Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/8qpCI0vcqvQfOrCy7xDbAlGfMiw.roa
File:                     8qpCI0vcqvQfOrCy7xDbAlGfMiw.roa (raw, json)
Hash identifier:          balnX1TT3LLMLgMcMZ/dra9bMdjmjJSnxz46wdaIazo=
Subject key identifier:   F2:AA:42:23:4B:DC:AA:F4:1F:3A:B0:B2:EF:10:DB:02:51:9F:32:2C
Certificate issuer:       /CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
Certificate serial:       018E93FAB58476D685CC327E492B4BFE24E9
Authority key identifier: 36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/8qpCI0vcqvQfOrCy7xDbAlGfMiw.roa
Signing time:             Sun 31 Mar 2024 10:07:44 +0000
ROA not before:           Sun 31 Mar 2024 10:07:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216425
IP address blocks:        185.113.66.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:93:fa:b5:84:76:d6:85:cc:32:7e:49:2b:4b:fe:24:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
        Validity
            Not Before: Mar 31 10:07:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2aa42234bdcaaf41f3ab0b2ef10db02519f322c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:65:89:a1:49:a5:be:91:4f:71:4d:d2:4d:a3:
                    87:ef:7b:27:30:56:cc:ed:68:c0:43:b4:3c:e2:38:
                    8e:08:de:34:bb:2e:79:c3:cd:f2:a6:4f:ae:73:43:
                    49:10:bd:45:85:1b:87:fa:11:c3:76:61:7d:65:99:
                    fb:71:9e:9d:50:a0:16:7f:f0:7c:fa:11:fa:dc:86:
                    7b:97:a8:d5:27:e9:62:7b:6e:4c:80:d2:5a:9e:fd:
                    1c:01:fd:61:8d:c1:78:d0:3b:64:b3:71:d9:75:80:
                    a0:c6:a6:b1:e6:a9:ba:0a:79:99:1c:70:06:e0:65:
                    b3:2c:aa:71:ef:51:b9:41:9f:f9:a4:4a:8a:07:00:
                    36:d4:74:d1:54:07:f4:f3:24:50:86:03:0e:69:0f:
                    a3:44:09:bc:c0:94:58:bc:57:08:0c:81:7a:d8:07:
                    b8:3e:19:3f:6a:b6:6d:31:cd:7f:62:3b:7e:71:5b:
                    c1:52:95:0e:64:77:cc:8e:65:5b:ff:08:18:5e:e9:
                    77:ab:39:a9:7c:3e:61:42:56:fd:83:e5:33:39:b8:
                    2c:d1:77:43:95:91:dc:36:87:8c:a1:13:d8:1c:9f:
                    02:48:a7:e5:f0:ed:7c:dd:61:65:82:34:59:cd:b8:
                    89:7b:f4:b4:6e:70:47:f9:50:22:f4:4f:83:dd:d2:
                    70:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:AA:42:23:4B:DC:AA:F4:1F:3A:B0:B2:EF:10:DB:02:51:9F:32:2C
            X509v3 Authority Key Identifier:
                keyid:36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/8qpCI0vcqvQfOrCy7xDbAlGfMiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:26:1f:fc:2c:bf:8a:bf:fe:4a:3b:83:6e:03:8d:91:63:f0:
         bd:61:eb:0e:bc:6b:a8:70:25:77:b4:1e:8a:45:20:08:5e:fa:
         99:0d:54:07:45:d5:0e:bc:70:96:4f:bf:c0:2a:85:ef:48:ce:
         a2:07:e3:33:30:71:04:c1:71:47:5c:83:a8:06:73:0f:2f:41:
         a7:76:5c:d6:6b:d7:ab:5a:1e:e1:fe:66:81:90:d6:01:8d:05:
         67:57:17:3a:d6:11:f8:95:ce:ae:3d:93:00:a4:4c:9e:39:41:
         32:da:2d:d9:4b:52:ee:35:17:55:39:76:6a:a7:01:20:30:c5:
         67:ef:0e:43:86:44:14:f6:ed:d7:ef:64:2c:36:51:a9:42:a4:
         8e:fb:05:39:c3:3d:d3:7e:3a:1a:17:5e:3a:d9:05:00:70:aa:
         11:8f:fd:55:4b:c7:23:6e:61:dc:a4:fe:97:a6:6b:30:d8:0c:
         02:73:1a:18:0b:55:c0:ae:76:5d:ce:90:d0:d6:10:6b:00:cf:
         71:75:fb:4e:66:74:18:43:1b:c8:56:e4:5e:57:00:28:4e:7c:
         67:62:50:44:e1:e4:e1:da:4a:e6:d1:d0:e2:4e:6c:53:7f:0a:
         fc:61:f4:61:96:ab:f0:bf:66:3e:a4:9f:34:51:b4:c7:2a:ef:
         60:15:1d:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6T+rWEdtaFzDJ+SStL/iTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTRmY2M2YmY2YTg3NDBmYTc4MTQ2NDFmZDlkNmVjOGQ4
NjJlNWYwHhcNMjQwMzMxMTAwNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmFhNDIyMzRiZGNhYWY0MWYzYWIwYjJlZjEwZGIwMjUxOWYzMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmWJoUmlvpFPcU3STaOH73snMFbM
7WjAQ7Q84jiOCN40uy55w83ypk+uc0NJEL1FhRuH+hHDdmF9ZZn7cZ6dUKAWf/B8
+hH63IZ7l6jVJ+lie25MgNJanv0cAf1hjcF40Dtks3HZdYCgxqax5qm6CnmZHHAG
4GWzLKpx71G5QZ/5pEqKBwA21HTRVAf08yRQhgMOaQ+jRAm8wJRYvFcIDIF62Ae4
Phk/arZtMc1/Yjt+cVvBUpUOZHfMjmVb/wgYXul3qzmpfD5hQlb9g+UzObgs0XdD
lZHcNoeMoRPYHJ8CSKfl8O183WFlgjRZzbiJe/S0bnBH+VAi9E+D3dJwlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKqQiNL3Kr0Hzqwsu8Q2wJRnzIsMB8GA1UdIwQY
MBaAFDaU/Ma/aodA+ngUZB/Z1uyNhi5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUt
MGQzZmNlNDI5YmRlLzEvOHFwQ0kwdmNxdlFmT3JDeTd4RGJBbEdmTWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUtMGQzZmNlNDI5YmRl
LzEvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXFCMA0G
CSqGSIb3DQEBCwUAA4IBAQDDJh/8LL+Kv/5KO4NuA42RY/C9YesOvGuocCV3tB6K
RSAIXvqZDVQHRdUOvHCWT7/AKoXvSM6iB+MzMHEEwXFHXIOoBnMPL0GndlzWa9er
Wh7h/maBkNYBjQVnVxc61hH4lc6uPZMApEyeOUEy2i3ZS1LuNRdVOXZqpwEgMMVn
7w5DhkQU9u3X72QsNlGpQqSO+wU5wz3TfjoaF1462QUAcKoRj/1VS8cjbmHcpP6X
pmsw2AwCcxoYC1XArnZdzpDQ1hBrAM9xdftOZnQYQxvIVuReVwAoTnxnYlBE4eTh
2krm0dDiTmxTfwr8YfRhlqvwv2Y+pJ80UbTHKu9gFR0c
-----END CERTIFICATE-----