Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/k7mrxpRnIiB-VMAyPQX68YUcFDY.roa
File:                     k7mrxpRnIiB-VMAyPQX68YUcFDY.roa (raw, json)
Hash identifier:          wc/eMbkU81FbtPtenM61LUfRvBvuUf1s4vYZjIxbMrM=
Subject key identifier:   93:B9:AB:C6:94:67:22:20:7E:54:C0:32:3D:05:FA:F1:85:1C:14:36
Certificate issuer:       /CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
Certificate serial:       018CC5DC5DF185F7E3267A829D339A37CA47
Authority key identifier: 8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/k7mrxpRnIiB-VMAyPQX68YUcFDY.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        195.182.218.0/23 maxlen: 32
                          2001:7f8:42::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5d:f1:85:f7:e3:26:7a:82:9d:33:9a:37:ca:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93b9abc6946722207e54c0323d05faf1851c1436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4d:01:7b:53:79:7d:42:88:45:5f:6a:9c:e2:
                    e5:c8:99:f2:5f:c3:0a:cc:95:2a:91:be:e5:cd:57:
                    20:31:bb:48:82:75:e3:fd:8a:1b:71:8c:77:4b:fb:
                    ea:99:f7:e6:9d:c9:32:85:26:41:bf:c6:92:e1:a7:
                    f1:9a:e8:58:a8:b0:2d:d6:1e:6d:b4:7d:77:eb:e7:
                    5e:36:16:44:b5:06:bd:6e:ca:82:01:b3:38:95:34:
                    22:1c:f1:65:0c:b1:90:f6:0e:f4:03:92:a7:ad:27:
                    36:fb:42:c7:d3:89:e9:46:fd:a9:48:0e:a8:4b:f4:
                    c9:4e:e3:50:26:00:89:80:63:3b:8b:ac:d9:e8:52:
                    b4:d2:fb:cb:a7:c2:f3:7f:10:3a:ae:ba:da:f3:52:
                    f8:78:0b:23:51:fd:84:3d:b5:7f:5c:21:cd:e9:da:
                    ca:6c:0b:d9:cf:5e:5d:1b:69:2a:dc:4f:36:c3:7a:
                    06:8f:f6:21:62:e6:30:10:91:97:a3:8c:8f:10:f6:
                    a8:f8:2c:fa:d2:eb:14:57:7c:76:8b:38:87:71:aa:
                    dc:11:7a:12:f2:ab:dd:0a:01:a7:22:8c:37:bb:c3:
                    4a:e2:d3:30:aa:cf:b8:79:6a:32:ce:14:f8:88:b9:
                    ac:73:c9:08:85:bd:62:65:03:1f:d5:47:66:8e:27:
                    52:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B9:AB:C6:94:67:22:20:7E:54:C0:32:3D:05:FA:F1:85:1C:14:36
            X509v3 Authority Key Identifier:
                keyid:8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/k7mrxpRnIiB-VMAyPQX68YUcFDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.218.0/23
                IPv6:
                  2001:7f8:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:27:c0:4c:84:27:4e:d2:b7:09:22:84:b8:34:bb:a4:dd:aa:
         cc:35:9e:e2:78:5d:40:d6:65:41:1a:7c:99:a4:0f:27:9f:e1:
         f6:d4:dd:41:47:cb:c6:28:48:a1:43:9e:e4:54:a8:e5:23:96:
         e5:76:a6:4e:02:32:ef:49:27:43:a8:b0:0a:c4:2a:1c:5a:00:
         16:57:fb:16:47:23:93:23:ed:b1:fb:f4:7d:64:1e:bf:c5:e2:
         f2:4f:e7:c4:c0:15:5a:d5:f5:56:90:b4:18:63:34:3c:b9:ed:
         02:42:a0:48:80:3e:4b:a5:b5:54:8a:9f:90:b4:60:57:e5:30:
         41:2e:32:22:84:d0:66:d9:43:c8:c2:7a:8f:40:ad:2a:14:6b:
         4f:a2:8e:de:e9:73:78:3f:83:da:cc:df:f4:9f:21:3d:bd:fb:
         be:f5:6c:a6:1f:52:d7:09:00:aa:69:e9:38:30:9c:56:66:1f:
         de:76:06:fe:f7:89:7a:40:65:01:12:54:e4:32:24:8c:3d:c0:
         58:9e:eb:02:02:f4:a3:bc:d0:9e:49:5f:e6:24:2e:08:ad:41:
         75:61:56:20:aa:2b:a0:8a:ad:ca:de:96:1c:0f:8f:f4:30:31:
         71:40:3a:8a:33:97:48:3b:fe:6e:44:24:78:14:96:42:0f:5e:
         53:76:ca:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3F3xhffjJnqCnTOaN8pHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZmNhN2M5NmU4MDQ1MDVhNDhiOTk2MDNkOWIyMTI0ZjFk
ZDM3MDIwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2I5YWJjNjk0NjcyMjIwN2U1NGMwMzIzZDA1ZmFmMTg1MWMxNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp00Be1N5fUKIRV9qnOLlyJnyX8MK
zJUqkb7lzVcgMbtIgnXj/YobcYx3S/vqmffmnckyhSZBv8aS4afxmuhYqLAt1h5t
tH136+deNhZEtQa9bsqCAbM4lTQiHPFlDLGQ9g70A5KnrSc2+0LH04npRv2pSA6o
S/TJTuNQJgCJgGM7i6zZ6FK00vvLp8LzfxA6rrra81L4eAsjUf2EPbV/XCHN6drK
bAvZz15dG2kq3E82w3oGj/YhYuYwEJGXo4yPEPao+Cz60usUV3x2iziHcarcEXoS
8qvdCgGnIow3u8NK4tMwqs+4eWoyzhT4iLmsc8kIhb1iZQMf1UdmjidS9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJO5q8aUZyIgflTAMj0F+vGFHBQ2MB8GA1UdIwQY
MBaAFIv8p8lugEUFpIuZYD2bISTx3TcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaV95bnlXNkFSUVdraTVsZ1Bac2hKUEhkTndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84ZjNiNmYtZTg2Zi00NjdkLWFhOTAt
MThiMWE5MzdhNTY3LzEvazdtcnhwUm5JaUItVk1BeVBRWDY4WVVjRkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84ZjNiNmYtZTg2Zi00NjdkLWFhOTAtMThiMWE5MzdhNTY3
LzEvaV95bnlXNkFSUVdraTVsZ1Bac2hKUEhkTndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw7baMA8E
AgACMAkDBwAgAQf4AEIwDQYJKoZIhvcNAQELBQADggEBAJwnwEyEJ07StwkihLg0
u6Tdqsw1nuJ4XUDWZUEafJmkDyef4fbU3UFHy8YoSKFDnuRUqOUjluV2pk4CMu9J
J0OosArEKhxaABZX+xZHI5Mj7bH79H1kHr/F4vJP58TAFVrV9VaQtBhjNDy57QJC
oEiAPkultVSKn5C0YFflMEEuMiKE0GbZQ8jCeo9ArSoUa0+ijt7pc3g/g9rM3/Sf
IT29+771bKYfUtcJAKpp6TgwnFZmH952Bv73iXpAZQESVOQyJIw9wFie6wIC9KO8
0J5JX+YkLgitQXVhViCqK6CKrcrelhwPj/QwMXFAOoozl0g7/m5EJHgUlkIPXlN2
yu8=
-----END CERTIFICATE-----