Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/r8__LCDH7kFGgMahtA4ZmmWDe7A.roa
File:                     r8__LCDH7kFGgMahtA4ZmmWDe7A.roa (raw, json)
Hash identifier:          q8A9cE2nAFocPVady0HhwJRGAihazi6A0QmZku8PW9A=
Subject key identifier:   AF:CF:FF:2C:20:C7:EE:41:46:80:C6:A1:B4:0E:19:9A:65:83:7B:B0
Certificate issuer:       /CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
Certificate serial:       018CC493530143FBFC391D0354E28D850833
Authority key identifier: 5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/r8__LCDH7kFGgMahtA4ZmmWDe7A.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57840
IP address blocks:        37.209.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:53:01:43:fb:fc:39:1d:03:54:e2:8d:85:08:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afcfff2c20c7ee414680c6a1b40e199a65837bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ae:b0:96:39:69:a3:52:79:0e:5b:38:cb:f2:
                    53:ff:3b:c9:c5:c7:ba:4a:27:43:16:2d:49:8c:70:
                    37:c3:99:61:4f:b2:62:fa:ed:77:ee:33:9a:25:5b:
                    f8:bd:af:07:80:c0:e6:bc:4a:e8:ee:03:6b:fd:c3:
                    9a:1a:46:1e:78:95:c6:b3:24:85:c6:90:ea:d6:92:
                    97:5d:80:30:5a:bf:35:e8:84:5e:f7:99:5c:a6:51:
                    54:49:ba:43:94:b3:51:94:89:a5:b0:69:28:75:62:
                    05:32:65:b6:ef:ea:54:cf:63:0a:fd:4a:3c:8c:50:
                    cb:a2:ee:0a:bb:22:f3:3f:63:70:85:96:98:64:3f:
                    e7:97:73:73:ef:40:35:ea:28:23:5c:58:a1:00:7e:
                    76:b7:54:a0:13:1e:a7:46:e9:01:e6:3c:a1:08:7f:
                    11:b8:00:1d:cc:3e:f8:ad:a0:b1:2f:d2:bb:c4:23:
                    cb:79:49:be:05:05:37:31:91:cc:f4:71:a6:df:53:
                    05:93:c4:75:fe:9f:d3:62:ce:41:2d:a1:c2:b5:6d:
                    ab:37:df:97:77:0c:c6:65:7c:ac:e3:82:b3:09:d0:
                    48:3c:45:99:34:a8:15:ef:a1:bf:3d:5a:17:aa:6b:
                    80:de:27:bb:d6:17:6f:96:70:be:34:14:d0:06:e4:
                    0b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CF:FF:2C:20:C7:EE:41:46:80:C6:A1:B4:0E:19:9A:65:83:7B:B0
            X509v3 Authority Key Identifier:
                keyid:5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/r8__LCDH7kFGgMahtA4ZmmWDe7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:be:6b:21:7d:91:51:40:7e:49:84:ed:e2:76:b3:08:83:e8:
         0e:f2:b7:7f:99:99:ab:3e:53:dd:c3:b0:85:a2:1d:0b:99:1b:
         fc:5c:1a:1b:10:fe:24:17:9b:41:79:db:c3:7c:03:57:e9:fa:
         23:9b:e2:a7:0a:09:cd:0a:ea:85:a0:52:3d:9d:e6:d4:d7:4d:
         ca:41:e6:d1:8a:9c:f7:69:ad:3a:93:15:16:66:60:ae:9e:8a:
         8d:2f:9b:c8:09:ff:28:b0:a4:6e:dd:03:af:47:1f:37:f2:41:
         90:dc:10:d9:ac:86:a4:d1:71:38:4e:f6:7f:b3:d6:0c:b6:0d:
         02:ab:e8:0d:73:bc:22:bc:1a:c9:af:c5:d1:07:5e:9f:a9:e5:
         8e:61:fb:8b:05:f4:9c:db:f7:6d:cc:aa:06:54:42:29:89:88:
         07:76:6f:43:be:01:34:e6:91:58:aa:b3:4b:cc:2d:c2:12:36:
         e8:49:0b:c9:15:e3:34:79:91:f2:e5:c8:4c:ea:eb:14:bf:7c:
         b6:49:84:40:fc:1c:cc:be:a3:bc:98:b4:4c:e9:fd:43:db:c7:
         8e:9d:e1:80:dc:0a:18:69:b5:b4:e3:08:51:74:a2:d4:a6:23:
         97:8c:73:1e:cd:7c:24:b0:81:e2:60:e0:b6:fe:bd:1e:04:97:
         ce:78:47:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1MBQ/v8OR0DVOKNhQgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODhlNGY3YTMwMjQxMmMzMTZhM2JiNTk5Y2RkMjA0MmI1
ZmY0ODUwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNmZmYyYzIwYzdlZTQxNDY4MGM2YTFiNDBlMTk5YTY1ODM3YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnq6wljlpo1J5Dls4y/JT/zvJxce6
SidDFi1JjHA3w5lhT7Ji+u137jOaJVv4va8HgMDmvEro7gNr/cOaGkYeeJXGsySF
xpDq1pKXXYAwWr816IRe95lcplFUSbpDlLNRlImlsGkodWIFMmW27+pUz2MK/Uo8
jFDLou4KuyLzP2NwhZaYZD/nl3Nz70A16igjXFihAH52t1SgEx6nRukB5jyhCH8R
uAAdzD74raCxL9K7xCPLeUm+BQU3MZHM9HGm31MFk8R1/p/TYs5BLaHCtW2rN9+X
dwzGZXys44KzCdBIPEWZNKgV76G/PVoXqmuA3ie71hdvlnC+NBTQBuQLpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/P/ywgx+5BRoDGobQOGZplg3uwMB8GA1UdIwQY
MBaAFF2I5PejAkEsMWo7tZnN0gQrX/SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGIt
NTdlMWQ1YjcyYjJkLzEvcjhfX0xDREg3a0ZHZ01haHRBNFptbVdEZTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGItNTdlMWQ1YjcyYjJk
LzEvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJdGvMA0G
CSqGSIb3DQEBCwUAA4IBAQARvmshfZFRQH5JhO3idrMIg+gO8rd/mZmrPlPdw7CF
oh0LmRv8XBobEP4kF5tBedvDfANX6fojm+KnCgnNCuqFoFI9nebU103KQebRipz3
aa06kxUWZmCunoqNL5vICf8osKRu3QOvRx838kGQ3BDZrIak0XE4TvZ/s9YMtg0C
q+gNc7wivBrJr8XRB16fqeWOYfuLBfSc2/dtzKoGVEIpiYgHdm9DvgE05pFYqrNL
zC3CEjboSQvJFeM0eZHy5chM6usUv3y2SYRA/BzMvqO8mLRM6f1D28eOneGA3AoY
abW04whRdKLUpiOXjHMezXwksIHiYOC2/r0eBJfOeEf0
-----END CERTIFICATE-----