Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8oP_VAWoP11v3BGXZ2emNLBjtgU.roa
File:                     8oP_VAWoP11v3BGXZ2emNLBjtgU.roa (raw, json)
Hash identifier:          cbssEtp4UtpQjlAVZ/fRAqVLmrZnkVhlhW4BvEAMpIM=
Subject key identifier:   F2:83:FF:54:05:A8:3F:5D:6F:DC:11:97:67:67:A6:34:B0:63:B6:05
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018E04C9F5CE7016834396C275357F3ED3B9
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8oP_VAWoP11v3BGXZ2emNLBjtgU.roa
Signing time:             Sun 03 Mar 2024 14:48:48 +0000
ROA not before:           Sun 03 Mar 2024 14:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215411
IP address blocks:        45.67.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:04:c9:f5:ce:70:16:83:43:96:c2:75:35:7f:3e:d3:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  3 14:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f283ff5405a83f5d6fdc11976767a634b063b605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:42:08:13:87:5e:84:31:f7:4d:fe:01:54:91:
                    e1:3e:d9:61:7c:77:0b:0f:18:c0:69:da:b4:ff:c2:
                    4c:93:41:71:dd:23:5b:7f:0a:3b:67:5c:08:9c:a2:
                    88:3e:c7:01:93:77:65:60:82:19:3c:5d:6a:2e:32:
                    9d:c0:a3:76:b1:47:5b:34:7b:f7:95:7c:95:46:f6:
                    6b:d6:f4:9f:07:99:7f:62:e0:61:cd:66:5a:d7:18:
                    65:18:65:20:ff:9e:87:03:28:cf:c0:35:56:ff:3b:
                    c9:a9:28:d3:2c:99:2f:93:57:4c:da:ca:3b:3d:65:
                    39:50:b1:f2:82:af:49:4c:4d:a7:59:bb:b1:8c:e2:
                    2e:ae:0d:cb:f6:f1:39:8c:1c:a5:fa:dc:fd:4b:94:
                    0d:cd:c1:b8:d3:5e:9b:42:73:25:9e:08:f3:c1:26:
                    83:7c:66:9c:79:83:93:aa:b5:a1:8a:72:06:3c:24:
                    90:51:09:c0:a5:71:60:60:43:35:81:79:7e:a1:79:
                    79:0d:59:d3:11:c2:98:4e:33:50:06:32:11:6b:a5:
                    08:34:00:46:a5:d6:0e:ea:cd:04:cc:ca:e0:25:ef:
                    5c:2b:52:c0:7b:98:3f:c5:3e:41:7a:49:51:2d:6b:
                    3a:06:b7:9d:53:88:c7:a3:b4:72:2c:b8:62:00:d4:
                    a4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:83:FF:54:05:A8:3F:5D:6F:DC:11:97:67:67:A6:34:B0:63:B6:05
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8oP_VAWoP11v3BGXZ2emNLBjtgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:0d:1d:91:e2:6c:fb:4e:54:59:78:72:55:72:4e:6d:4d:cc:
         b1:6d:9f:df:f9:fb:38:fc:c3:13:dc:5c:59:a3:c0:02:3e:ad:
         aa:17:ff:5c:c0:53:e9:2c:fb:ce:6d:f5:8f:8f:9d:b3:6b:cd:
         37:77:2f:69:1e:cf:71:bc:d6:20:46:35:83:e9:60:fe:d5:db:
         30:63:d7:55:38:0b:8a:bb:4b:9a:26:11:bd:ab:9d:30:50:44:
         32:96:68:20:9c:fa:8c:92:1a:63:96:0c:e9:1b:83:ba:69:a5:
         0b:0a:2d:72:39:3c:8b:6f:50:71:06:09:d8:6b:d8:9f:6b:3d:
         82:df:86:bc:d5:50:f3:05:ab:d0:63:17:10:95:da:ef:f2:b5:
         2d:07:c1:88:a2:d9:61:1e:32:af:06:ae:60:39:d4:33:39:1c:
         c3:b9:a1:18:73:ed:b6:b4:61:1d:4a:2e:83:25:25:fe:de:3a:
         16:b9:3c:98:3f:07:e0:ba:39:b2:c6:1c:e5:06:98:f9:19:52:
         86:cb:23:fa:5c:dd:8c:1d:71:b0:92:f2:15:f2:5d:85:12:2f:
         68:d8:8a:8a:d8:53:87:22:4a:63:63:8d:f2:90:45:9b:ba:d9:
         c8:19:e6:76:5c:6a:a4:2f:d2:db:28:83:e3:13:a3:99:47:73:
         19:d2:08:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4EyfXOcBaDQ5bCdTV/PtO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMzAzMTQ0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgzZmY1NDA1YTgzZjVkNmZkYzExOTc2NzY3YTYzNGIwNjNiNjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUIIE4dehDH3Tf4BVJHhPtlhfHcL
DxjAadq0/8JMk0Fx3SNbfwo7Z1wInKKIPscBk3dlYIIZPF1qLjKdwKN2sUdbNHv3
lXyVRvZr1vSfB5l/YuBhzWZa1xhlGGUg/56HAyjPwDVW/zvJqSjTLJkvk1dM2so7
PWU5ULHygq9JTE2nWbuxjOIurg3L9vE5jByl+tz9S5QNzcG4016bQnMlngjzwSaD
fGaceYOTqrWhinIGPCSQUQnApXFgYEM1gXl+oXl5DVnTEcKYTjNQBjIRa6UINABG
pdYO6s0EzMrgJe9cK1LAe5g/xT5BeklRLWs6BredU4jHo7RyLLhiANSkhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKD/1QFqD9db9wRl2dnpjSwY7YFMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvOG9QX1ZBV29QMTF2M0JHWFoyZW1OTEJqdGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUPLMA0G
CSqGSIb3DQEBCwUAA4IBAQB6DR2R4mz7TlRZeHJVck5tTcyxbZ/f+fs4/MMT3FxZ
o8ACPq2qF/9cwFPpLPvObfWPj52za803dy9pHs9xvNYgRjWD6WD+1dswY9dVOAuK
u0uaJhG9q50wUEQylmggnPqMkhpjlgzpG4O6aaULCi1yOTyLb1BxBgnYa9ifaz2C
34a81VDzBavQYxcQldrv8rUtB8GIotlhHjKvBq5gOdQzORzDuaEYc+22tGEdSi6D
JSX+3joWuTyYPwfgujmyxhzlBpj5GVKGyyP6XN2MHXGwkvIV8l2FEi9o2IqK2FOH
IkpjY43ykEWbutnIGeZ2XGqkL9LbKIPjE6OZR3MZ0ggM
-----END CERTIFICATE-----