Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/P8u9k96qJtWU6V1uFj16YM_TwTc.roa
File:                     P8u9k96qJtWU6V1uFj16YM_TwTc.roa (raw, json)
Hash identifier:          cBilTzQG+gIeaAPbxM7ongne2J+OHEgshoMCxn0phE4=
Subject key identifier:   3F:CB:BD:93:DE:AA:26:D5:94:E9:5D:6E:16:3D:7A:60:CF:D3:C1:37
Certificate issuer:       /CN=6b66c53b13566d01c4a893adf130bbb4fa1653aa
Certificate serial:       018F9C62B0FCDECD77253403E182D177B79F
Authority key identifier: 6B:66:C5:3B:13:56:6D:01:C4:A8:93:AD:F1:30:BB:B4:FA:16:53:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/P8u9k96qJtWU6V1uFj16YM_TwTc.roa
Signing time:             Tue 21 May 2024 18:21:04 +0000
ROA not before:           Tue 21 May 2024 18:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204817
IP address blocks:        185.219.8.0/22 maxlen: 24
                          2a0b:dd40::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9c:62:b0:fc:de:cd:77:25:34:03:e1:82:d1:77:b7:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b66c53b13566d01c4a893adf130bbb4fa1653aa
        Validity
            Not Before: May 21 18:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fcbbd93deaa26d594e95d6e163d7a60cfd3c137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:93:e8:a5:be:6d:6e:a5:3c:79:bc:33:1a:e3:
                    7c:ab:c9:d0:93:b1:01:5d:c1:20:86:53:ae:c2:2f:
                    82:b5:a3:fe:2f:58:2d:de:a8:aa:12:de:fd:15:c9:
                    a3:f8:b0:08:73:22:91:8f:cb:79:25:91:cf:bf:2c:
                    e3:c0:10:a6:c6:71:4a:50:79:f3:40:8e:47:f3:36:
                    de:b8:03:e7:75:66:f4:52:da:f2:a2:2c:8a:30:02:
                    9d:9c:d0:91:e5:cc:dd:25:ae:12:d0:3e:2a:de:7e:
                    0c:44:72:86:5c:09:04:3c:e5:72:79:75:0c:18:c1:
                    30:fa:53:f6:c3:ea:f4:99:49:ea:26:2d:4e:6a:4b:
                    50:df:99:4a:bd:cf:86:ff:66:ab:35:fa:2d:8d:26:
                    b1:09:ba:d2:f8:9c:9b:92:0f:20:6d:26:7c:ba:0f:
                    16:23:a1:7a:b9:93:2e:d6:bf:43:5c:d1:3d:a2:80:
                    5b:d3:bd:8a:e0:31:6f:9c:00:38:1a:92:2b:8a:0e:
                    c7:50:0f:96:b3:ca:4a:ec:4c:69:bc:0a:00:2a:9f:
                    1b:ee:46:9c:32:fb:b0:1b:32:48:56:1a:b0:7b:ae:
                    d4:75:9f:c3:b4:8f:b2:2f:6a:68:fd:62:48:a8:b0:
                    38:86:38:d0:be:8b:e2:a6:40:b9:53:87:81:17:63:
                    81:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CB:BD:93:DE:AA:26:D5:94:E9:5D:6E:16:3D:7A:60:CF:D3:C1:37
            X509v3 Authority Key Identifier:
                keyid:6B:66:C5:3B:13:56:6D:01:C4:A8:93:AD:F1:30:BB:B4:FA:16:53:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2bFOxNWbQHEqJOt8TC7tPoWU6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/P8u9k96qJtWU6V1uFj16YM_TwTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6e5ff1-39f9-466b-827f-7bc268a0b517/1/a2bFOxNWbQHEqJOt8TC7tPoWU6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.8.0/22
                IPv6:
                  2a0b:dd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:54:a7:1e:64:a6:a1:ba:2e:50:5b:5c:74:c2:3f:d5:b0:ef:
         f5:5d:11:30:f7:31:d4:5f:10:88:83:b9:6f:45:a7:b3:72:b7:
         b5:13:e1:54:56:b0:26:cf:63:f3:c2:fd:c9:57:fe:0f:f4:a2:
         b1:2d:56:45:31:95:19:e2:fd:81:e2:88:4d:39:df:5c:73:df:
         23:8b:a6:dc:66:0c:4f:01:47:16:59:21:d2:19:02:22:37:1e:
         1b:78:fb:96:9d:66:90:0c:9a:46:e6:78:f3:8b:dd:e0:52:30:
         17:68:fd:ed:95:05:4a:33:f2:8e:f0:ef:3a:67:42:f6:ae:81:
         f7:89:59:26:29:62:a3:77:85:ca:46:5f:3a:68:93:ba:e2:f2:
         96:2a:4e:a4:dc:f4:7a:59:03:c0:2b:37:eb:e3:bc:e8:bc:75:
         37:ad:a6:e5:95:37:40:94:ff:c5:b8:e1:e4:d7:fd:15:e8:f1:
         00:28:21:bd:69:59:49:99:7d:02:63:7a:40:db:43:28:5f:fc:
         40:7a:2b:be:be:10:7c:cb:0f:7a:50:90:92:10:68:b5:15:20:
         6f:c5:db:43:ec:ef:8f:6f:41:41:81:3c:e8:be:51:56:99:b1:
         4a:71:13:ad:9f:f6:73:70:a6:91:6c:19:b9:95:28:8b:24:08:
         56:e7:c6:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+cYrD83s13JTQD4YLRd7efMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjZjNTNiMTM1NjZkMDFjNGE4OTNhZGYxMzBiYmI0ZmEx
NjUzYWEwHhcNMjQwNTIxMTgyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmNiYmQ5M2RlYWEyNmQ1OTRlOTVkNmUxNjNkN2E2MGNmZDNjMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZPopb5tbqU8ebwzGuN8q8nQk7EB
XcEghlOuwi+CtaP+L1gt3qiqEt79Fcmj+LAIcyKRj8t5JZHPvyzjwBCmxnFKUHnz
QI5H8zbeuAPndWb0UtryoiyKMAKdnNCR5czdJa4S0D4q3n4MRHKGXAkEPOVyeXUM
GMEw+lP2w+r0mUnqJi1OaktQ35lKvc+G/2arNfotjSaxCbrS+Jybkg8gbSZ8ug8W
I6F6uZMu1r9DXNE9ooBb072K4DFvnAA4GpIrig7HUA+Ws8pK7ExpvAoAKp8b7kac
MvuwGzJIVhqwe67UdZ/DtI+yL2po/WJIqLA4hjjQvovipkC5U4eBF2OBIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD/LvZPeqibVlOldbhY9emDP08E3MB8GA1UdIwQY
MBaAFGtmxTsTVm0BxKiTrfEwu7T6FlOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJiRk94TldiUUhFcUpPdDhUQzd0UG9XVTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC82ZTVmZjEtMzlmOS00NjZiLTgyN2Yt
N2JjMjY4YTBiNTE3LzEvUDh1OWs5NnFKdFdVNlYxdUZqMTZZTV9Ud1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC82ZTVmZjEtMzlmOS00NjZiLTgyN2YtN2JjMjY4YTBiNTE3
LzEvYTJiRk94TldiUUhFcUpPdDhUQzd0UG9XVTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudsIMA0E
AgACMAcDBQMqC91AMA0GCSqGSIb3DQEBCwUAA4IBAQB9VKceZKahui5QW1x0wj/V
sO/1XREw9zHUXxCIg7lvRaezcre1E+FUVrAmz2Pzwv3JV/4P9KKxLVZFMZUZ4v2B
4ohNOd9cc98ji6bcZgxPAUcWWSHSGQIiNx4bePuWnWaQDJpG5njzi93gUjAXaP3t
lQVKM/KO8O86Z0L2roH3iVkmKWKjd4XKRl86aJO64vKWKk6k3PR6WQPAKzfr47zo
vHU3rabllTdAlP/FuOHk1/0V6PEAKCG9aVlJmX0CY3pA20MoX/xAeiu+vhB8yw96
UJCSEGi1FSBvxdtD7O+Pb0FBgTzovlFWmbFKcROtn/ZzcKaRbBm5lSiLJAhW58ZA
-----END CERTIFICATE-----