Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/8JkfDB6eK22N4RoO2wpqzpyXwxY.roa
File:                     8JkfDB6eK22N4RoO2wpqzpyXwxY.roa (raw, json)
Hash identifier:          yIO4Te5dfKPbc86IZRzYcxjzwsd1A5F9knQUS1Vc1gs=
Subject key identifier:   F0:99:1F:0C:1E:9E:2B:6D:8D:E1:1A:0E:DB:0A:6A:CE:9C:97:C3:16
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018CC6B813131FB055DEB67BE58E1C1DD564
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/8JkfDB6eK22N4RoO2wpqzpyXwxY.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197595
IP address blocks:        2a02:20c8:4750::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:13:13:1f:b0:55:de:b6:7b:e5:8e:1c:1d:d5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0991f0c1e9e2b6d8de11a0edb0a6ace9c97c316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:81:39:38:33:9c:c9:31:bf:33:fe:cd:64:77:
                    1d:33:ef:f6:ce:24:1d:a0:1d:05:7b:ba:1f:b1:71:
                    a4:7c:de:b0:d9:09:a0:63:27:5e:4b:ef:1e:7a:cd:
                    e7:d4:0b:43:1c:83:7b:8f:fc:23:fa:c4:92:b7:19:
                    b4:f7:a2:cd:f4:08:cd:ea:ba:73:10:9f:f4:47:5d:
                    36:35:ac:88:2b:67:3b:12:d4:b0:d3:93:78:10:d0:
                    32:66:c0:ea:89:7b:1e:8d:23:7d:a4:9e:02:90:07:
                    80:1d:5e:96:26:63:12:5e:7a:4e:a0:e3:5e:e3:64:
                    a2:7e:71:7c:06:54:63:f1:9e:c5:d6:fb:1f:27:b2:
                    e8:fc:39:78:b2:a2:64:5f:62:db:e2:2a:d1:49:37:
                    eb:d8:9a:5c:49:01:94:28:62:2b:9d:26:23:93:14:
                    a4:7c:8a:f6:51:0d:de:60:a6:00:48:e2:89:62:27:
                    bb:13:f0:fc:c0:25:99:81:83:af:5c:0a:48:1c:c9:
                    9d:5b:18:a9:97:d4:0b:f6:da:bc:e5:56:53:dc:ed:
                    53:08:d2:e7:1e:c0:0f:62:a1:63:e2:14:f5:c8:03:
                    d4:25:7f:9e:4c:41:3f:53:24:13:0d:8f:c7:83:8d:
                    5a:45:3a:b1:37:8a:c3:ea:59:94:b6:ad:7c:a0:2b:
                    51:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:99:1F:0C:1E:9E:2B:6D:8D:E1:1A:0E:DB:0A:6A:CE:9C:97:C3:16
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/8JkfDB6eK22N4RoO2wpqzpyXwxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:20c8:4750::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:2c:27:8c:ae:fb:31:86:40:32:3e:f8:43:59:3f:56:d0:db:
         2f:80:6a:40:f0:58:73:5b:2e:c3:09:21:17:7d:bc:77:70:11:
         cf:2d:66:dd:13:f6:6c:d4:66:d4:3f:af:05:92:d8:d7:f0:24:
         fa:c2:0c:66:b5:07:7d:93:c9:33:47:e4:c8:b4:a1:b0:92:97:
         36:af:50:e4:58:e6:5f:e6:91:6e:46:13:b5:3e:34:6d:e4:51:
         b5:98:3d:29:ed:a3:e8:c4:c8:02:54:fc:03:fe:de:97:52:07:
         2e:02:ef:a8:a4:07:9f:d6:4e:37:ef:1e:16:95:dc:90:54:36:
         48:dc:67:10:12:a6:f7:ab:4a:70:fd:9f:e8:b0:44:72:7c:12:
         a6:cd:11:b9:a4:81:70:35:ee:1b:b2:5f:2a:f7:24:ed:31:ae:
         66:5e:01:f0:3a:ac:68:f7:11:63:d3:b8:93:97:0c:e6:4e:a9:
         3a:45:a2:1b:a3:c2:fd:56:79:5c:b0:75:53:b5:26:94:28:0e:
         10:da:47:c8:08:c0:cf:b1:29:2a:9f:4a:4c:82:73:e5:c3:0c:
         41:6a:55:09:cb:44:6b:b9:4c:70:35:9c:87:f7:91:3e:d6:bb:
         30:22:77:0a:02:04:41:b9:11:eb:94:c4:f1:1a:0e:7b:9b:db:
         88:75:17:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuBMTH7BV3rZ75Y4cHdVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk5MWYwYzFlOWUyYjZkOGRlMTFhMGVkYjBhNmFjZTljOTdjMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4E5ODOcyTG/M/7NZHcdM+/2ziQd
oB0Fe7ofsXGkfN6w2QmgYydeS+8ees3n1AtDHIN7j/wj+sSStxm096LN9AjN6rpz
EJ/0R102NayIK2c7EtSw05N4ENAyZsDqiXsejSN9pJ4CkAeAHV6WJmMSXnpOoONe
42SifnF8BlRj8Z7F1vsfJ7Lo/Dl4sqJkX2Lb4irRSTfr2JpcSQGUKGIrnSYjkxSk
fIr2UQ3eYKYASOKJYie7E/D8wCWZgYOvXApIHMmdWxipl9QL9tq85VZT3O1TCNLn
HsAPYqFj4hT1yAPUJX+eTEE/UyQTDY/Hg41aRTqxN4rD6lmUtq18oCtRoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCZHwwenittjeEaDtsKas6cl8MWMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvOEprZkRCNmVLMjJONFJvTzJ3cHF6cHlYd3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgyEdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCKLCeMrvsxhkAyPvhDWT9W0NsvgGpA8FhzWy7D
CSEXfbx3cBHPLWbdE/Zs1GbUP68FktjX8CT6wgxmtQd9k8kzR+TItKGwkpc2r1Dk
WOZf5pFuRhO1PjRt5FG1mD0p7aPoxMgCVPwD/t6XUgcuAu+opAef1k437x4WldyQ
VDZI3GcQEqb3q0pw/Z/osERyfBKmzRG5pIFwNe4bsl8q9yTtMa5mXgHwOqxo9xFj
07iTlwzmTqk6RaIbo8L9VnlcsHVTtSaUKA4Q2kfICMDPsSkqn0pMgnPlwwxBalUJ
y0RruUxwNZyH95E+1rswIncKAgRBuRHrlMTxGg57m9uIdRcP
-----END CERTIFICATE-----