Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/j8hWa4gTxLMvlBkrsXOBvJC43Dg.roa
File:                     j8hWa4gTxLMvlBkrsXOBvJC43Dg.roa (raw, json)
Hash identifier:          egeIWfIMHf0GJqYbUN+XoyboVksRTqaN2A5D7ddlBE4=
Subject key identifier:   8F:C8:56:6B:88:13:C4:B3:2F:94:19:2B:B1:73:81:BC:90:B8:DC:38
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F21C0970866D7A38CBA3AFB14B21
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/j8hWa4gTxLMvlBkrsXOBvJC43Dg.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6867
IP address blocks:        194.177.197.0/24 maxlen: 24
                          2001:648:2c00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f2:1c:09:70:86:6d:7a:38:cb:a3:af:b1:4b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fc8566b8813c4b32f94192bb17381bc90b8dc38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:0b:96:d9:c2:24:db:9e:1b:99:b6:65:5f:e3:
                    d1:53:da:c4:94:13:dd:80:b4:14:43:7f:5e:f8:8a:
                    8e:8d:92:b2:4c:e8:23:0c:48:36:b9:e5:4d:34:87:
                    21:39:bb:19:05:06:f5:2f:79:d6:77:1e:3e:79:9f:
                    62:5b:c9:c7:09:ca:f6:48:09:7f:b7:dc:5e:d3:ba:
                    ca:1d:a0:fa:b7:1d:b5:9c:ea:d9:12:ba:6d:43:0f:
                    1e:e9:cf:36:41:da:8a:e8:77:14:f2:d5:7e:8d:49:
                    e1:86:20:6f:27:b8:b1:0e:e6:91:72:d5:8a:4c:1b:
                    27:35:c4:9c:a6:23:9e:97:d0:9a:70:cc:fd:06:d1:
                    66:0b:a4:f8:e6:6b:24:db:89:33:87:f8:5a:26:8e:
                    08:07:a3:d4:a1:34:89:9c:8f:91:dc:cc:2c:c8:5e:
                    07:82:8d:93:1c:a6:8c:60:06:a3:a6:72:9b:ba:da:
                    ef:c0:6c:f4:99:38:93:25:49:dd:67:4d:6c:ca:65:
                    38:8f:75:6a:e1:75:97:8a:6d:c2:fd:6b:be:bb:6c:
                    02:1f:ac:ba:d5:ba:53:fc:53:10:43:99:0f:65:36:
                    b5:84:74:ac:a5:2d:65:18:20:9e:7a:76:a4:b7:19:
                    7f:19:88:ea:78:65:03:fc:0b:ce:b1:12:6c:ff:fc:
                    1c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C8:56:6B:88:13:C4:B3:2F:94:19:2B:B1:73:81:BC:90:B8:DC:38
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/j8hWa4gTxLMvlBkrsXOBvJC43Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.197.0/24
                IPv6:
                  2001:648:2c00::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:da:8c:dd:d1:39:73:ea:c0:5a:69:b2:c5:53:25:32:e0:fb:
         48:41:5e:29:79:2e:16:9d:76:d4:59:59:b8:f2:92:c2:a8:4a:
         71:de:65:8e:e6:6f:3b:64:4a:58:67:3e:df:bc:0e:d9:42:c2:
         d1:04:e0:33:78:4a:20:a7:c0:03:63:14:5c:2a:c4:e5:72:76:
         10:d2:f4:9d:2a:a7:aa:57:c0:e2:0c:ff:a3:ef:db:6d:33:01:
         4c:6f:1b:02:ad:72:1b:30:71:4d:0e:a3:80:6d:c6:cf:7d:a3:
         ae:b7:60:51:d5:f7:c1:48:3b:8e:60:44:40:90:1c:8c:0a:35:
         aa:e1:83:9c:53:eb:b1:13:b3:80:bf:84:92:48:50:c0:bd:4a:
         76:02:cf:41:db:34:1a:02:12:29:65:69:9c:e5:e4:d0:de:21:
         7a:07:b3:5a:93:de:71:f2:e3:64:d3:54:da:34:9c:c9:92:28:
         f6:f4:37:df:9c:0b:55:e7:2b:b0:80:fb:e7:a6:84:d6:ae:aa:
         e4:b0:43:0d:d5:56:6d:2b:d7:d2:25:df:da:ca:e0:d2:93:53:
         a0:87:03:27:f5:8c:77:ee:59:40:68:6a:71:67:a0:4f:48:44:
         a9:44:f3:2b:7c:ed:47:09:2f:b9:90:f8:0b:3d:df:de:2c:1c:
         18:7c:c3:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSPIcCXCGbXo4y6OvsUshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM4NTY2Yjg4MTNjNGIzMmY5NDE5MmJiMTczODFiYzkwYjhkYzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QuW2cIk254bmbZlX+PRU9rElBPd
gLQUQ39e+IqOjZKyTOgjDEg2ueVNNIchObsZBQb1L3nWdx4+eZ9iW8nHCcr2SAl/
t9xe07rKHaD6tx21nOrZErptQw8e6c82QdqK6HcU8tV+jUnhhiBvJ7ixDuaRctWK
TBsnNcScpiOel9CacMz9BtFmC6T45msk24kzh/haJo4IB6PUoTSJnI+R3MwsyF4H
go2THKaMYAajpnKbutrvwGz0mTiTJUndZ01symU4j3Vq4XWXim3C/Wu+u2wCH6y6
1bpT/FMQQ5kPZTa1hHSspS1lGCCeenaktxl/GYjqeGUD/AvOsRJs//wcqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI/IVmuIE8SzL5QZK7FzgbyQuNw4MB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvajhoV2E0Z1R4TE12bEJrcnNYT0J2SkM0M0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwrHFMA8E
AgACMAkDBwAgAQZILAAwDQYJKoZIhvcNAQELBQADggEBAEXajN3ROXPqwFppssVT
JTLg+0hBXil5LhaddtRZWbjyksKoSnHeZY7mbztkSlhnPt+8DtlCwtEE4DN4SiCn
wANjFFwqxOVydhDS9J0qp6pXwOIM/6Pv220zAUxvGwKtchswcU0Oo4Btxs99o663
YFHV98FIO45gRECQHIwKNarhg5xT67ETs4C/hJJIUMC9SnYCz0HbNBoCEillaZzl
5NDeIXoHs1qT3nHy42TTVNo0nMmSKPb0N9+cC1XnK7CA++emhNauquSwQw3VVm0r
19Il39rK4NKTU6CHAyf1jHfuWUBoanFnoE9IRKlE8yt87UcJL7mQ+As9394sHBh8
w/w=
-----END CERTIFICATE-----