Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/8rOQ4xHc-JUITF2q64w-imiuaNM.roa
File:                     8rOQ4xHc-JUITF2q64w-imiuaNM.roa (raw, json)
Hash identifier:          KUtXAya5abHfndPU8i+H6BC+wvAV6zOGXJG/iIWShs0=
Subject key identifier:   F2:B3:90:E3:11:DC:F8:95:08:4C:5D:AA:EB:8C:3E:8A:68:AE:68:D3
Certificate issuer:       /CN=9c9e216ed970adb59e9bd4a29db35c223d62bc96
Certificate serial:       018CC8DE163EDA0C10818608483D4B8D21D4
Authority key identifier: 9C:9E:21:6E:D9:70:AD:B5:9E:9B:D4:A2:9D:B3:5C:22:3D:62:BC:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nJ4hbtlwrbWem9SinbNcIj1ivJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/8rOQ4xHc-JUITF2q64w-imiuaNM.roa
Signing time:             Tue 02 Jan 2024 06:30:46 +0000
ROA not before:           Tue 02 Jan 2024 06:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34444
IP address blocks:        185.10.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/nJ4hbtlwrbWem9SinbNcIj1ivJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/nJ4hbtlwrbWem9SinbNcIj1ivJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nJ4hbtlwrbWem9SinbNcIj1ivJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:16:3e:da:0c:10:81:86:08:48:3d:4b:8d:21:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c9e216ed970adb59e9bd4a29db35c223d62bc96
        Validity
            Not Before: Jan  2 06:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2b390e311dcf895084c5daaeb8c3e8a68ae68d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fd:a2:89:05:56:d8:14:cd:db:ee:61:d4:35:
                    00:2f:05:f6:cc:90:ef:25:64:ec:88:22:4d:d7:ea:
                    df:70:c6:f9:1b:44:8d:b1:89:c3:5e:9c:c9:3e:22:
                    18:5c:f9:6a:22:af:a1:bf:69:df:c6:61:fa:ad:fc:
                    77:6e:ca:3f:d8:7e:ff:a9:71:58:42:e3:b2:f3:32:
                    3c:f6:46:bb:0d:7d:14:8d:b8:73:09:3b:0c:c0:49:
                    a7:e3:2e:7d:9c:28:c9:f3:63:10:dc:20:00:34:d7:
                    95:63:55:58:d8:eb:ce:16:9f:e7:cd:55:a1:3e:c4:
                    0d:78:4f:b5:94:b1:2d:6c:70:a1:dc:31:e9:16:5f:
                    6e:d5:8e:a0:cc:23:d2:db:f0:5e:cc:8d:62:a4:7d:
                    59:3f:b9:a2:bb:d4:f4:66:d3:db:2b:63:e3:6c:56:
                    8a:d0:47:ca:88:3b:90:d9:cc:e9:88:79:26:22:f6:
                    8b:04:f9:e1:eb:91:cc:af:3a:be:18:7d:0c:fd:63:
                    79:3f:e8:b3:ee:1b:59:27:ab:88:3d:78:ad:e8:b8:
                    5f:ab:85:db:f7:d6:a6:02:f0:c1:32:30:0e:b0:ae:
                    87:73:98:9f:9a:4d:d9:0e:42:a4:d4:5b:e2:da:9d:
                    ec:ea:e7:e8:b3:98:fc:6a:30:fb:9d:d0:ab:26:1c:
                    3b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B3:90:E3:11:DC:F8:95:08:4C:5D:AA:EB:8C:3E:8A:68:AE:68:D3
            X509v3 Authority Key Identifier:
                keyid:9C:9E:21:6E:D9:70:AD:B5:9E:9B:D4:A2:9D:B3:5C:22:3D:62:BC:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nJ4hbtlwrbWem9SinbNcIj1ivJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/8rOQ4xHc-JUITF2q64w-imiuaNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/263f28-e029-46c8-815b-ea26c5644640/1/nJ4hbtlwrbWem9SinbNcIj1ivJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4e:51:c2:a8:75:1c:17:a8:46:27:13:3d:06:11:66:fa:bf:
         f9:12:d8:be:bf:10:a7:49:73:f7:c2:61:44:06:c8:3c:c3:73:
         99:6f:6a:68:43:8b:3c:13:ef:1e:95:cd:17:20:50:73:30:4d:
         10:33:3f:d2:e0:47:98:57:c5:15:9e:e5:d0:36:bd:12:b6:da:
         0c:44:2b:c5:af:e3:d7:32:53:dd:6c:e0:e4:8c:50:4c:a3:c2:
         a9:fb:d2:79:05:32:40:82:4c:09:c5:8d:6d:53:70:12:00:d3:
         e2:ba:ba:ca:39:f8:da:b7:b6:27:e8:ef:ac:28:47:e3:8b:02:
         7c:44:48:2c:96:b8:75:c5:6a:b8:65:26:51:c1:ee:d2:30:74:
         1a:e3:ab:e0:ee:0f:85:b0:bd:e4:6e:be:15:83:86:15:40:86:
         82:3e:73:fa:4e:82:e5:d1:d5:87:0b:e2:a9:be:59:61:a0:83:
         b1:8f:ea:92:3d:79:24:ea:cb:89:30:1f:ce:82:7b:c9:3c:ca:
         2f:b5:11:7a:49:95:8e:4d:7b:e4:e1:49:df:fe:41:02:d2:83:
         11:4a:16:84:e4:e4:8e:36:07:9a:24:15:ec:f5:5b:45:d4:e6:
         42:4b:e3:9e:bb:2f:f3:6a:65:0c:0e:57:35:17:b0:08:8e:fc:
         f7:3a:5e:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hY+2gwQgYYISD1LjSHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOWUyMTZlZDk3MGFkYjU5ZTliZDRhMjlkYjM1YzIyM2Q2
MmJjOTYwHhcNMjQwMTAyMDYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIzOTBlMzExZGNmODk1MDg0YzVkYWFlYjhjM2U4YTY4YWU2OGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv2iiQVW2BTN2+5h1DUALwX2zJDv
JWTsiCJN1+rfcMb5G0SNsYnDXpzJPiIYXPlqIq+hv2nfxmH6rfx3bso/2H7/qXFY
QuOy8zI89ka7DX0UjbhzCTsMwEmn4y59nCjJ82MQ3CAANNeVY1VY2OvOFp/nzVWh
PsQNeE+1lLEtbHCh3DHpFl9u1Y6gzCPS2/BezI1ipH1ZP7miu9T0ZtPbK2PjbFaK
0EfKiDuQ2czpiHkmIvaLBPnh65HMrzq+GH0M/WN5P+iz7htZJ6uIPXit6Lhfq4Xb
99amAvDBMjAOsK6Hc5ifmk3ZDkKk1Fvi2p3s6ufos5j8ajD7ndCrJhw7mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKzkOMR3PiVCExdquuMPopormjTMB8GA1UdIwQY
MBaAFJyeIW7ZcK21npvUop2zXCI9YryWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbko0aGJ0bHdyYldlbTlTaW5iTmNJajFpdkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yNjNmMjgtZTAyOS00NmM4LTgxNWIt
ZWEyNmM1NjQ0NjQwLzEvOHJPUTR4SGMtSlVJVEYycTY0dy1pbWl1YU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yNjNmMjgtZTAyOS00NmM4LTgxNWItZWEyNmM1NjQ0NjQw
LzEvbko0aGJ0bHdyYldlbTlTaW5iTmNJajFpdkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQrxMA0G
CSqGSIb3DQEBCwUAA4IBAQBDTlHCqHUcF6hGJxM9BhFm+r/5Eti+vxCnSXP3wmFE
Bsg8w3OZb2poQ4s8E+8elc0XIFBzME0QMz/S4EeYV8UVnuXQNr0SttoMRCvFr+PX
MlPdbODkjFBMo8Kp+9J5BTJAgkwJxY1tU3ASANPiurrKOfjat7Yn6O+sKEfjiwJ8
REgslrh1xWq4ZSZRwe7SMHQa46vg7g+FsL3kbr4Vg4YVQIaCPnP6ToLl0dWHC+Kp
vllhoIOxj+qSPXkk6suJMB/OgnvJPMovtRF6SZWOTXvk4Unf/kEC0oMRShaE5OSO
NgeaJBXs9VtF1OZCS+Oeuy/zamUMDlc1F7AIjvz3Ol7i
-----END CERTIFICATE-----