Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/O8vPfAS3toDFMN12uhyVd_JE_gU.roa
File:                     O8vPfAS3toDFMN12uhyVd_JE_gU.roa (raw, json)
Hash identifier:          XD8jqagcoMGUyozMcBiaDbg5sWsWcIyFc8/KjOFs+Cw=
Subject key identifier:   3B:CB:CF:7C:04:B7:B6:80:C5:30:DD:76:BA:1C:95:77:F2:44:FE:05
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F952AADA59AED908954A0EB56505B
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/O8vPfAS3toDFMN12uhyVd_JE_gU.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62436
IP address blocks:        80.232.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:95:2a:ad:a5:9a:ed:90:89:54:a0:eb:56:50:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bcbcf7c04b7b680c530dd76ba1c9577f244fe05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:38:5d:f0:3e:30:1d:a4:15:bf:ef:8c:50:8a:
                    9a:a4:71:68:0a:59:ba:2f:ea:8b:fd:41:a9:71:04:
                    83:ef:61:05:88:4b:88:7a:31:8d:c5:67:7f:6d:58:
                    d9:d8:8a:ac:8d:52:a0:ab:4f:19:0b:4a:62:97:48:
                    64:5a:1d:77:86:f2:20:da:4d:15:35:69:2c:33:cd:
                    2d:b9:27:5e:b7:e9:39:f0:56:ca:3e:25:6f:d1:90:
                    a2:2d:89:00:36:4a:bf:c1:23:61:bd:3d:b4:39:02:
                    f5:8e:96:38:97:b8:c6:6a:80:66:e8:5e:d2:f7:88:
                    e5:a4:80:4a:68:b2:54:f6:81:76:a0:09:cf:d7:69:
                    a8:13:7b:ae:58:dc:d4:97:9a:54:93:91:86:9e:da:
                    f8:21:11:1d:f1:89:96:e7:00:d5:5a:c8:92:25:94:
                    f3:c8:be:ea:ce:01:85:ae:af:2e:de:0b:4a:ef:6d:
                    b2:4b:c3:c1:da:14:ee:b4:2e:53:a3:3b:8c:e7:9b:
                    3d:b3:b0:26:66:66:24:52:94:2a:86:83:ab:2e:9c:
                    38:f8:ae:58:98:f4:c1:db:6f:01:47:5b:a9:8d:57:
                    95:73:ff:c2:38:24:a1:86:4c:4e:fe:53:8a:1e:b2:
                    7d:9d:6b:35:48:d7:af:57:2f:99:7c:2a:01:57:2f:
                    46:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CB:CF:7C:04:B7:B6:80:C5:30:DD:76:BA:1C:95:77:F2:44:FE:05
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/O8vPfAS3toDFMN12uhyVd_JE_gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.232.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:66:04:85:a4:06:37:5c:f3:9f:98:bb:b8:3d:66:19:77:6a:
         75:7b:fb:ee:07:b1:ac:db:23:af:60:b1:68:c9:35:30:ff:6c:
         a5:87:a1:14:fb:c1:b6:63:f7:02:03:63:69:cc:65:5d:a6:39:
         42:3d:83:8d:78:7e:a5:04:45:36:9d:0d:15:79:ac:c7:24:f1:
         87:6e:51:5d:66:b4:0d:ae:f4:ab:d5:f6:52:8a:1c:13:40:99:
         69:a3:a5:6d:27:6d:af:8d:15:3e:48:71:85:2d:67:5f:6c:74:
         66:97:dd:63:c4:9d:5b:61:07:78:69:a5:f7:d3:15:7b:3a:55:
         a2:9b:30:65:55:ad:e5:53:6d:06:4a:75:87:03:1a:3e:11:01:
         f8:80:93:d3:18:05:01:4d:54:6a:9a:11:3c:46:fd:8c:3e:90:
         5f:89:39:04:f2:bf:b1:23:f6:57:09:aa:a7:67:86:32:f8:88:
         37:17:f3:36:50:dd:4a:06:be:5a:76:b4:ca:f0:44:ff:98:9a:
         01:15:ad:16:93:25:21:16:6a:5a:c6:74:42:d9:c5:83:eb:a1:
         89:73:07:49:e0:dd:f0:f3:9c:b2:ac:af:c0:aa:77:d1:ff:17:
         40:90:b4:ef:bf:44:da:fc:86:9c:2f:1d:5b:7f:93:48:ff:68:
         03:88:1d:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5UqraWa7ZCJVKDrVlBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNiY2Y3YzA0YjdiNjgwYzUzMGRkNzZiYTFjOTU3N2YyNDRmZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjThd8D4wHaQVv++MUIqapHFoClm6
L+qL/UGpcQSD72EFiEuIejGNxWd/bVjZ2IqsjVKgq08ZC0pil0hkWh13hvIg2k0V
NWksM80tuSdet+k58FbKPiVv0ZCiLYkANkq/wSNhvT20OQL1jpY4l7jGaoBm6F7S
94jlpIBKaLJU9oF2oAnP12moE3uuWNzUl5pUk5GGntr4IREd8YmW5wDVWsiSJZTz
yL7qzgGFrq8u3gtK722yS8PB2hTutC5TozuM55s9s7AmZmYkUpQqhoOrLpw4+K5Y
mPTB228BR1upjVeVc//COCShhkxO/lOKHrJ9nWs1SNevVy+ZfCoBVy9G/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvLz3wEt7aAxTDddroclXfyRP4FMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvTzh2UGZBUzN0b0RGTU4xMnVoeVZkX0pFX2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOjXMA0G
CSqGSIb3DQEBCwUAA4IBAQB3ZgSFpAY3XPOfmLu4PWYZd2p1e/vuB7Gs2yOvYLFo
yTUw/2ylh6EU+8G2Y/cCA2NpzGVdpjlCPYONeH6lBEU2nQ0VeazHJPGHblFdZrQN
rvSr1fZSihwTQJlpo6VtJ22vjRU+SHGFLWdfbHRml91jxJ1bYQd4aaX30xV7OlWi
mzBlVa3lU20GSnWHAxo+EQH4gJPTGAUBTVRqmhE8Rv2MPpBfiTkE8r+xI/ZXCaqn
Z4Yy+Ig3F/M2UN1KBr5adrTK8ET/mJoBFa0WkyUhFmpaxnRC2cWD66GJcwdJ4N3w
85yyrK/AqnfR/xdAkLTvv0Ta/IacLx1bf5NI/2gDiB3+
-----END CERTIFICATE-----