Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/8KDHwPdd_vF90WfPnieJoDRCKKs.roa
File:                     8KDHwPdd_vF90WfPnieJoDRCKKs.roa (raw, json)
Hash identifier:          a9gvbMUS1PDpJXOm6nNzkYx1awF/WFBZQgNM2xi6A5Q=
Subject key identifier:   F0:A0:C7:C0:F7:5D:FE:F1:7D:D1:67:CF:9E:27:89:A0:34:42:28:AB
Certificate issuer:       /CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
Certificate serial:       019193EC4D33387F613B92C3B8F1BC337050
Authority key identifier: CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/8KDHwPdd_vF90WfPnieJoDRCKKs.roa
Signing time:             Tue 27 Aug 2024 13:00:22 +0000
ROA not before:           Tue 27 Aug 2024 13:00:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29028
IP address blocks:        195.20.143.0/24 maxlen: 24
                          195.22.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:ec:4d:33:38:7f:61:3b:92:c3:b8:f1:bc:33:70:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
        Validity
            Not Before: Aug 27 13:00:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0a0c7c0f75dfef17dd167cf9e2789a0344228ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:eb:55:9f:47:69:d9:e9:43:09:48:28:0c:53:
                    e1:07:9f:45:56:dc:8c:91:b5:2f:c7:10:a4:ba:75:
                    09:8c:d2:fa:c0:e2:d5:ef:98:0a:1f:ae:a3:a4:b1:
                    e0:54:5e:a5:b2:52:0c:39:c3:46:ce:9b:1a:7e:ab:
                    ce:03:18:60:87:76:49:0f:40:d2:32:89:24:3d:2d:
                    ca:a4:e0:40:96:ca:58:39:27:90:91:5b:9b:46:05:
                    c1:99:8a:a6:af:d8:6c:be:54:b9:f7:41:23:7e:68:
                    b0:47:75:20:c6:c2:85:51:dd:92:c0:5c:5a:17:e8:
                    f3:c2:16:8f:f2:84:8f:4d:5a:03:ce:6d:05:c6:1d:
                    1a:a2:4f:3f:b8:93:12:70:0f:27:a3:f0:08:33:51:
                    f8:8a:6b:10:ef:03:7d:be:ea:a7:a5:a3:65:76:98:
                    6e:8e:81:59:2e:35:c7:fd:9b:01:ab:b3:b9:da:31:
                    ab:3d:44:58:02:18:55:b2:db:b9:bc:36:eb:55:98:
                    d5:35:92:6a:5d:f0:5e:29:ee:26:9d:61:e0:9f:ba:
                    c1:5c:f2:a9:90:a5:01:16:c0:91:2d:0e:5e:ac:fc:
                    3a:e2:60:33:c2:3b:a3:78:2c:77:60:d4:9d:89:ab:
                    63:07:8c:e2:c4:4f:14:cf:eb:c2:9b:18:bf:79:40:
                    3e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A0:C7:C0:F7:5D:FE:F1:7D:D1:67:CF:9E:27:89:A0:34:42:28:AB
            X509v3 Authority Key Identifier:
                keyid:CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/8KDHwPdd_vF90WfPnieJoDRCKKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.143.0/24
                  195.22.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:43:9b:43:bb:69:30:3b:68:33:d0:72:57:0b:29:f8:4e:13:
         54:73:fb:ff:dd:d3:ae:77:93:2d:fd:cf:a2:69:6c:6d:38:e9:
         0f:90:a5:d1:7b:27:03:d5:da:0f:8d:90:5f:5c:36:5c:57:73:
         a4:12:e0:6e:a7:22:da:10:3f:31:63:b5:53:10:50:be:2d:90:
         c9:23:11:67:0e:78:92:21:28:64:3d:fc:67:84:1d:60:73:ee:
         0a:43:f6:24:b5:f0:ed:55:8e:d7:c0:bc:f0:5e:f1:ee:17:4f:
         cf:0b:6d:a7:4b:35:bd:ea:0c:3b:dd:3e:61:3a:ec:45:bb:f0:
         a9:35:d5:c4:18:d2:c8:3e:0e:06:d6:0b:34:a8:87:f9:0a:97:
         2d:df:36:5c:2b:d2:5d:69:6d:b3:3d:7e:5b:ff:8d:b9:47:cb:
         58:e6:d5:46:9c:ab:f8:6c:c8:2a:76:e8:9d:72:ed:dd:05:71:
         2b:d1:1f:3b:14:a0:0b:b9:07:c7:09:1b:ce:3c:bb:d3:9f:00:
         81:c5:28:3a:f1:c5:3b:9b:eb:d5:f6:9d:92:b2:53:55:e1:87:
         9e:bd:9f:43:39:4d:9f:93:df:77:9f:52:32:da:6a:de:da:c5:
         1e:7f:d1:ce:51:9b:05:c4:33:25:73:d6:13:5f:57:59:0b:d5:
         0c:20:a9:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGT7E0zOH9hO5LDuPG8M3BQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNWVmN2E4NzBkNGIxNDhlYjFkNGY0ZmU2NjZlZDUwNTRh
ZGVhZWMwHhcNMjQwODI3MTMwMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGEwYzdjMGY3NWRmZWYxN2RkMTY3Y2Y5ZTI3ODlhMDM0NDIyOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+tVn0dp2elDCUgoDFPhB59FVtyM
kbUvxxCkunUJjNL6wOLV75gKH66jpLHgVF6lslIMOcNGzpsafqvOAxhgh3ZJD0DS
MokkPS3KpOBAlspYOSeQkVubRgXBmYqmr9hsvlS590EjfmiwR3UgxsKFUd2SwFxa
F+jzwhaP8oSPTVoDzm0Fxh0aok8/uJMScA8no/AIM1H4imsQ7wN9vuqnpaNldphu
joFZLjXH/ZsBq7O52jGrPURYAhhVstu5vDbrVZjVNZJqXfBeKe4mnWHgn7rBXPKp
kKUBFsCRLQ5erPw64mAzwjujeCx3YNSdiatjB4zixE8Uz+vCmxi/eUA+ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPCgx8D3Xf7xfdFnz54niaA0QiirMB8GA1UdIwQY
MBaAFM9e96hw1LFI6x1PT+Zm7VBUrersMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYt
ODdhYTI4NWY4MDdjLzEvOEtESHdQZGRfdkY5MFdmUG5pZUpvRFJDS0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYtODdhYTI4NWY4MDdj
LzEvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwxSPAwQA
wxZ6MA0GCSqGSIb3DQEBCwUAA4IBAQBpQ5tDu2kwO2gz0HJXCyn4ThNUc/v/3dOu
d5Mt/c+iaWxtOOkPkKXReycD1doPjZBfXDZcV3OkEuBupyLaED8xY7VTEFC+LZDJ
IxFnDniSIShkPfxnhB1gc+4KQ/YktfDtVY7XwLzwXvHuF0/PC22nSzW96gw73T5h
OuxFu/CpNdXEGNLIPg4G1gs0qIf5Cpct3zZcK9JdaW2zPX5b/425R8tY5tVGnKv4
bMgqduidcu3dBXEr0R87FKALuQfHCRvOPLvTnwCBxSg68cU7m+vV9p2SslNV4Yee
vZ9DOU2fk993n1Iy2mre2sUef9HOUZsFxDMlc9YTX1dZC9UMIKnv
-----END CERTIFICATE-----