Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/8BGJXe8toCOqvw-tyiL0QX3k5zE.roa
File:                     8BGJXe8toCOqvw-tyiL0QX3k5zE.roa (raw, json)
Hash identifier:          w6F7zk5Lq8Idel2STI+7xWWeabGvhkZWCTmTED5lIT0=
Subject key identifier:   F0:11:89:5D:EF:2D:A0:23:AA:BF:0F:AD:CA:22:F4:41:7D:E4:E7:31
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4924A3BDD822A64D4DA2BE47B12DE32
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/8BGJXe8toCOqvw-tyiL0QX3k5zE.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8967
IP address blocks:        95.158.156.0/22 maxlen: 24
                          46.35.182.0/23 maxlen: 24
                          95.158.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4a:3b:dd:82:2a:64:d4:da:2b:e4:7b:12:de:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f011895def2da023aabf0fadca22f4417de4e731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:8a:54:04:1f:d3:e1:18:b1:66:ac:0f:69:
                    66:77:52:71:8a:6b:c2:43:32:42:8e:74:9b:16:ae:
                    41:b9:73:77:c1:78:66:97:0e:40:f5:73:54:a3:e4:
                    7c:f4:c8:2c:b1:69:e4:df:1b:00:7d:65:10:c2:9f:
                    36:a6:71:84:34:ae:7b:d3:78:3c:2a:c4:7a:a8:89:
                    22:fb:67:23:89:d3:c3:7f:a4:42:5e:c2:a9:fa:72:
                    72:dd:8c:00:83:40:fe:9a:f2:74:17:bc:0b:f8:d7:
                    17:11:ab:b2:66:bb:f5:bb:1f:ef:56:ea:0c:f6:37:
                    e9:f4:ce:ac:35:5a:b0:80:43:8c:97:9d:53:f2:40:
                    ce:63:8a:bd:e3:59:57:a9:75:e3:7f:20:c6:8c:d2:
                    f7:07:b7:8a:f9:17:40:a4:72:27:a1:71:bd:58:d4:
                    5f:35:b7:6b:8e:95:09:6e:dd:f8:29:8c:23:2f:e2:
                    51:aa:56:6a:82:ce:8a:43:dd:4b:fe:c9:c7:03:12:
                    30:f3:a1:d4:5d:9c:c9:60:bd:89:2f:0b:7c:5e:05:
                    20:89:86:de:fc:2f:93:b8:2d:58:5c:6a:8d:ef:47:
                    c9:98:f7:20:91:66:46:96:cb:72:54:9f:2a:49:f1:
                    84:43:79:87:e2:4c:17:82:de:ca:b5:8c:3d:9b:ac:
                    b6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:11:89:5D:EF:2D:A0:23:AA:BF:0F:AD:CA:22:F4:41:7D:E4:E7:31
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/8BGJXe8toCOqvw-tyiL0QX3k5zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.182.0/23
                  95.158.156.0/22
                  95.158.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:fc:d5:03:cc:af:d3:73:57:b7:b2:95:aa:ef:84:83:82:6c:
         6e:d3:22:bb:f6:fb:c3:35:7c:e4:90:1f:9a:b0:8c:47:1e:b4:
         74:f4:4b:f0:e0:18:97:6d:58:7b:c1:fa:d9:47:29:b8:d7:91:
         2c:dc:72:2f:89:4d:95:27:85:23:0a:62:53:03:b0:6d:d9:a1:
         4e:86:09:28:05:48:b9:94:c0:93:cd:a8:6f:9b:a6:59:a6:00:
         c0:2e:d7:db:dc:9b:af:e8:df:d1:58:6b:48:d4:85:a6:d0:0d:
         83:a5:36:a4:0d:f0:97:28:22:5b:9c:a6:ab:19:5f:b3:29:ea:
         52:18:f2:04:d8:2f:9a:39:dc:5e:28:2e:21:60:62:3d:12:da:
         76:c5:70:3c:c1:81:2b:3e:12:e1:f4:72:93:3b:7e:a0:37:81:
         6a:db:a3:c9:1b:b2:00:38:aa:3c:c0:b9:56:99:08:18:29:0d:
         57:38:07:e9:56:c9:ab:67:c8:9d:d4:57:2c:10:3d:c8:5e:df:
         96:0c:a2:ac:22:85:66:19:59:04:62:b4:20:38:80:46:f1:a0:
         e8:de:a2:3c:69:66:47:86:e2:1f:e5:85:90:1c:6f:54:15:11:
         78:3a:32:3a:5f:c5:6d:a1:f7:a4:23:cd:e0:66:52:ad:87:69:
         13:73:57:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkko73YIqZNTaK+R7Et4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDExODk1ZGVmMmRhMDIzYWFiZjBmYWRjYTIyZjQ0MTdkZTRlNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHqKVAQf0+EYsWasD2lmd1JximvC
QzJCjnSbFq5BuXN3wXhmlw5A9XNUo+R89MgssWnk3xsAfWUQwp82pnGENK5703g8
KsR6qIki+2cjidPDf6RCXsKp+nJy3YwAg0D+mvJ0F7wL+NcXEauyZrv1ux/vVuoM
9jfp9M6sNVqwgEOMl51T8kDOY4q941lXqXXjfyDGjNL3B7eK+RdApHInoXG9WNRf
NbdrjpUJbt34KYwjL+JRqlZqgs6KQ91L/snHAxIw86HUXZzJYL2JLwt8XgUgiYbe
/C+TuC1YXGqN70fJmPcgkWZGlstyVJ8qSfGEQ3mH4kwXgt7KtYw9m6y2+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPARiV3vLaAjqr8Prcoi9EF95OcxMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvOEJHSlhlOHRvQ09xdnctdHlpTDBRWDNrNXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLiO2AwQC
X56cAwQCX56sMA0GCSqGSIb3DQEBCwUAA4IBAQCm/NUDzK/Tc1e3spWq74SDgmxu
0yK79vvDNXzkkB+asIxHHrR09Evw4BiXbVh7wfrZRym415Es3HIviU2VJ4UjCmJT
A7Bt2aFOhgkoBUi5lMCTzahvm6ZZpgDALtfb3Juv6N/RWGtI1IWm0A2DpTakDfCX
KCJbnKarGV+zKepSGPIE2C+aOdxeKC4hYGI9Etp2xXA8wYErPhLh9HKTO36gN4Fq
26PJG7IAOKo8wLlWmQgYKQ1XOAfpVsmrZ8id1FcsED3IXt+WDKKsIoVmGVkEYrQg
OIBG8aDo3qI8aWZHhuIf5YWQHG9UFRF4OjI6X8VtofekI83gZlKth2kTc1ea
-----END CERTIFICATE-----