Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/8iaoszFr2m4F21BGlkJNNizc2qs.roa
File:                     8iaoszFr2m4F21BGlkJNNizc2qs.roa (raw, json)
Hash identifier:          u/uvT/eyc0D82M4NIW42gAQReMYUJsMNZTShhVsY1cA=
Subject key identifier:   F2:26:A8:B3:31:6B:DA:6E:05:DB:50:46:96:42:4D:36:2C:DC:DA:AB
Certificate issuer:       /CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
Certificate serial:       018CC500DF3700BD73EB5B74E9603DA4435B
Authority key identifier: FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/8iaoszFr2m4F21BGlkJNNizc2qs.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        37.140.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:df:37:00:bd:73:eb:5b:74:e9:60:3d:a4:43:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f226a8b3316bda6e05db504696424d362cdcdaab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a7:14:d6:e2:9f:b9:5f:d7:4b:8f:ce:b2:98:
                    75:ba:5d:28:86:7b:16:5d:16:3e:63:04:1a:2e:5a:
                    28:26:12:bd:b7:ca:bd:d3:a8:ad:74:11:32:29:5c:
                    9b:6c:70:a8:56:de:61:ce:85:42:73:d4:4f:96:20:
                    22:e1:c1:47:8a:4b:f8:0a:6e:e2:97:31:0d:4a:79:
                    3c:68:e1:c1:b3:7a:62:a8:35:6a:04:a7:08:67:18:
                    96:21:f9:c5:ef:6f:ea:da:f3:86:f3:0b:23:cd:bb:
                    43:a8:fe:be:5a:7e:e2:79:3d:6c:5a:ba:c9:ea:19:
                    74:11:f6:3a:26:e1:55:72:79:a7:85:b6:85:df:3a:
                    55:c5:b4:3c:8b:8b:e5:75:15:6b:21:03:8f:f8:88:
                    43:b2:c2:99:d3:93:85:fb:0a:a5:51:aa:cf:89:a9:
                    40:17:7e:9b:7b:b4:69:e3:86:f1:1a:e3:0a:9e:e9:
                    66:47:65:e3:67:86:67:34:98:24:e8:41:13:0d:c7:
                    9a:7c:36:81:c1:b2:6a:91:65:be:b4:a4:b6:c4:54:
                    81:dc:a8:af:bb:a6:cf:fe:84:c5:08:7d:31:89:4f:
                    ea:e2:99:11:38:ae:5c:78:cf:7f:67:e3:0c:0f:65:
                    7b:b2:5b:f5:31:c2:00:c7:da:81:b9:97:81:16:af:
                    5d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:26:A8:B3:31:6B:DA:6E:05:DB:50:46:96:42:4D:36:2C:DC:DA:AB
            X509v3 Authority Key Identifier:
                keyid:FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/8iaoszFr2m4F21BGlkJNNizc2qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:2b:b3:19:ae:9a:c9:b1:09:4e:6f:78:48:5b:16:c0:93:da:
         3d:e6:32:7e:ea:4e:91:ee:b8:52:4c:f3:b1:cd:0c:1d:7c:18:
         ff:45:3a:b6:4c:63:c9:dd:64:d1:12:80:39:82:e5:d1:b8:df:
         b3:ae:52:e0:c6:90:31:13:a6:33:5e:72:a1:61:d5:67:19:af:
         d5:27:e1:3c:86:ee:3a:45:e3:7f:d8:fd:ab:b3:84:5f:ba:12:
         8d:c4:5a:79:29:c8:38:d5:35:1c:72:e9:a9:d3:5d:e0:25:a3:
         a4:eb:84:73:ec:f1:df:4d:56:9a:ea:15:5f:d5:c7:fd:0b:ce:
         b4:e7:ec:0c:1e:48:a9:7e:7c:1a:e2:a5:13:51:86:a1:91:52:
         6c:26:89:71:fc:a9:61:ae:34:9f:e1:6b:a2:4b:e3:01:a4:c3:
         16:de:ef:ac:3b:13:2e:df:d0:d6:5c:57:ba:a3:a5:7c:cb:0e:
         94:9b:21:7f:d6:eb:b2:57:32:44:62:69:5e:c9:b4:b8:bf:78:
         fc:98:8d:60:f8:f1:df:e6:4f:95:5d:f4:f0:8c:1d:25:19:83:
         f6:39:e7:7e:8f:7d:10:98:e5:1d:61:2a:87:ae:ef:cc:da:33:
         ae:3b:57:12:98:1c:79:aa:79:9e:f2:ca:e5:7b:e9:df:16:09:
         7d:ef:c5:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAN83AL1z61t06WA9pENbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlM2IwMzg1MjYwYWM2NmYyMWM0M2Y1YWI3OGJhYzY4MmU4
Y2U1NGYwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI2YThiMzMxNmJkYTZlMDVkYjUwNDY5NjQyNGQzNjJjZGNkYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6cU1uKfuV/XS4/Osph1ul0ohnsW
XRY+YwQaLlooJhK9t8q906itdBEyKVybbHCoVt5hzoVCc9RPliAi4cFHikv4Cm7i
lzENSnk8aOHBs3piqDVqBKcIZxiWIfnF72/q2vOG8wsjzbtDqP6+Wn7ieT1sWrrJ
6hl0EfY6JuFVcnmnhbaF3zpVxbQ8i4vldRVrIQOP+IhDssKZ05OF+wqlUarPialA
F36be7Rp44bxGuMKnulmR2XjZ4ZnNJgk6EETDceafDaBwbJqkWW+tKS2xFSB3Kiv
u6bP/oTFCH0xiU/q4pkROK5ceM9/Z+MMD2V7slv1McIAx9qBuZeBFq9dAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPImqLMxa9puBdtQRpZCTTYs3NqrMB8GA1UdIwQY
MBaAFP47A4UmCsZvIcQ/WreLrGgujOVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pzRGhTWUt4bThoeEQ5YXQ0dXNhQzZNNVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMmZmZDktNzQ1ZC00ZTdkLWIyYjIt
NzUwMzNmOGY3MjEwLzEvOGlhb3N6RnIybTRGMjFCR2xrSk5OaXpjMnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMmZmZDktNzQ1ZC00ZTdkLWIyYjItNzUwMzNmOGY3MjEw
LzEvX2pzRGhTWUt4bThoeEQ5YXQ0dXNhQzZNNVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJYzQMA0G
CSqGSIb3DQEBCwUAA4IBAQCDK7MZrprJsQlOb3hIWxbAk9o95jJ+6k6R7rhSTPOx
zQwdfBj/RTq2TGPJ3WTREoA5guXRuN+zrlLgxpAxE6YzXnKhYdVnGa/VJ+E8hu46
ReN/2P2rs4RfuhKNxFp5Kcg41TUccump013gJaOk64Rz7PHfTVaa6hVf1cf9C860
5+wMHkipfnwa4qUTUYahkVJsJolx/KlhrjSf4WuiS+MBpMMW3u+sOxMu39DWXFe6
o6V8yw6UmyF/1uuyVzJEYmleybS4v3j8mI1g+PHf5k+VXfTwjB0lGYP2Oed+j30Q
mOUdYSqHru/M2jOuO1cSmBx5qnme8srle+nfFgl978WF
-----END CERTIFICATE-----