Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/l8QB-PHUK_LEuNNWFKARbwIaMRU.roa
File:                     l8QB-PHUK_LEuNNWFKARbwIaMRU.roa (raw, json)
Hash identifier:          W02KjqYvETrR9gAMAORKt4swyV9tqxzh/G6YzbTzQpY=
Subject key identifier:   97:C4:01:F8:F1:D4:2B:F2:C4:B8:D3:56:14:A0:11:6F:02:1A:31:15
Certificate issuer:       /CN=96c035bc8fbf6763c888db344d2ab4ae62946665
Certificate serial:       019498699FB0A37246E47AA511F3A62A72C4
Authority key identifier: 96:C0:35:BC:8F:BF:67:63:C8:88:DB:34:4D:2A:B4:AE:62:94:66:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/l8QB-PHUK_LEuNNWFKARbwIaMRU.roa
Signing time:             Fri 24 Jan 2025 13:04:06 +0000
ROA not before:           Fri 24 Jan 2025 13:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61015
IP address blocks:        185.21.80.0/22 maxlen: 22
                          2a00:5720::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:98:69:9f:b0:a3:72:46:e4:7a:a5:11:f3:a6:2a:72:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96c035bc8fbf6763c888db344d2ab4ae62946665
        Validity
            Not Before: Jan 24 13:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97c401f8f1d42bf2c4b8d35614a0116f021a3115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:05:b6:40:57:2c:85:7f:94:11:95:79:fc:c3:
                    fe:7b:e2:38:de:fa:ba:bb:88:fd:c9:4a:28:07:3e:
                    7d:82:bf:99:23:96:4c:16:57:ae:1c:6b:50:17:4c:
                    8f:db:7b:36:c3:2e:f2:c3:d7:9d:c8:65:7a:9a:f3:
                    05:87:01:70:22:46:8d:15:d9:c0:32:b4:49:21:c5:
                    77:88:c7:cb:fb:72:bb:cf:5e:e3:e9:f2:8a:c3:49:
                    2d:30:1d:89:99:b8:4a:bb:ad:5b:63:be:22:5b:76:
                    1c:ae:80:ad:dd:02:08:b8:7e:b5:d3:49:97:98:bf:
                    24:aa:56:45:3f:08:fc:e0:cc:1a:b2:e9:bc:4a:16:
                    15:11:6d:1b:10:64:80:91:48:e5:6e:e2:fc:a7:ea:
                    0f:e4:bc:04:80:2e:40:bf:33:5e:6b:89:0e:11:95:
                    56:7f:6e:e3:71:b5:57:9c:a8:7a:6f:45:74:b9:be:
                    ff:2a:b9:60:f1:81:f2:3c:de:ba:12:0e:eb:d1:27:
                    99:df:db:35:15:df:af:3b:ea:20:d2:02:6a:dd:81:
                    f7:6f:5d:d6:39:47:b1:f2:8d:b0:10:79:a6:ab:81:
                    69:a6:e2:c4:5a:3d:7b:ea:bc:4c:80:7e:1e:54:b4:
                    c2:20:f8:77:c6:6c:7c:a0:2d:e5:eb:a7:3e:01:8f:
                    e2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C4:01:F8:F1:D4:2B:F2:C4:B8:D3:56:14:A0:11:6F:02:1A:31:15
            X509v3 Authority Key Identifier:
                keyid:96:C0:35:BC:8F:BF:67:63:C8:88:DB:34:4D:2A:B4:AE:62:94:66:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/l8QB-PHUK_LEuNNWFKARbwIaMRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/600b38-be3d-4a35-8180-d6307e2da9f7/1/lsA1vI-_Z2PIiNs0TSq0rmKUZmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.80.0/22
                IPv6:
                  2a00:5720::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:5f:0e:c4:de:d5:d2:6d:9b:66:94:b5:78:a0:3b:58:11:32:
         96:7d:f9:ac:18:8e:14:70:b8:b2:65:3a:87:96:3b:6f:0c:4d:
         ac:ee:1f:d7:ef:00:45:ca:fa:57:d9:6d:17:54:bf:ac:62:c2:
         95:66:f1:63:c3:5a:7a:33:bf:65:06:ad:89:e5:78:44:d5:33:
         fd:a5:96:20:14:a0:20:c4:2d:ff:67:07:6e:58:1e:12:e3:bf:
         4e:6b:a5:78:25:79:62:70:fd:64:a0:94:2c:99:cf:ee:f2:86:
         e5:17:43:56:c8:91:09:b1:bb:cb:c1:7c:ec:3a:58:ae:87:6b:
         1f:14:38:91:43:27:93:df:b6:10:ba:f7:dd:ea:2e:af:06:97:
         f4:c6:9e:e2:a9:48:c9:84:0d:6a:aa:b6:aa:fd:2f:01:31:78:
         b1:c0:47:9e:7e:3c:24:9c:fb:ca:53:55:e0:c7:21:64:09:ec:
         52:85:8a:04:8c:85:03:04:4e:d2:62:cf:83:7b:88:58:59:37:
         3e:8f:dd:5b:54:6f:cd:e7:06:94:f6:d0:e4:56:27:8b:f5:55:
         e8:54:93:16:1e:ee:f6:ca:f3:cf:ab:b9:2f:ba:66:94:3f:b2:
         f5:5d:58:30:1d:73:ef:0f:fa:0f:9c:00:04:e2:2c:d5:3b:7d:
         da:2a:f2:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSYaZ+wo3JG5HqlEfOmKnLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YzAzNWJjOGZiZjY3NjNjODg4ZGIzNDRkMmFiNGFlNjI5
NDY2NjUwHhcNMjUwMTI0MTMwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2M0MDFmOGYxZDQyYmYyYzRiOGQzNTYxNGEwMTE2ZjAyMWEzMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7gW2QFcshX+UEZV5/MP+e+I43vq6
u4j9yUooBz59gr+ZI5ZMFleuHGtQF0yP23s2wy7yw9edyGV6mvMFhwFwIkaNFdnA
MrRJIcV3iMfL+3K7z17j6fKKw0ktMB2JmbhKu61bY74iW3YcroCt3QIIuH6100mX
mL8kqlZFPwj84Mwasum8ShYVEW0bEGSAkUjlbuL8p+oP5LwEgC5AvzNea4kOEZVW
f27jcbVXnKh6b0V0ub7/Krlg8YHyPN66Eg7r0SeZ39s1Fd+vO+og0gJq3YH3b13W
OUex8o2wEHmmq4FppuLEWj176rxMgH4eVLTCIPh3xmx8oC3l66c+AY/iOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJfEAfjx1CvyxLjTVhSgEW8CGjEVMB8GA1UdIwQY
MBaAFJbANbyPv2djyIjbNE0qtK5ilGZlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHNBMXZJLV9aMlBJaU5zMFRTcTBybUtVWm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC82MDBiMzgtYmUzZC00YTM1LTgxODAt
ZDYzMDdlMmRhOWY3LzEvbDhRQi1QSFVLX0xFdU5OV0ZLQVJid0lhTVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC82MDBiMzgtYmUzZC00YTM1LTgxODAtZDYzMDdlMmRhOWY3
LzEvbHNBMXZJLV9aMlBJaU5zMFRTcTBybUtVWm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRVQMA0E
AgACMAcDBQAqAFcgMA0GCSqGSIb3DQEBCwUAA4IBAQBmXw7E3tXSbZtmlLV4oDtY
ETKWffmsGI4UcLiyZTqHljtvDE2s7h/X7wBFyvpX2W0XVL+sYsKVZvFjw1p6M79l
Bq2J5XhE1TP9pZYgFKAgxC3/ZwduWB4S479Oa6V4JXlicP1koJQsmc/u8oblF0NW
yJEJsbvLwXzsOliuh2sfFDiRQyeT37YQuvfd6i6vBpf0xp7iqUjJhA1qqraq/S8B
MXixwEeefjwknPvKU1XgxyFkCexShYoEjIUDBE7SYs+De4hYWTc+j91bVG/N5waU
9tDkVieL9VXoVJMWHu72yvPPq7kvumaUP7L1XVgwHXPvD/oPnAAE4izVO33aKvLF
-----END CERTIFICATE-----