Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/L8AjesTkEuvn9L5TRzsDVNLgI-M.roa
File:                     L8AjesTkEuvn9L5TRzsDVNLgI-M.roa (raw, json)
Hash identifier:          N03HrtzCMC+2aQQ/bFj8Qt8nyzMMQGNtGN9F/D/n4UA=
Subject key identifier:   2F:C0:23:7A:C4:E4:12:EB:E7:F4:BE:53:47:3B:03:54:D2:E0:23:E3
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018CC6B811862CF2F053EC4A654C7A27638F
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/L8AjesTkEuvn9L5TRzsDVNLgI-M.roa
Signing time:             Mon 01 Jan 2024 20:30:00 +0000
ROA not before:           Mon 01 Jan 2024 20:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8896
IP address blocks:        185.41.241.0/24 maxlen: 24
                          185.152.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:11:86:2c:f2:f0:53:ec:4a:65:4c:7a:27:63:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 20:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc0237ac4e412ebe7f4be53473b0354d2e023e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:95:90:6a:39:15:f4:2a:d0:a6:55:23:8f:32:
                    a6:e5:d7:b4:f2:6a:c7:7e:a0:9f:bc:ef:d5:f8:94:
                    9a:2f:d5:f3:a1:d7:83:ae:cf:6e:68:25:c1:da:ef:
                    18:c8:9c:97:1c:a4:f0:d7:77:0e:f0:55:68:ba:4c:
                    c8:46:17:0f:26:84:a3:50:03:52:21:1f:8f:ee:18:
                    37:33:11:c1:3e:84:1a:ff:3b:8b:cf:42:03:1e:36:
                    2e:03:1f:9d:b8:b4:93:0e:74:96:94:b9:9c:cf:d0:
                    69:1e:36:54:11:6c:d8:d3:f7:ed:db:81:c0:ff:8a:
                    21:b1:de:74:dd:e0:37:f1:a2:c4:fb:ec:f8:0e:83:
                    76:66:11:f9:d3:25:1b:dc:d7:39:97:34:44:5b:55:
                    b0:48:b0:bd:80:09:cc:27:fb:44:9c:36:9d:87:a0:
                    32:97:83:90:be:73:29:51:12:14:0a:e3:d7:fe:88:
                    44:c1:4e:46:9e:6b:17:26:77:59:be:ee:af:a5:b9:
                    50:ab:d8:49:a0:12:7d:a5:82:88:12:4e:5e:75:5a:
                    2a:39:44:dd:90:13:f7:88:70:64:1d:f8:9d:96:2a:
                    88:db:61:9a:38:a6:09:8c:57:94:4d:c6:6f:f4:37:
                    0d:4f:d1:02:5c:f3:81:04:d8:c1:90:ef:60:40:4a:
                    5b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C0:23:7A:C4:E4:12:EB:E7:F4:BE:53:47:3B:03:54:D2:E0:23:E3
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/L8AjesTkEuvn9L5TRzsDVNLgI-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.241.0/24
                  185.152.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:2c:fa:f8:47:79:3c:f8:a2:9b:ff:ec:e9:97:b0:16:d0:d8:
         dc:a9:59:15:72:84:f4:b6:36:b8:b0:d4:c4:4e:6d:29:ed:36:
         d8:cc:52:68:5d:9f:74:19:dd:ff:75:56:7c:57:68:57:a3:b9:
         56:88:0d:ad:9b:64:35:68:ed:d6:d2:d6:cf:ba:45:0d:cd:af:
         ab:9b:28:8c:f9:55:29:dd:aa:b7:a8:2c:51:61:a9:b5:df:2c:
         f2:46:d2:0b:40:1d:82:5c:f0:54:d4:22:f0:46:37:3e:b8:ac:
         e8:76:6f:b7:1e:41:8e:df:b2:e9:84:47:40:20:9b:44:f4:7f:
         35:fe:19:56:77:91:4f:95:b1:1e:9e:10:78:cf:19:81:19:30:
         c4:3c:bd:c5:d4:24:b9:e0:82:78:5d:1a:de:9d:d5:6e:69:57:
         5c:c5:d2:43:d7:92:38:fe:98:13:1b:f9:9a:ed:8e:bc:34:79:
         49:74:54:ea:44:bc:ff:1e:94:c4:73:4a:63:d8:29:d5:05:2f:
         4d:0d:09:99:59:e7:4e:a3:88:8c:5c:1f:4e:1b:a5:e5:f7:6b:
         9a:e8:3e:e7:0a:49:20:39:9a:f2:40:7f:ca:cb:c6:db:0d:ac:
         ee:85:f6:fb:d3:cf:1c:ba:3d:50:ee:52:14:2c:b3:6f:19:4d:
         29:3d:a4:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuBGGLPLwU+xKZUx6J2OPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwMTAxMjAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMwMjM3YWM0ZTQxMmViZTdmNGJlNTM0NzNiMDM1NGQyZTAyM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpWQajkV9CrQplUjjzKm5de08mrH
fqCfvO/V+JSaL9XzodeDrs9uaCXB2u8YyJyXHKTw13cO8FVoukzIRhcPJoSjUANS
IR+P7hg3MxHBPoQa/zuLz0IDHjYuAx+duLSTDnSWlLmcz9BpHjZUEWzY0/ft24HA
/4ohsd503eA38aLE++z4DoN2ZhH50yUb3Nc5lzREW1WwSLC9gAnMJ/tEnDadh6Ay
l4OQvnMpURIUCuPX/ohEwU5GnmsXJndZvu6vpblQq9hJoBJ9pYKIEk5edVoqOUTd
kBP3iHBkHfidliqI22GaOKYJjFeUTcZv9DcNT9ECXPOBBNjBkO9gQEpbZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/AI3rE5BLr5/S+U0c7A1TS4CPjMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvTDhBamVzVGtFdXZuOUw1VFJ6c0RWTkxnSS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSnxAwQA
uZghMA0GCSqGSIb3DQEBCwUAA4IBAQBlLPr4R3k8+KKb/+zpl7AW0NjcqVkVcoT0
tja4sNTETm0p7TbYzFJoXZ90Gd3/dVZ8V2hXo7lWiA2tm2Q1aO3W0tbPukUNza+r
myiM+VUp3aq3qCxRYam13yzyRtILQB2CXPBU1CLwRjc+uKzodm+3HkGO37LphEdA
IJtE9H81/hlWd5FPlbEenhB4zxmBGTDEPL3F1CS54IJ4XRrendVuaVdcxdJD15I4
/pgTG/ma7Y68NHlJdFTqRLz/HpTEc0pj2CnVBS9NDQmZWedOo4iMXB9OG6Xl92ua
6D7nCkkgOZryQH/Ky8bbDazuhfb7088cuj1Q7lIULLNvGU0pPaRO
-----END CERTIFICATE-----