Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/SOKJYGFoEAA6OH3zSnIqDRi5wbU.roa
File:                     SOKJYGFoEAA6OH3zSnIqDRi5wbU.roa (raw, json)
Hash identifier:          g1iaUyHJT5IFTgq7hydEBdvjofhs2Ldzbb44tTYrAWE=
Subject key identifier:   48:E2:89:60:61:68:10:00:3A:38:7D:F3:4A:72:2A:0D:18:B9:C1:B5
Certificate issuer:       /CN=ee83bc458a3696d652fbef863e5ee40f0096f197
Certificate serial:       018CC7275EF54CB120EFC00ED623E5AABB56
Authority key identifier: EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/SOKJYGFoEAA6OH3zSnIqDRi5wbU.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203536
IP address blocks:        185.63.8.0/22 maxlen: 22
                          188.116.42.0/23 maxlen: 23
                          2a03:920::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7oO8RYo2ltZS---GPl7kDwCW8Zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7oO8RYo2ltZS---GPl7kDwCW8Zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5e:f5:4c:b1:20:ef:c0:0e:d6:23:e5:aa:bb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee83bc458a3696d652fbef863e5ee40f0096f197
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48e28960616810003a387df34a722a0d18b9c1b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:86:51:72:25:a5:8a:31:44:3c:85:38:0d:26:
                    ff:1a:1e:a1:a1:b5:df:1a:cb:86:22:80:43:b7:74:
                    dc:5c:8a:2c:5a:82:57:d9:bd:fe:25:6c:b0:2f:b2:
                    c4:0b:03:92:b1:9c:46:a7:09:74:e0:48:ad:ef:be:
                    65:91:c2:3d:21:24:d6:39:3b:07:cb:a0:6d:d0:6a:
                    75:ac:10:7d:a7:09:6e:1c:15:2f:05:7a:1b:ca:d4:
                    30:c5:fe:ab:a1:1f:4c:0e:d0:dd:16:44:a1:6f:fd:
                    17:bb:14:30:10:16:21:0b:65:a6:5d:31:05:6f:2a:
                    ff:68:26:e7:c4:de:e8:18:24:55:b5:f6:dc:02:1c:
                    9e:2e:aa:cf:a1:91:d9:87:c7:04:43:47:e0:e8:ef:
                    2e:a1:16:7a:cf:f1:ca:62:81:39:cd:f1:77:d0:8e:
                    58:c7:5a:c4:cb:9b:76:ab:8d:e2:c4:61:10:63:b4:
                    02:e7:e0:dd:4c:f1:66:4f:cc:8e:94:8f:d2:32:f8:
                    ec:ba:35:2e:24:24:26:b9:d0:77:c8:80:91:16:73:
                    14:73:a8:0e:f7:c3:83:80:20:1a:f1:77:6f:11:8a:
                    ce:06:95:a7:cb:b6:e5:66:1a:6e:2d:f4:5a:0c:28:
                    18:e8:96:12:09:3b:43:a9:09:de:4c:85:74:2f:f2:
                    ac:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:E2:89:60:61:68:10:00:3A:38:7D:F3:4A:72:2A:0D:18:B9:C1:B5
            X509v3 Authority Key Identifier:
                keyid:EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/SOKJYGFoEAA6OH3zSnIqDRi5wbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7oO8RYo2ltZS---GPl7kDwCW8Zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.8.0/22
                  188.116.42.0/23
                IPv6:
                  2a03:920::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:d8:8c:bb:7c:9a:f0:d8:c2:50:78:96:87:2f:69:3c:70:73:
         e2:47:8d:06:14:c5:41:08:5e:fa:da:f7:1d:e9:0a:09:34:89:
         75:f9:48:88:eb:26:05:58:1f:d9:4b:ea:20:50:da:3c:c4:aa:
         03:2c:4a:69:ea:45:35:be:a4:86:16:12:73:b3:9f:02:2a:b9:
         ea:7c:03:17:64:9a:5b:f8:cf:b5:48:41:e8:4b:4a:99:03:e5:
         56:ea:bb:d2:b7:4d:57:a8:05:74:d1:49:7c:55:f9:45:92:68:
         5f:02:47:a8:bf:7b:1d:27:01:52:f3:cd:ee:86:dd:4d:f7:e0:
         69:69:52:8d:ac:23:ff:55:7a:a3:8e:d3:71:47:cc:1f:8c:db:
         7e:58:df:12:b8:a8:89:0d:08:ad:29:a3:9f:9e:2d:c8:90:db:
         dd:c2:a8:50:04:6e:cd:98:67:66:57:eb:1a:86:6c:31:5b:48:
         7a:10:3e:42:d6:04:78:d7:48:b4:64:30:2b:c1:27:9c:82:db:
         98:2f:36:fe:20:94:76:3a:cb:91:da:11:0d:da:46:4e:ff:09:
         74:06:30:e2:e7:a5:18:0c:35:cb:4b:8d:b3:9b:ba:f1:f5:5b:
         49:bb:02:18:2a:82:9c:af:06:1a:fe:4c:a3:8a:ea:d4:68:c8:
         3d:78:2e:45
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJ171TLEg78AO1iPlqrtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlODNiYzQ1OGEzNjk2ZDY1MmZiZWY4NjNlNWVlNDBmMDA5
NmYxOTcwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGUyODk2MDYxNjgxMDAwM2EzODdkZjM0YTcyMmEwZDE4YjljMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIZRciWlijFEPIU4DSb/Gh6hobXf
GsuGIoBDt3TcXIosWoJX2b3+JWywL7LECwOSsZxGpwl04Eit775lkcI9ISTWOTsH
y6Bt0Gp1rBB9pwluHBUvBXobytQwxf6roR9MDtDdFkShb/0XuxQwEBYhC2WmXTEF
byr/aCbnxN7oGCRVtfbcAhyeLqrPoZHZh8cEQ0fg6O8uoRZ6z/HKYoE5zfF30I5Y
x1rEy5t2q43ixGEQY7QC5+DdTPFmT8yOlI/SMvjsujUuJCQmudB3yICRFnMUc6gO
98ODgCAa8XdvEYrOBpWny7blZhpuLfRaDCgY6JYSCTtDqQneTIV0L/KsPQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEjiiWBhaBAAOjh980pyKg0YucG1MB8GA1UdIwQY
MBaAFO6DvEWKNpbWUvvvhj5e5A8AlvGXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29POFJZbzJsdFpTLS0tR1BsN2tEd0NXOFpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yNzRmNWMtYTdiYy00NjRkLTk2NjYt
N2MyODFkMDdlMTU1LzEvU09LSllHRm9FQUE2T0gzelNuSXFEUmk1d2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yNzRmNWMtYTdiYy00NjRkLTk2NjYtN2MyODFkMDdlMTU1
LzEvN29POFJZbzJsdFpTLS0tR1BsN2tEd0NXOFpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuT8IAwQB
vHQqMA0EAgACMAcDBQAqAwkgMA0GCSqGSIb3DQEBCwUAA4IBAQAd2Iy7fJrw2MJQ
eJaHL2k8cHPiR40GFMVBCF762vcd6QoJNIl1+UiI6yYFWB/ZS+ogUNo8xKoDLEpp
6kU1vqSGFhJzs58CKrnqfAMXZJpb+M+1SEHoS0qZA+VW6rvSt01XqAV00Ul8VflF
kmhfAkeov3sdJwFS883uht1N9+BpaVKNrCP/VXqjjtNxR8wfjNt+WN8SuKiJDQit
KaOfni3IkNvdwqhQBG7NmGdmV+sahmwxW0h6ED5C1gR410i0ZDArwSecgtuYLzb+
IJR2OsuR2hEN2kZO/wl0BjDi56UYDDXLS42zm7rx9VtJuwIYKoKcrwYa/kyjiurU
aMg9eC5F
-----END CERTIFICATE-----