Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/8_sSHU-RubPLjwD_4JsVMp-yyWs.roa
File:                     8_sSHU-RubPLjwD_4JsVMp-yyWs.roa (raw, json)
Hash identifier:          p+pSDUr3/+v/iKGB+1XD2RtrjH4/SU/KZMiyQh6gL+o=
Subject key identifier:   F3:FB:12:1D:4F:91:B9:B3:CB:8F:00:FF:E0:9B:15:32:9F:B2:C9:6B
Certificate issuer:       /CN=f8d6ddee34c5bb8ec0eb919ce2656bf0cd855d54
Certificate serial:       0192BE385A240233899B361EE6795479285E
Authority key identifier: F8:D6:DD:EE:34:C5:BB:8E:C0:EB:91:9C:E2:65:6B:F0:CD:85:5D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/8_sSHU-RubPLjwD_4JsVMp-yyWs.roa
Signing time:             Thu 24 Oct 2024 11:10:16 +0000
ROA not before:           Thu 24 Oct 2024 11:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        5.183.136.0/22 maxlen: 22
                          2a0e:dc00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:38:5a:24:02:33:89:9b:36:1e:e6:79:54:79:28:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8d6ddee34c5bb8ec0eb919ce2656bf0cd855d54
        Validity
            Not Before: Oct 24 11:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3fb121d4f91b9b3cb8f00ffe09b15329fb2c96b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ca:72:79:5b:59:3a:17:f3:69:4b:e1:c9:bf:
                    a4:74:0f:52:4d:07:bb:e6:9f:52:3d:d7:c5:80:0e:
                    35:3c:75:da:86:bf:11:00:d2:5c:18:81:86:b1:bb:
                    8a:be:f6:f8:3c:f0:a1:32:3b:33:33:96:3d:25:0a:
                    b3:f1:5c:b7:06:b0:c0:5c:2c:97:48:96:47:74:0f:
                    a0:67:62:57:c7:8b:b4:41:96:4d:f4:ae:a5:22:16:
                    40:14:4f:0a:47:e6:06:24:d8:b4:e5:c4:0c:40:2e:
                    6e:51:ac:59:25:fe:d1:46:16:b5:0a:c4:ef:43:b1:
                    94:65:f8:fa:60:55:0a:f1:4b:7b:b8:9c:84:b6:49:
                    7a:da:76:32:89:2b:77:bc:b8:d3:d4:00:ce:19:8e:
                    3a:98:ec:cf:82:bc:8c:aa:06:2a:03:8c:57:a0:96:
                    7c:3f:32:29:2e:ce:11:5c:63:51:6e:d8:c1:e0:48:
                    2a:46:9a:5c:ef:3f:9c:a8:7a:90:3d:16:27:d7:54:
                    44:bb:a6:2b:16:a9:18:dc:66:b0:84:94:8d:ec:f1:
                    64:8d:1a:9e:31:f1:af:8a:eb:b2:f4:2a:73:25:c0:
                    f3:6b:97:a7:dd:c7:0d:db:93:39:39:c5:f8:3f:6d:
                    cb:c8:11:4f:43:6c:8e:ca:9a:2c:98:4f:de:be:0c:
                    6a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:FB:12:1D:4F:91:B9:B3:CB:8F:00:FF:E0:9B:15:32:9F:B2:C9:6B
            X509v3 Authority Key Identifier:
                keyid:F8:D6:DD:EE:34:C5:BB:8E:C0:EB:91:9C:E2:65:6B:F0:CD:85:5D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/8_sSHU-RubPLjwD_4JsVMp-yyWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/783da5-6572-413d-9d6b-094d0db1ad2c/1/1-Nbd7jTFu47A65Gc4mVr8M2FXVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.136.0/22
                IPv6:
                  2a0e:dc00::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:05:00:19:e7:57:20:e6:aa:82:41:d3:bb:ec:a7:0a:36:f6:
         89:c3:58:ba:bb:80:b3:68:94:45:14:c7:fa:cd:d1:51:4c:71:
         09:07:ae:83:2b:a3:27:e0:ef:df:33:5c:8c:4b:cf:9c:62:a9:
         d9:36:ca:0d:ce:f8:8a:d7:ae:96:84:b6:9c:0c:69:c6:19:1d:
         3f:f4:79:a4:e9:a0:8f:7a:1b:ed:68:dd:31:6b:d6:19:85:eb:
         29:1f:ca:0f:6c:4e:85:e1:4a:c7:cf:3b:d7:fb:d7:2a:3c:20:
         a7:51:49:63:9e:9c:2c:4f:e7:a3:55:d8:93:7f:02:80:3b:ab:
         8e:2a:c8:b5:49:c8:84:40:b5:df:6e:b2:3d:00:a1:7e:dc:e6:
         bd:40:af:ee:4a:53:d7:7b:c2:49:22:d4:22:97:ea:57:22:23:
         fb:98:73:a1:9e:8f:85:23:b8:47:d8:72:64:4c:7a:16:ea:c2:
         4b:22:72:ff:28:a8:bb:70:8b:8a:c6:c8:46:78:6b:05:84:e1:
         f8:1b:1f:6c:11:d9:0a:20:3e:67:87:9f:0c:ea:a1:f5:83:2e:
         b7:79:68:88:26:8e:b4:10:16:0b:a3:45:3d:5b:64:cb:d4:95:
         8f:0e:10:9a:a0:c7:2b:40:bf:81:e2:e0:46:4d:90:70:19:e5:
         e5:c8:a5:57
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZK+OFokAjOJmzYe5nlUeSheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZDZkZGVlMzRjNWJiOGVjMGViOTE5Y2UyNjU2YmYwY2Q4
NTVkNTQwHhcNMjQxMDI0MTExMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2ZiMTIxZDRmOTFiOWIzY2I4ZjAwZmZlMDliMTUzMjlmYjJjOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcpyeVtZOhfzaUvhyb+kdA9STQe7
5p9SPdfFgA41PHXahr8RANJcGIGGsbuKvvb4PPChMjszM5Y9JQqz8Vy3BrDAXCyX
SJZHdA+gZ2JXx4u0QZZN9K6lIhZAFE8KR+YGJNi05cQMQC5uUaxZJf7RRha1CsTv
Q7GUZfj6YFUK8Ut7uJyEtkl62nYyiSt3vLjT1ADOGY46mOzPgryMqgYqA4xXoJZ8
PzIpLs4RXGNRbtjB4EgqRppc7z+cqHqQPRYn11REu6YrFqkY3GawhJSN7PFkjRqe
MfGviuuy9CpzJcDza5en3ccN25M5OcX4P23LyBFPQ2yOyposmE/evgxquwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPP7Eh1Pkbmzy48A/+CbFTKfsslrMB8GA1UdIwQY
MBaAFPjW3e40xbuOwOuRnOJla/DNhV1UMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1OYmQ3alRGdTQ3QTY1R2M0bVZyOE0yRlhWUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYvNzgzZGE1LTY1NzItNDEzZC05ZDZi
LTA5NGQwZGIxYWQyYy8xLzhfc1NIVS1SdWJQTGp3RF80SnNWTXAteXlXcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvNzgzZGE1LTY1NzItNDEzZC05ZDZiLTA5NGQwZGIxYWQy
Yy8xLzEtTmJkN2pURnU0N0E2NUdjNG1WcjhNMkZYVlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAIFt4gw
DQQCAAIwBwMFACoO3AAwDQYJKoZIhvcNAQELBQADggEBADIFABnnVyDmqoJB07vs
pwo29onDWLq7gLNolEUUx/rN0VFMcQkHroMroyfg798zXIxLz5xiqdk2yg3O+IrX
rpaEtpwMacYZHT/0eaTpoI96G+1o3TFr1hmF6ykfyg9sToXhSsfPO9f71yo8IKdR
SWOenCxP56NV2JN/AoA7q44qyLVJyIRAtd9usj0AoX7c5r1Ar+5KU9d7wkki1CKX
6lciI/uYc6Gej4UjuEfYcmRMehbqwksicv8oqLtwi4rGyEZ4awWE4fgbH2wR2Qog
PmeHnwzqofWDLrd5aIgmjrQQFgujRT1bZMvUlY8OEJqgxytAv4Hi4EZNkHAZ5eXI
pVc=
-----END CERTIFICATE-----