Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/8y8qnR73e2h5wKw2WxePeKzP140.roa
File:                     8y8qnR73e2h5wKw2WxePeKzP140.roa (raw, json)
Hash identifier:          dTBLHKE1+Ovn+slYv9Vmud4Zlas1QujOD24F5gLEd4k=
Subject key identifier:   F3:2F:2A:9D:1E:F7:7B:68:79:C0:AC:36:5B:17:8F:78:AC:CF:D7:8D
Certificate issuer:       /CN=afe4a0d5fda600c5d5b7f618f686d7e93051b4d7
Certificate serial:       018CC7275A1270958CF43B1BE947C362AA25
Authority key identifier: AF:E4:A0:D5:FD:A6:00:C5:D5:B7:F6:18:F6:86:D7:E9:30:51:B4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/8y8qnR73e2h5wKw2WxePeKzP140.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60003
IP address blocks:        185.60.72.0/22 maxlen: 22
                          2a02:71a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5a:12:70:95:8c:f4:3b:1b:e9:47:c3:62:aa:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afe4a0d5fda600c5d5b7f618f686d7e93051b4d7
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f32f2a9d1ef77b6879c0ac365b178f78accfd78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1b:6c:60:5d:94:87:18:c3:36:f6:a0:a4:99:
                    73:68:5e:b1:0d:59:01:f8:28:e4:fb:08:b3:82:1e:
                    d6:bb:9f:bf:20:03:42:17:37:78:20:ed:6d:64:8b:
                    32:2d:f5:30:2c:be:00:7f:ed:48:ed:e2:96:03:7d:
                    7d:70:8d:e6:eb:fe:8c:1e:b4:04:5c:7e:ed:fa:ea:
                    fa:c1:a1:1f:01:6e:a5:4b:49:a7:e3:7c:51:7c:09:
                    07:eb:ec:01:57:c2:4a:e9:40:51:3f:83:eb:07:bd:
                    2e:0a:89:f6:c6:c5:7d:c0:6d:d7:ce:b0:fd:c4:bd:
                    a2:3a:68:f8:87:a2:41:2e:ee:44:8e:9d:29:18:30:
                    b8:a8:bf:10:24:ee:b2:16:e3:16:17:c2:7c:77:b7:
                    b4:61:76:30:31:91:41:87:eb:d0:40:1a:cd:7e:77:
                    60:dc:6f:08:57:13:4a:20:40:54:99:17:f4:75:6d:
                    dd:44:bb:ab:9e:92:15:7a:3b:a3:08:a1:87:60:e9:
                    19:ec:fa:ff:7d:7f:d3:0f:2c:ad:bd:7a:ca:e7:80:
                    9f:64:9e:3d:4e:38:d2:c7:da:6e:08:41:ae:78:65:
                    34:5e:97:86:b4:43:7f:a8:30:43:be:b5:3c:cf:b8:
                    a5:3f:fd:21:71:e1:e1:46:dd:05:95:57:b8:3d:18:
                    d2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2F:2A:9D:1E:F7:7B:68:79:C0:AC:36:5B:17:8F:78:AC:CF:D7:8D
            X509v3 Authority Key Identifier:
                keyid:AF:E4:A0:D5:FD:A6:00:C5:D5:B7:F6:18:F6:86:D7:E9:30:51:B4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/8y8qnR73e2h5wKw2WxePeKzP140.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.72.0/22
                IPv6:
                  2a02:71a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:6f:14:77:1b:f9:3f:5a:05:24:6d:a6:5b:4d:db:f3:8b:8a:
         67:5a:71:43:bd:cc:57:f8:74:a8:34:81:02:de:80:05:ef:a0:
         e9:63:30:fb:26:68:42:e3:ec:88:fc:04:f4:64:2a:aa:75:ac:
         42:b9:51:4c:5e:4d:e4:22:da:64:da:22:fc:22:bd:bb:08:52:
         db:9e:cd:24:ad:98:c2:d3:ee:66:2d:c0:1a:4f:46:e4:0b:e7:
         90:0a:52:8e:49:2c:ba:6a:15:30:1a:43:52:c1:0e:df:c9:ea:
         e1:df:9e:20:72:ef:0a:a0:c5:41:15:aa:da:21:84:83:92:54:
         d7:3b:4a:b3:17:80:02:fb:70:5b:0c:c5:26:e0:49:65:a6:a6:
         66:8f:5a:e9:7d:0e:1b:21:32:21:70:5c:86:29:35:fb:ea:e9:
         79:cd:4c:64:cf:48:bd:c4:2a:0d:d4:0a:25:b8:a0:41:91:67:
         a2:75:f2:db:ee:d1:ba:45:db:b7:25:72:75:2f:71:a3:08:13:
         5d:37:f6:70:03:d6:7d:c8:18:cb:4d:8b:56:96:4b:32:64:2a:
         8c:06:a8:e0:dd:4e:9d:a0:90:da:f9:52:df:84:06:c2:8c:f1:
         d1:d4:17:5e:02:f6:dd:2e:f8:3e:d6:9a:45:8f:90:cc:15:72:
         09:62:bd:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ1oScJWM9Dsb6UfDYqolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZTRhMGQ1ZmRhNjAwYzVkNWI3ZjYxOGY2ODZkN2U5MzA1
MWI0ZDcwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJmMmE5ZDFlZjc3YjY4NzljMGFjMzY1YjE3OGY3OGFjY2ZkNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBtsYF2UhxjDNvagpJlzaF6xDVkB
+Cjk+wizgh7Wu5+/IANCFzd4IO1tZIsyLfUwLL4Af+1I7eKWA319cI3m6/6MHrQE
XH7t+ur6waEfAW6lS0mn43xRfAkH6+wBV8JK6UBRP4PrB70uCon2xsV9wG3XzrD9
xL2iOmj4h6JBLu5Ejp0pGDC4qL8QJO6yFuMWF8J8d7e0YXYwMZFBh+vQQBrNfndg
3G8IVxNKIEBUmRf0dW3dRLurnpIVejujCKGHYOkZ7Pr/fX/TDyytvXrK54CfZJ49
TjjSx9puCEGueGU0XpeGtEN/qDBDvrU8z7ilP/0hceHhRt0FlVe4PRjSHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPMvKp0e93toecCsNlsXj3isz9eNMB8GA1UdIwQY
MBaAFK/koNX9pgDF1bf2GPaG1+kwUbTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci1TZzFmMm1BTVhWdF9ZWTlvYlg2VEJSdE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85NDY3YzgtMGM5MC00NmUxLTkxYzAt
ZTEwN2Q5ZjE2YzJkLzEvOHk4cW5SNzNlMmg1d0t3Mld4ZVBlS3pQMTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85NDY3YzgtMGM5MC00NmUxLTkxYzAtZTEwN2Q5ZjE2YzJk
LzEvci1TZzFmMm1BTVhWdF9ZWTlvYlg2VEJSdE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTxIMA0E
AgACMAcDBQAqAnGgMA0GCSqGSIb3DQEBCwUAA4IBAQC5bxR3G/k/WgUkbaZbTdvz
i4pnWnFDvcxX+HSoNIEC3oAF76DpYzD7JmhC4+yI/AT0ZCqqdaxCuVFMXk3kItpk
2iL8Ir27CFLbns0krZjC0+5mLcAaT0bkC+eQClKOSSy6ahUwGkNSwQ7fyerh354g
cu8KoMVBFaraIYSDklTXO0qzF4AC+3BbDMUm4EllpqZmj1rpfQ4bITIhcFyGKTX7
6ul5zUxkz0i9xCoN1AoluKBBkWeidfLb7tG6Rdu3JXJ1L3GjCBNdN/ZwA9Z9yBjL
TYtWlksyZCqMBqjg3U6doJDa+VLfhAbCjPHR1BdeAvbdLvg+1ppFj5DMFXIJYr3X
-----END CERTIFICATE-----