW1Cd3J0cDdKZ1UwVThLRF9mZFRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+WMA0G
CSqGSIb3DQEBCwUAA4IBAQB3joDtH7iBeNv678/C3S5UauP25EQFzIMyyZBn5IEI
qnG/uhcwFducP3HQlDvlcyOw73kCdbEXxsBaacBXN9hLj+lek436ce5Yvc6Avcrh
Q/YRABF+aL1j0v9ukWkEePxJGduJBopEd8mdShl45RhziMsLcVGWq4/2/uX5/OYO
SxIjV85rPaGzbwnDPQhk798VVeYQpjD+c4MzsJ6XgOPHagaEsN6PZsgrBLCmo1jS
Djml46ccd5bKVb/k/yPZ/XZumk6pO/8YlUH3tRLSfbxVFpJq2qnm7fAnNxRng2w7
qbTHRfZWyHkTbSSRGKUTcCmN5z6rgDtggFx8J+bhV3Cf
-----END CERTIFICATE-----