Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/8VQilzbD5Z1nRDFLgdVT_RU9ibg.roa
File:                     8VQilzbD5Z1nRDFLgdVT_RU9ibg.roa (raw, json)
Hash identifier:          EluiuG1WLIw+NyVDUeesDmYjI2s94QoQa+qn94Adwoo=
Subject key identifier:   F1:54:22:97:36:C3:E5:9D:67:44:31:4B:81:D5:53:FD:15:3D:89:B8
Certificate issuer:       /CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
Certificate serial:       018CC5DC60A19047BE0C739E91FE6A3A9766
Authority key identifier: 8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/8VQilzbD5Z1nRDFLgdVT_RU9ibg.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62421
IP address blocks:        193.33.4.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:60:a1:90:47:be:0c:73:9e:91:fe:6a:3a:97:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f154229736c3e59d6744314b81d553fd153d89b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:27:d4:d0:6b:fc:95:73:4f:78:73:0b:b6:
                    ae:2a:76:35:47:d3:ae:b3:70:c7:3f:ff:72:6a:19:
                    65:e2:11:24:1e:ae:3f:4f:e8:bc:12:4b:3e:24:8e:
                    65:e5:d5:7b:74:a6:28:b7:98:03:73:34:78:1a:43:
                    41:24:6f:12:97:11:8a:dc:f1:7a:b9:2f:14:53:3c:
                    81:74:9b:40:f6:a4:4a:dd:32:06:5f:45:b3:19:8f:
                    8d:29:6a:72:ff:e6:d0:31:b9:c1:64:62:dd:f1:af:
                    bd:ac:81:0a:3f:c6:37:29:40:17:c4:a0:43:fb:bc:
                    34:47:3a:20:0a:14:96:4e:cc:41:1c:39:c0:6e:08:
                    a1:53:03:9a:a3:25:f8:73:ff:9f:ab:90:9e:98:ce:
                    e6:fb:3a:ab:04:92:5e:2c:32:93:11:29:32:b8:a2:
                    a6:3c:ba:c6:8c:94:43:1c:f6:be:05:85:fe:59:32:
                    d6:da:81:bc:f0:a5:8f:ab:98:5a:2e:cc:4d:ba:36:
                    ad:9f:fd:a0:ae:08:8e:91:f3:a1:23:5d:2e:f3:46:
                    74:5f:b4:e0:b9:7d:f2:2f:90:d4:1b:24:f8:a8:06:
                    76:58:fb:67:80:51:4c:06:67:37:93:cf:15:dd:54:
                    d1:26:71:80:d6:ee:30:1e:fa:19:aa:59:c4:09:7e:
                    87:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:54:22:97:36:C3:E5:9D:67:44:31:4B:81:D5:53:FD:15:3D:89:B8
            X509v3 Authority Key Identifier:
                keyid:8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/8VQilzbD5Z1nRDFLgdVT_RU9ibg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:f2:3a:ed:69:0c:0d:10:9f:34:eb:12:c9:1f:45:6b:0a:dd:
         f4:c0:63:dd:69:7e:3f:4b:04:5b:80:4a:de:5e:6a:0a:51:34:
         49:23:af:6a:fc:9b:0c:f3:90:c9:b2:97:48:89:75:8e:91:64:
         e8:95:f0:bb:d6:ee:53:64:43:f2:1f:f0:7c:c0:ce:aa:e8:7d:
         e0:5b:ed:4d:13:79:62:2f:e7:2c:c5:d8:3c:5e:c6:5b:c1:b9:
         75:21:1f:b7:8e:59:16:a7:b4:0d:95:65:6d:4c:80:d8:54:87:
         f9:b5:a3:4c:f8:20:a1:0f:90:86:19:0f:cd:61:26:c7:fc:c9:
         95:0c:31:06:8b:87:8f:69:e1:bc:d5:93:47:5b:60:c9:bc:07:
         17:c1:36:ef:22:ba:27:e9:7e:9f:0c:99:f3:a3:9a:ce:ac:74:
         0c:84:05:aa:64:f5:5d:9f:eb:af:d0:b1:fd:6e:60:ae:c3:3f:
         c1:47:03:71:15:01:85:8f:56:d0:37:35:80:c1:0a:17:fd:60:
         48:9b:4b:5b:53:92:36:33:4e:a0:dd:0d:09:c3:45:ff:54:61:
         8e:e4:04:a8:1e:d7:e5:80:a7:d4:89:b0:51:0f:a5:f6:1c:26:
         61:ff:40:d6:d0:81:d1:89:77:d6:23:82:1c:63:df:8e:73:3b:
         a1:1c:81:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GChkEe+DHOekf5qOpdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZmNhN2M5NmU4MDQ1MDVhNDhiOTk2MDNkOWIyMTI0ZjFk
ZDM3MDIwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTU0MjI5NzM2YzNlNTlkNjc0NDMxNGI4MWQ1NTNmZDE1M2Q4OWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMMn1NBr/JVzT3hzC7auKnY1R9Ou
s3DHP/9yahll4hEkHq4/T+i8Eks+JI5l5dV7dKYot5gDczR4GkNBJG8SlxGK3PF6
uS8UUzyBdJtA9qRK3TIGX0WzGY+NKWpy/+bQMbnBZGLd8a+9rIEKP8Y3KUAXxKBD
+7w0RzogChSWTsxBHDnAbgihUwOaoyX4c/+fq5CemM7m+zqrBJJeLDKTESkyuKKm
PLrGjJRDHPa+BYX+WTLW2oG88KWPq5haLsxNujatn/2grgiOkfOhI10u80Z0X7Tg
uX3yL5DUGyT4qAZ2WPtngFFMBmc3k88V3VTRJnGA1u4wHvoZqlnECX6H6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFUIpc2w+WdZ0QxS4HVU/0VPYm4MB8GA1UdIwQY
MBaAFIv8p8lugEUFpIuZYD2bISTx3TcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaV95bnlXNkFSUVdraTVsZ1Bac2hKUEhkTndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84ZjNiNmYtZTg2Zi00NjdkLWFhOTAt
MThiMWE5MzdhNTY3LzEvOFZRaWx6YkQ1WjFuUkRGTGdkVlRfUlU5aWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84ZjNiNmYtZTg2Zi00NjdkLWFhOTAtMThiMWE5MzdhNTY3
LzEvaV95bnlXNkFSUVdraTVsZ1Bac2hKUEhkTndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSEEMA0G
CSqGSIb3DQEBCwUAA4IBAQBR8jrtaQwNEJ806xLJH0VrCt30wGPdaX4/SwRbgEre
XmoKUTRJI69q/JsM85DJspdIiXWOkWTolfC71u5TZEPyH/B8wM6q6H3gW+1NE3li
L+csxdg8XsZbwbl1IR+3jlkWp7QNlWVtTIDYVIf5taNM+CChD5CGGQ/NYSbH/MmV
DDEGi4ePaeG81ZNHW2DJvAcXwTbvIron6X6fDJnzo5rOrHQMhAWqZPVdn+uv0LH9
bmCuwz/BRwNxFQGFj1bQNzWAwQoX/WBIm0tbU5I2M06g3Q0Jw0X/VGGO5ASoHtfl
gKfUibBRD6X2HCZh/0DW0IHRiXfWI4IcY9+OczuhHIFY
-----END CERTIFICATE-----