Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/A16sbg_5C-5VwK6V0mvxUO4RLgE.roa
File:                     A16sbg_5C-5VwK6V0mvxUO4RLgE.roa (raw, json)
Hash identifier:          42gryE7c7McSKg5vwM7TWbUOC+3HEBfZKK14CWkNa4Q=
Subject key identifier:   03:5E:AC:6E:0F:F9:0B:EE:55:C0:AE:95:D2:6B:F1:50:EE:11:2E:01
Certificate issuer:       /CN=25717849a69ad8df87088da658b2305b8594c8c4
Certificate serial:       018CC9BAAB3E4E5B85A1D2D4078EA4AE0B5D
Authority key identifier: 25:71:78:49:A6:9A:D8:DF:87:08:8D:A6:58:B2:30:5B:85:94:C8:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/A16sbg_5C-5VwK6V0mvxUO4RLgE.roa
Signing time:             Tue 02 Jan 2024 10:31:43 +0000
ROA not before:           Tue 02 Jan 2024 10:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211204
IP address blocks:        185.205.9.0/24 maxlen: 24
                          185.205.10.0/24 maxlen: 24
                          185.205.8.0/24 maxlen: 24
                          185.205.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:ab:3e:4e:5b:85:a1:d2:d4:07:8e:a4:ae:0b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25717849a69ad8df87088da658b2305b8594c8c4
        Validity
            Not Before: Jan  2 10:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=035eac6e0ff90bee55c0ae95d26bf150ee112e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:eb:a5:47:c8:5e:6a:28:1c:1e:aa:42:76:03:
                    41:d7:0c:ef:6d:46:e4:c1:9d:b3:09:7a:30:19:23:
                    c6:00:e3:d3:ea:38:d7:27:8c:4d:5b:1c:62:1a:cd:
                    0b:e3:fe:26:26:aa:cb:78:57:c4:89:cf:31:1b:20:
                    21:ce:32:b2:a0:6a:90:ab:6a:05:5f:7c:40:9c:10:
                    e3:55:85:24:45:bc:76:96:19:1f:5f:4f:63:3d:04:
                    42:cf:93:fe:0c:8f:fc:8a:6f:13:e1:41:68:97:71:
                    c6:08:9f:29:b1:36:5f:3d:87:45:95:70:24:61:7a:
                    cf:9e:cf:c4:df:4b:84:c9:cd:3a:a4:4f:de:95:49:
                    b5:8b:eb:4e:a5:97:ca:20:ed:74:56:e3:79:ca:7d:
                    62:d7:09:9d:7f:4f:f6:12:ca:46:3c:3f:45:6e:93:
                    e3:30:d9:50:27:e5:e5:53:5c:08:d1:8c:73:52:b8:
                    f0:06:3d:77:3b:f7:ca:c5:92:27:a8:da:9a:cc:4d:
                    8f:66:09:21:81:01:34:a5:e6:ed:01:da:7a:e6:da:
                    83:a6:c4:19:47:8a:ca:f1:7a:79:ae:d8:fa:93:a5:
                    c7:54:54:2e:0a:e3:c6:62:5c:98:a2:a6:dc:31:31:
                    d2:3d:b6:60:2f:ae:88:56:11:86:4b:10:cd:34:bb:
                    c8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5E:AC:6E:0F:F9:0B:EE:55:C0:AE:95:D2:6B:F1:50:EE:11:2E:01
            X509v3 Authority Key Identifier:
                keyid:25:71:78:49:A6:9A:D8:DF:87:08:8D:A6:58:B2:30:5B:85:94:C8:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/A16sbg_5C-5VwK6V0mvxUO4RLgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/095ecf-7d6a-4881-88e7-fe24ed2adcff/1/JXF4Saaa2N-HCI2mWLIwW4WUyMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:c3:34:5f:be:b2:6a:23:27:0b:80:3e:8e:b7:8b:80:9b:64:
         e5:77:a7:6e:27:d8:0d:17:75:0e:09:20:5e:dc:4e:a0:c8:a5:
         0a:1f:d1:77:8e:a4:d9:0d:89:5a:b6:49:06:9f:81:e6:b4:40:
         a2:e6:a5:93:43:a5:f9:c9:a8:8a:8b:3d:1a:96:3f:d2:cb:13:
         26:3e:b2:8c:67:51:a4:80:0f:d9:4b:e4:02:a9:d0:c6:fb:39:
         bd:6f:fa:b9:ff:88:6f:7d:ce:98:97:76:1a:5c:6d:ab:89:c5:
         56:07:0c:6f:62:4b:79:bd:4a:c0:2b:ff:70:46:07:69:5b:6e:
         4f:82:cb:38:8e:13:d9:d8:84:07:8b:e4:99:53:0f:f9:74:d2:
         ea:39:b2:09:42:25:0c:a2:4b:ab:3a:f6:49:1f:14:58:4c:5a:
         23:42:d3:75:4a:fc:cb:95:8f:54:07:51:e5:d7:61:34:83:05:
         6e:27:40:c0:a3:cf:5a:fd:20:44:79:59:9f:ab:e0:52:c3:2f:
         c9:86:74:13:70:a2:d6:7c:1c:0b:9d:c2:36:af:ed:cb:a4:31:
         8d:d4:55:55:7b:07:8c:db:ca:40:6c:a5:72:4a:f5:e5:99:53:
         56:0e:f3:95:12:61:10:d7:34:39:38:2d:63:13:12:a9:9b:b9:
         01:d9:7d:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuqs+TluFodLUB46krgtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NzE3ODQ5YTY5YWQ4ZGY4NzA4OGRhNjU4YjIzMDViODU5
NGM4YzQwHhcNMjQwMTAyMTAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzVlYWM2ZTBmZjkwYmVlNTVjMGFlOTVkMjZiZjE1MGVlMTEyZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOulR8heaigcHqpCdgNB1wzvbUbk
wZ2zCXowGSPGAOPT6jjXJ4xNWxxiGs0L4/4mJqrLeFfEic8xGyAhzjKyoGqQq2oF
X3xAnBDjVYUkRbx2lhkfX09jPQRCz5P+DI/8im8T4UFol3HGCJ8psTZfPYdFlXAk
YXrPns/E30uEyc06pE/elUm1i+tOpZfKIO10VuN5yn1i1wmdf0/2EspGPD9FbpPj
MNlQJ+XlU1wI0YxzUrjwBj13O/fKxZInqNqazE2PZgkhgQE0pebtAdp65tqDpsQZ
R4rK8Xp5rtj6k6XHVFQuCuPGYlyYoqbcMTHSPbZgL66IVhGGSxDNNLvIlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANerG4P+QvuVcCuldJr8VDuES4BMB8GA1UdIwQY
MBaAFCVxeEmmmtjfhwiNpliyMFuFlMjEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhGNFNhYWEyTi1IQ0kybVdMSXdXNFdVeU1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8wOTVlY2YtN2Q2YS00ODgxLTg4ZTct
ZmUyNGVkMmFkY2ZmLzEvQTE2c2JnXzVDLTVWd0s2VjBtdnhVTzRSTGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8wOTVlY2YtN2Q2YS00ODgxLTg4ZTctZmUyNGVkMmFkY2Zm
LzEvSlhGNFNhYWEyTi1IQ0kybVdMSXdXNFdVeU1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc0IMA0G
CSqGSIb3DQEBCwUAA4IBAQAiwzRfvrJqIycLgD6Ot4uAm2Tld6duJ9gNF3UOCSBe
3E6gyKUKH9F3jqTZDYlatkkGn4HmtECi5qWTQ6X5yaiKiz0alj/SyxMmPrKMZ1Gk
gA/ZS+QCqdDG+zm9b/q5/4hvfc6Yl3YaXG2ricVWBwxvYkt5vUrAK/9wRgdpW25P
gss4jhPZ2IQHi+SZUw/5dNLqObIJQiUMokurOvZJHxRYTFojQtN1SvzLlY9UB1Hl
12E0gwVuJ0DAo89a/SBEeVmfq+BSwy/JhnQTcKLWfBwLncI2r+3LpDGN1FVVeweM
28pAbKVySvXlmVNWDvOVEmEQ1zQ5OC1jExKpm7kB2X2A
-----END CERTIFICATE-----