Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/f9mFNCX8oTTYyjlGpKNg0vg15bE.roa
File:                     f9mFNCX8oTTYyjlGpKNg0vg15bE.roa (raw, json)
Hash identifier:          gWRMmAjM5UrsbDydc+sB5DVAW+2FU8xnozRru7AFUBM=
Subject key identifier:   7F:D9:85:34:25:FC:A1:34:D8:CA:39:46:A4:A3:60:D2:F8:35:E5:B1
Certificate issuer:       /CN=8f0adba2604934738c7c9692a0b3ab7b30a82bb2
Certificate serial:       018CF961B034DB6EDAA94EFB79B4F65EA8EB
Authority key identifier: 8F:0A:DB:A2:60:49:34:73:8C:7C:96:92:A0:B3:AB:7B:30:A8:2B:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jwrbomBJNHOMfJaSoLOrezCoK7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/f9mFNCX8oTTYyjlGpKNg0vg15bE.roa
Signing time:             Thu 11 Jan 2024 16:36:18 +0000
ROA not before:           Thu 11 Jan 2024 16:36:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201179
IP address blocks:        185.18.220.0/24 maxlen: 24
                          176.110.124.0/24 maxlen: 24
                          176.110.125.0/24 maxlen: 24
                          176.110.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/jwrbomBJNHOMfJaSoLOrezCoK7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/jwrbomBJNHOMfJaSoLOrezCoK7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jwrbomBJNHOMfJaSoLOrezCoK7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f9:61:b0:34:db:6e:da:a9:4e:fb:79:b4:f6:5e:a8:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0adba2604934738c7c9692a0b3ab7b30a82bb2
        Validity
            Not Before: Jan 11 16:36:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fd9853425fca134d8ca3946a4a360d2f835e5b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:03:32:df:1e:87:1e:dd:85:a5:6f:14:9d:b9:
                    75:13:9c:d5:48:4e:30:52:44:ef:5e:03:23:b4:bd:
                    e9:55:c0:f1:b8:a1:4d:9d:83:bf:bf:ee:78:3b:ab:
                    71:a0:78:ea:42:6e:50:1c:d1:a3:8f:02:21:af:16:
                    df:37:ed:4a:c1:cb:b6:67:4a:21:36:84:ac:bb:8d:
                    90:ae:c2:31:fb:9b:82:b8:bb:67:53:79:f6:0e:24:
                    9b:f6:41:37:d6:4b:89:d5:08:2b:90:35:de:7f:da:
                    67:3c:07:ca:bc:7f:99:a8:b3:8e:3f:89:ac:29:be:
                    2b:73:14:db:9f:f0:12:45:58:2d:e5:63:ee:df:89:
                    b7:b4:4d:ce:72:13:4e:25:97:a2:dd:c8:f6:ad:49:
                    87:97:36:dc:ee:73:3b:ff:b4:9a:74:61:4a:c0:87:
                    a1:e6:68:50:bc:c6:e2:ce:44:c4:a3:d6:40:3f:0e:
                    69:b8:ce:d1:ec:38:fb:94:2c:68:64:9e:fb:bd:49:
                    1d:ef:24:12:66:8f:11:7c:ec:51:78:e1:51:1e:01:
                    68:71:3c:13:74:45:7c:88:91:a9:76:2c:2e:4c:2a:
                    d2:e3:f0:e2:2b:32:2e:5d:40:cd:6c:e2:c9:00:89:
                    bf:3c:f7:36:98:fb:36:fe:95:86:f2:49:8d:23:ca:
                    39:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D9:85:34:25:FC:A1:34:D8:CA:39:46:A4:A3:60:D2:F8:35:E5:B1
            X509v3 Authority Key Identifier:
                keyid:8F:0A:DB:A2:60:49:34:73:8C:7C:96:92:A0:B3:AB:7B:30:A8:2B:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jwrbomBJNHOMfJaSoLOrezCoK7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/f9mFNCX8oTTYyjlGpKNg0vg15bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7a85c9-c58a-4f8e-83b1-7bafde4c4b24/1/jwrbomBJNHOMfJaSoLOrezCoK7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.124.0-176.110.126.255
                  185.18.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:2b:79:02:57:c4:ec:9a:57:e7:e7:58:49:11:cb:ab:3b:75:
         49:d0:b0:43:4a:21:1d:04:f3:34:03:99:11:33:45:74:66:b5:
         14:03:f9:f0:79:73:07:34:b3:17:d6:f4:4e:ec:17:8a:1f:17:
         2e:8a:49:b0:70:0a:59:60:74:1c:a5:de:76:ac:d8:b3:db:b5:
         29:8b:9e:1c:9b:5d:54:be:f7:17:0e:30:36:0d:dd:57:1b:8d:
         40:c2:54:a8:33:49:c6:ec:61:5f:1b:7c:c5:f6:24:ce:47:6b:
         f0:1b:94:5b:cf:bb:3c:5f:c1:38:5b:c4:c2:cc:92:14:be:6d:
         61:20:1c:2f:54:f6:8c:3f:0d:00:ee:84:7c:31:f2:77:5b:5b:
         30:6e:ef:49:8c:b4:ec:4b:31:0b:df:31:82:b0:2e:dd:bc:8c:
         e7:5d:8f:48:41:41:90:9d:6c:0c:e5:93:4d:c6:e3:3f:4c:cc:
         fe:96:db:79:3b:de:62:e6:d8:6c:f6:5b:4d:9d:8e:a1:5d:48:
         5d:f6:44:a2:27:a7:f6:aa:42:c7:4f:68:cb:06:98:78:ab:e0:
         65:fd:9f:3f:a6:97:1f:93:f4:5e:5d:a9:87:8f:f6:8e:e1:b4:
         5c:99:b6:9d:b5:e5:6c:2e:d1:8f:b6:30:54:3a:71:9b:27:c6:
         c1:8b:4c:b3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYz5YbA0227aqU77ebT2XqjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMGFkYmEyNjA0OTM0NzM4YzdjOTY5MmEwYjNhYjdiMzBh
ODJiYjIwHhcNMjQwMTExMTYzNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ5ODUzNDI1ZmNhMTM0ZDhjYTM5NDZhNGEzNjBkMmY4MzVlNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AMy3x6HHt2FpW8Unbl1E5zVSE4w
UkTvXgMjtL3pVcDxuKFNnYO/v+54O6txoHjqQm5QHNGjjwIhrxbfN+1Kwcu2Z0oh
NoSsu42QrsIx+5uCuLtnU3n2DiSb9kE31kuJ1QgrkDXef9pnPAfKvH+ZqLOOP4ms
Kb4rcxTbn/ASRVgt5WPu34m3tE3OchNOJZei3cj2rUmHlzbc7nM7/7SadGFKwIeh
5mhQvMbizkTEo9ZAPw5puM7R7Dj7lCxoZJ77vUkd7yQSZo8RfOxReOFRHgFocTwT
dEV8iJGpdiwuTCrS4/DiKzIuXUDNbOLJAIm/PPc2mPs2/pWG8kmNI8o5zQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH/ZhTQl/KE02Mo5RqSjYNL4NeWxMB8GA1UdIwQY
MBaAFI8K26JgSTRzjHyWkqCzq3swqCuyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandyYm9tQkpOSE9NZkphU29MT3JlekNvSzdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC83YTg1YzktYzU4YS00ZjhlLTgzYjEt
N2JhZmRlNGM0YjI0LzEvZjltRk5DWDhvVFRZeWpsR3BLTmcwdmcxNWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC83YTg1YzktYzU4YS00ZjhlLTgzYjEtN2JhZmRlNGM0YjI0
LzEvandyYm9tQkpOSE9NZkphU29MT3JlekNvSzdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAKwbnwD
BACwbn4DBAC5EtwwDQYJKoZIhvcNAQELBQADggEBAJ0reQJXxOyaV+fnWEkRy6s7
dUnQsENKIR0E8zQDmREzRXRmtRQD+fB5cwc0sxfW9E7sF4ofFy6KSbBwCllgdByl
3nas2LPbtSmLnhybXVS+9xcOMDYN3VcbjUDCVKgzScbsYV8bfMX2JM5Ha/AblFvP
uzxfwThbxMLMkhS+bWEgHC9U9ow/DQDuhHwx8ndbWzBu70mMtOxLMQvfMYKwLt28
jOddj0hBQZCdbAzlk03G4z9MzP6W23k73mLm2Gz2W02djqFdSF32RKInp/aqQsdP
aMsGmHir4GX9nz+mlx+T9F5dqYeP9o7htFyZtp215Wwu0Y+2MFQ6cZsnxsGLTLM=
-----END CERTIFICATE-----