Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/l8u9x3VFX5Xg0FeH8ILD1SINvpw.roa
File:                     l8u9x3VFX5Xg0FeH8ILD1SINvpw.roa (raw, json)
Hash identifier:          J+7DUYbCZAAmeT4Qc+mXxkaSdm1CHQ9oYUSUIcnP79o=
Subject key identifier:   97:CB:BD:C7:75:45:5F:95:E0:D0:57:87:F0:82:C3:D5:22:0D:BE:9C
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018CC7270507C2DCB0B27F7C3F6DD67C5867
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/l8u9x3VFX5Xg0FeH8ILD1SINvpw.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44984
IP address blocks:        185.175.84.0/22 maxlen: 22
                          2a0b:df00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:05:07:c2:dc:b0:b2:7f:7c:3f:6d:d6:7c:58:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97cbbdc775455f95e0d05787f082c3d5220dbe9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f2:97:a6:6d:69:ae:cb:d3:1a:54:76:16:4c:
                    ac:ca:4b:b8:cc:15:2a:66:84:65:5d:fc:6c:2c:56:
                    a3:2a:8b:e4:c8:f2:00:fe:50:e4:df:6d:4b:8d:96:
                    61:da:2b:ed:bc:73:02:5e:cc:9a:ed:91:7a:25:29:
                    b9:49:80:ea:8a:63:a5:65:08:4a:85:37:a1:30:f3:
                    2d:d9:55:27:1d:ca:4d:9b:ee:85:c9:e2:80:88:65:
                    f7:9d:a5:57:0a:74:cc:c8:40:d2:3a:95:6b:02:ff:
                    c7:fb:8d:3c:6f:d4:0a:87:b0:4d:90:ff:e7:32:cb:
                    5e:c2:78:6a:3b:8e:36:a4:56:3b:b2:b6:ac:1b:8f:
                    0d:6f:d4:3b:e2:c5:f4:ef:7a:69:e5:9f:30:05:cc:
                    f5:08:0d:ad:d6:38:a7:ea:54:07:ca:4a:bd:41:6e:
                    22:ec:af:7a:60:0a:05:43:7c:c5:f2:18:fb:eb:ff:
                    aa:49:95:9b:70:e3:eb:a7:af:a3:d7:aa:d0:57:df:
                    96:fa:61:77:82:f0:ca:45:36:3a:78:a9:c8:85:f0:
                    ab:fc:6f:93:ef:b0:4a:cb:bf:d3:1b:48:1e:78:21:
                    ec:f3:a6:bf:ef:ed:29:af:c3:fd:61:f7:37:6c:4e:
                    e8:ee:b5:8c:55:f9:13:69:6c:21:cd:eb:93:4e:5d:
                    8c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:CB:BD:C7:75:45:5F:95:E0:D0:57:87:F0:82:C3:D5:22:0D:BE:9C
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/l8u9x3VFX5Xg0FeH8ILD1SINvpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.84.0/22
                IPv6:
                  2a0b:df00::/32

    Signature Algorithm: sha256WithRSAEncryption
         cb:6c:dc:52:5f:b0:5f:77:ce:94:4f:69:d9:0f:7b:f2:cf:12:
         02:9d:ef:22:ca:cb:fa:4c:8f:41:54:9a:05:d7:f1:8e:0a:f2:
         8b:67:fc:1e:8d:db:34:76:f0:1f:66:2a:d5:2d:8a:30:ae:36:
         76:47:97:ae:fe:88:26:35:70:a7:d4:89:71:7d:eb:3d:82:aa:
         51:fe:76:7e:4d:22:14:11:96:77:60:3b:c1:d1:08:6d:f3:4f:
         41:63:e0:74:11:b0:22:86:59:ac:dc:a4:78:a5:9e:53:73:1a:
         9e:6c:08:ae:17:7a:99:cc:24:19:b7:d3:49:6a:46:f0:0b:18:
         d8:36:c6:7d:e4:cf:14:c6:93:93:32:34:5f:5c:4f:a6:0e:94:
         07:30:00:2d:e6:35:50:d7:33:6f:c3:ac:ff:9e:d2:ad:d4:a9:
         98:da:df:d2:9d:88:7f:d1:70:10:82:f2:e6:a9:00:2f:9e:83:
         5a:03:8e:c9:b4:8b:03:48:33:05:1c:c6:dd:d9:59:b3:0c:e4:
         46:4a:dc:54:52:40:38:b8:81:2c:bb:79:47:69:c9:d0:2c:26:
         5e:00:71:21:7b:a8:da:2d:3e:1a:95:8d:a7:f0:ab:62:1f:19:
         08:50:dd:ff:96:2d:05:b0:96:7e:6a:ec:6c:37:ee:c3:71:77:
         e8:81:90:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJwUHwtywsn98P23WfFhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NiYmRjNzc1NDU1Zjk1ZTBkMDU3ODdmMDgyYzNkNTIyMGRiZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/KXpm1prsvTGlR2Fkysyku4zBUq
ZoRlXfxsLFajKovkyPIA/lDk321LjZZh2ivtvHMCXsya7ZF6JSm5SYDqimOlZQhK
hTehMPMt2VUnHcpNm+6FyeKAiGX3naVXCnTMyEDSOpVrAv/H+408b9QKh7BNkP/n
MstewnhqO442pFY7srasG48Nb9Q74sX073pp5Z8wBcz1CA2t1jin6lQHykq9QW4i
7K96YAoFQ3zF8hj76/+qSZWbcOPrp6+j16rQV9+W+mF3gvDKRTY6eKnIhfCr/G+T
77BKy7/TG0geeCHs86a/7+0pr8P9Yfc3bE7o7rWMVfkTaWwhzeuTTl2MLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJfLvcd1RV+V4NBXh/CCw9UiDb6cMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvbDh1OXgzVkZYNVhnMEZlSDhJTEQxU0lOdnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua9UMA0E
AgACMAcDBQAqC98AMA0GCSqGSIb3DQEBCwUAA4IBAQDLbNxSX7Bfd86UT2nZD3vy
zxICne8iysv6TI9BVJoF1/GOCvKLZ/wejds0dvAfZirVLYowrjZ2R5eu/ogmNXCn
1Ilxfes9gqpR/nZ+TSIUEZZ3YDvB0Qht809BY+B0EbAihlms3KR4pZ5TcxqebAiu
F3qZzCQZt9NJakbwCxjYNsZ95M8UxpOTMjRfXE+mDpQHMAAt5jVQ1zNvw6z/ntKt
1KmY2t/SnYh/0XAQgvLmqQAvnoNaA47JtIsDSDMFHMbd2VmzDORGStxUUkA4uIEs
u3lHacnQLCZeAHEhe6jaLT4alY2n8KtiHxkIUN3/li0FsJZ+auxsN+7DcXfogZC3
-----END CERTIFICATE-----