Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/1F8Wti7DkVYayo1xK3QWa1QrW4Y.roa
File:                     1F8Wti7DkVYayo1xK3QWa1QrW4Y.roa (raw, json)
Hash identifier:          IuojcueLqIiv93Zc6ac3CYWDc9gvlofQjXcNG+UcjfI=
Subject key identifier:   D4:5F:16:B6:2E:C3:91:56:1A:CA:8D:71:2B:74:16:6B:54:2B:5B:86
Certificate issuer:       /CN=667b2b1befba178f30d2a321c451b6eea5466274
Certificate serial:       018CC5DC22FD960CA5B227A60B353405141D
Authority key identifier: 66:7B:2B:1B:EF:BA:17:8F:30:D2:A3:21:C4:51:B6:EE:A5:46:62:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/1F8Wti7DkVYayo1xK3QWa1QrW4Y.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34312
IP address blocks:        195.95.206.0/23 maxlen: 24
                          193.111.6.0/23 maxlen: 23
                          89.200.248.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:22:fd:96:0c:a5:b2:27:a6:0b:35:34:05:14:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667b2b1befba178f30d2a321c451b6eea5466274
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d45f16b62ec391561aca8d712b74166b542b5b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:86:fa:79:6e:c1:58:53:42:12:55:92:05:b0:
                    24:8a:ab:2d:6a:60:79:ed:5d:1f:d0:75:f7:8c:7b:
                    44:11:9d:d7:bc:4a:5a:89:fa:12:d3:c8:db:f1:80:
                    29:b1:41:97:23:c0:39:48:b6:4a:da:90:03:8d:a3:
                    c8:17:f7:00:26:c2:0b:67:f0:90:eb:ec:5c:40:e6:
                    41:ef:c2:dd:20:9e:61:c8:39:07:41:2f:f6:0e:3b:
                    dd:02:9a:4e:c5:cd:39:7c:d7:f0:fc:ec:18:53:ae:
                    5a:19:d2:0b:f4:ba:f9:b3:ff:44:8d:95:bf:c5:ed:
                    11:ba:d8:a0:6a:bf:f4:29:78:b2:15:12:db:bd:f1:
                    c5:27:2a:b6:0f:82:fe:e1:6c:ea:18:05:34:b7:e4:
                    8a:ff:12:5f:f1:c5:d7:3d:09:e4:9f:f8:75:19:d9:
                    38:6a:0f:b8:bf:18:7b:99:f8:75:c5:cb:07:d7:f4:
                    16:c2:8c:d6:9e:b6:0d:58:b9:d3:08:18:95:5c:68:
                    3c:37:10:bb:25:32:e0:00:c7:4d:65:e0:c0:39:89:
                    c7:0c:bc:2e:52:65:25:37:f0:98:99:b3:b9:a1:e5:
                    d6:ff:3f:0a:57:1e:ba:4a:68:c2:3e:64:0a:ff:59:
                    85:b8:6e:b6:94:06:cf:cf:38:8a:ef:ea:29:f7:20:
                    b5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5F:16:B6:2E:C3:91:56:1A:CA:8D:71:2B:74:16:6B:54:2B:5B:86
            X509v3 Authority Key Identifier:
                keyid:66:7B:2B:1B:EF:BA:17:8F:30:D2:A3:21:C4:51:B6:EE:A5:46:62:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/1F8Wti7DkVYayo1xK3QWa1QrW4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.200.248.0/21
                  193.111.6.0/23
                  195.95.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:be:54:13:9d:4f:b6:ed:10:8c:96:5c:b2:a7:6b:a1:72:75:
         b6:89:df:7e:4f:02:f6:b7:2a:c6:6c:ce:73:54:bf:f9:de:2a:
         56:28:b8:69:dc:da:ba:be:71:18:89:d6:76:67:7e:be:f8:ef:
         e0:b0:a6:da:e0:16:81:07:1e:05:20:01:19:fb:13:b2:88:cb:
         7c:6b:bc:63:0f:79:bb:10:88:13:cc:00:f6:47:6c:ca:54:23:
         d2:5f:73:80:af:7e:56:cd:aa:f9:47:36:04:38:63:d0:51:d3:
         09:21:dd:3e:5a:cc:6a:58:c5:31:41:c5:3d:8e:5e:4c:a6:47:
         ff:8f:d9:7c:95:bb:8f:02:57:57:43:a9:1c:a4:be:f5:d5:02:
         a4:f0:09:5d:f4:6b:a9:13:d7:f1:20:81:f0:e9:8c:b2:3d:6f:
         dc:d5:7d:9b:04:c2:16:9b:f5:91:c9:c9:8a:6b:a1:84:d2:08:
         b3:5c:4c:4e:fa:5f:7a:cd:29:1f:0d:17:c1:65:9e:8e:b4:cf:
         7e:ef:e6:b0:03:6a:25:5a:fe:d2:63:c5:55:47:4f:36:27:5a:
         54:c2:63:89:b3:c6:01:a8:d0:30:9d:03:cb:eb:1a:95:a7:4d:
         e6:db:7b:a6:5f:6a:7e:ee:fd:f1:6c:cb:fc:07:21:c9:fd:06:
         95:72:56:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3CL9lgylsiemCzU0BRQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2IyYjFiZWZiYTE3OGYzMGQyYTMyMWM0NTFiNmVlYTU0
NjYyNzQwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVmMTZiNjJlYzM5MTU2MWFjYThkNzEyYjc0MTY2YjU0MmI1Yjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYb6eW7BWFNCElWSBbAkiqstamB5
7V0f0HX3jHtEEZ3XvEpaifoS08jb8YApsUGXI8A5SLZK2pADjaPIF/cAJsILZ/CQ
6+xcQOZB78LdIJ5hyDkHQS/2DjvdAppOxc05fNfw/OwYU65aGdIL9Lr5s/9EjZW/
xe0Rutigar/0KXiyFRLbvfHFJyq2D4L+4WzqGAU0t+SK/xJf8cXXPQnkn/h1Gdk4
ag+4vxh7mfh1xcsH1/QWwozWnrYNWLnTCBiVXGg8NxC7JTLgAMdNZeDAOYnHDLwu
UmUlN/CYmbO5oeXW/z8KVx66SmjCPmQK/1mFuG62lAbPzziK7+op9yC1oQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNRfFrYuw5FWGsqNcSt0FmtUK1uGMB8GA1UdIwQY
MBaAFGZ7KxvvuhePMNKjIcRRtu6lRmJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5zckctLTZGNDh3MHFNaHhGRzI3cVZHWW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC83ZDA3ZWMtMmU2Ni00NzdhLTkzYzYt
ZjhiZGQyZDc5MjdkLzEvMUY4V3RpN0RrVllheW8xeEszUVdhMVFyVzRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC83ZDA3ZWMtMmU2Ni00NzdhLTkzYzYtZjhiZGQyZDc5Mjdk
LzEvWm5zckctLTZGNDh3MHFNaHhGRzI3cVZHWW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWcj4AwQB
wW8GAwQBw1/OMA0GCSqGSIb3DQEBCwUAA4IBAQACvlQTnU+27RCMllyyp2uhcnW2
id9+TwL2tyrGbM5zVL/53ipWKLhp3Nq6vnEYidZ2Z36++O/gsKba4BaBBx4FIAEZ
+xOyiMt8a7xjD3m7EIgTzAD2R2zKVCPSX3OAr35Wzar5RzYEOGPQUdMJId0+Wsxq
WMUxQcU9jl5Mpkf/j9l8lbuPAldXQ6kcpL711QKk8Ald9GupE9fxIIHw6YyyPW/c
1X2bBMIWm/WRycmKa6GE0gizXExO+l96zSkfDRfBZZ6OtM9+7+awA2olWv7SY8VV
R082J1pUwmOJs8YBqNAwnQPL6xqVp03m23umX2p+7v3xbMv8ByHJ/QaVclY4
-----END CERTIFICATE-----