Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/sibhsJ9dj3QzsQA_YvMgyw3mZ5U.roa
File:                     sibhsJ9dj3QzsQA_YvMgyw3mZ5U.roa (raw, json)
Hash identifier:          IaWoSyrsL8F4mTaEJrgYPPRzPWqNqRo1l/Dog4YUvno=
Subject key identifier:   B2:26:E1:B0:9F:5D:8F:74:33:B1:00:3F:62:F3:20:CB:0D:E6:67:95
Certificate issuer:       /CN=f1808f1abef8e6b59cd4359a6b4481fc7c9631d1
Certificate serial:       018CC42525690DC9712536B332DF1FF72789
Authority key identifier: F1:80:8F:1A:BE:F8:E6:B5:9C:D4:35:9A:6B:44:81:FC:7C:96:31:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8YCPGr745rWc1DWaa0SB_HyWMdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/sibhsJ9dj3QzsQA_YvMgyw3mZ5U.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34154
IP address blocks:        185.237.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/8YCPGr745rWc1DWaa0SB_HyWMdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/8YCPGr745rWc1DWaa0SB_HyWMdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8YCPGr745rWc1DWaa0SB_HyWMdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:25:69:0d:c9:71:25:36:b3:32:df:1f:f7:27:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1808f1abef8e6b59cd4359a6b4481fc7c9631d1
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b226e1b09f5d8f7433b1003f62f320cb0de66795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ea:b8:42:bd:36:57:71:85:cf:70:81:34:1f:
                    4f:fa:20:48:d3:ae:19:f2:d5:af:17:20:3c:6a:bc:
                    69:c8:20:e3:70:a7:f6:29:b2:39:b0:ca:bf:ae:20:
                    31:64:00:ab:8d:61:36:9c:dd:df:14:76:63:7a:c0:
                    c0:8c:ee:be:c3:7e:5c:87:32:49:fb:1e:2e:ca:15:
                    fd:f2:f4:cc:1e:ae:dd:36:68:43:a9:82:55:46:83:
                    d4:3f:9a:f1:75:84:42:0d:52:91:8b:a3:30:cd:0f:
                    d5:af:24:5c:11:0e:7e:d8:18:46:c4:35:92:82:cf:
                    f1:ba:2e:7b:a2:78:56:d9:76:21:9f:49:60:a4:63:
                    96:48:ca:2e:b8:ca:ad:b8:d5:57:d2:e7:5f:6b:f6:
                    27:20:78:eb:f8:c7:c6:31:16:11:31:3e:e7:b7:60:
                    d3:2e:11:90:a0:1b:7d:79:e7:7c:6b:a1:fc:28:53:
                    4d:b7:59:1a:c9:94:bf:e5:4a:03:46:7b:1e:59:36:
                    ed:1d:f1:da:4a:96:fd:57:8d:2c:f9:43:7c:1c:c8:
                    59:42:c6:2a:d4:d8:28:56:bf:dc:43:34:9f:4b:bf:
                    09:0f:bd:20:14:95:73:b0:03:bf:c2:34:57:10:34:
                    c4:0f:61:0d:6b:8c:74:83:5e:a9:f8:67:c5:ac:4b:
                    fd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:26:E1:B0:9F:5D:8F:74:33:B1:00:3F:62:F3:20:CB:0D:E6:67:95
            X509v3 Authority Key Identifier:
                keyid:F1:80:8F:1A:BE:F8:E6:B5:9C:D4:35:9A:6B:44:81:FC:7C:96:31:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8YCPGr745rWc1DWaa0SB_HyWMdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/sibhsJ9dj3QzsQA_YvMgyw3mZ5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ae324f-54f5-41da-bebf-03077e37c61a/1/8YCPGr745rWc1DWaa0SB_HyWMdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ee:07:dd:49:a1:97:80:d3:7e:0a:03:07:ee:d4:26:bb:6c:
         42:fd:09:e6:20:26:a4:31:e6:dc:37:98:dc:89:88:62:c8:6a:
         42:9d:09:e2:bd:bb:b8:96:a1:a6:30:30:13:33:35:3d:85:43:
         1a:1a:60:1c:bc:3a:f1:85:07:2f:63:d0:7c:36:b7:bb:51:6a:
         c0:27:34:6a:4c:65:f8:ee:6e:a2:f2:bf:80:76:26:0f:da:b8:
         2a:77:0f:b3:e9:27:00:f3:f1:6e:0f:88:e1:1b:8b:c9:a4:eb:
         0f:66:44:c1:1e:14:95:f8:2e:b8:f1:59:65:a0:6c:d0:02:e3:
         05:14:98:24:68:e0:82:fd:96:15:b2:9f:4b:04:03:9b:12:93:
         ae:b4:9a:02:ca:67:92:7c:02:9e:9e:fa:e2:ae:ef:a2:21:0c:
         cd:82:f8:b9:82:59:6d:4c:2b:3b:8c:dd:f1:10:78:0d:63:56:
         1a:ec:32:d4:1f:08:b9:ba:9f:a2:95:f9:0c:63:8b:4d:72:e5:
         de:fb:29:88:a9:e5:ef:57:e1:4b:bb:fb:d3:00:d8:48:68:57:
         0a:64:a2:95:14:71:c6:42:af:9d:d9:2f:68:2a:07:5e:18:15:
         0d:b3:87:e7:b1:31:05:56:50:50:62:cc:54:15:ee:da:8b:99:
         b9:ce:aa:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSVpDclxJTazMt8f9yeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxODA4ZjFhYmVmOGU2YjU5Y2Q0MzU5YTZiNDQ4MWZjN2M5
NjMxZDEwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjI2ZTFiMDlmNWQ4Zjc0MzNiMTAwM2Y2MmYzMjBjYjBkZTY2Nzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uq4Qr02V3GFz3CBNB9P+iBI064Z
8tWvFyA8arxpyCDjcKf2KbI5sMq/riAxZACrjWE2nN3fFHZjesDAjO6+w35chzJJ
+x4uyhX98vTMHq7dNmhDqYJVRoPUP5rxdYRCDVKRi6MwzQ/VryRcEQ5+2BhGxDWS
gs/xui57onhW2XYhn0lgpGOWSMouuMqtuNVX0udfa/YnIHjr+MfGMRYRMT7nt2DT
LhGQoBt9eed8a6H8KFNNt1kayZS/5UoDRnseWTbtHfHaSpb9V40s+UN8HMhZQsYq
1NgoVr/cQzSfS78JD70gFJVzsAO/wjRXEDTED2ENa4x0g16p+GfFrEv9mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIm4bCfXY90M7EAP2LzIMsN5meVMB8GA1UdIwQY
MBaAFPGAjxq++Oa1nNQ1mmtEgfx8ljHRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFlDUEdyNzQ1cldjMURXYWEwU0JfSHlXTWRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hZTMyNGYtNTRmNS00MWRhLWJlYmYt
MDMwNzdlMzdjNjFhLzEvc2liaHNKOWRqM1F6c1FBX1l2TWd5dzNtWjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hZTMyNGYtNTRmNS00MWRhLWJlYmYtMDMwNzdlMzdjNjFh
LzEvOFlDUEdyNzQ1cldjMURXYWEwU0JfSHlXTWRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue0iMA0G
CSqGSIb3DQEBCwUAA4IBAQAA7gfdSaGXgNN+CgMH7tQmu2xC/QnmICakMebcN5jc
iYhiyGpCnQnivbu4lqGmMDATMzU9hUMaGmAcvDrxhQcvY9B8Nre7UWrAJzRqTGX4
7m6i8r+AdiYP2rgqdw+z6ScA8/FuD4jhG4vJpOsPZkTBHhSV+C648VlloGzQAuMF
FJgkaOCC/ZYVsp9LBAObEpOutJoCymeSfAKenvriru+iIQzNgvi5glltTCs7jN3x
EHgNY1Ya7DLUHwi5up+ilfkMY4tNcuXe+ymIqeXvV+FLu/vTANhIaFcKZKKVFHHG
Qq+d2S9oKgdeGBUNs4fnsTEFVlBQYsxUFe7ai5m5zqrO
-----END CERTIFICATE-----