Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/g8LsHniXSarLS2cNouG__0m56zY.roa
File:                     g8LsHniXSarLS2cNouG__0m56zY.roa (raw, json)
Hash identifier:          kFj/X4Vv8qcfRIlmUs+3aIO5ErZ5c9BrY7BlKXyzwc4=
Subject key identifier:   83:C2:EC:1E:78:97:49:AA:CB:4B:67:0D:A2:E1:BF:FF:49:B9:EB:36
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC3380BE1391018E05A19F9CB004E
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/g8LsHniXSarLS2cNouG__0m56zY.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48990
IP address blocks:        185.210.88.0/22 maxlen: 24
                          185.235.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c3:38:0b:e1:39:10:18:e0:5a:19:f9:cb:00:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83c2ec1e789749aacb4b670da2e1bfff49b9eb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bc:07:d6:f1:47:9c:0a:57:a5:1e:9b:0d:31:
                    e2:24:23:99:4a:89:c5:0c:95:a6:13:52:a2:29:23:
                    17:b8:61:c0:be:a1:09:88:0c:8f:df:3d:e7:0e:32:
                    2a:1a:1e:0e:bc:03:b3:20:f1:60:09:e3:32:6f:d1:
                    ce:21:41:2c:6e:15:af:20:ea:1a:53:5e:84:05:26:
                    1e:f6:78:73:32:01:4c:be:49:9d:ca:e8:e2:e6:7c:
                    07:56:52:57:cc:f0:f1:d6:6a:e6:b8:ae:e6:4f:1a:
                    58:56:01:90:21:6c:af:2d:ed:2c:02:82:b0:2e:a4:
                    aa:9a:54:84:f8:e5:fd:ed:9c:df:f8:ce:26:a6:b8:
                    72:74:af:50:23:a8:06:a8:2a:99:ea:b0:a1:99:bd:
                    41:e6:8f:ed:6a:d6:38:dc:fc:e4:98:38:a3:66:f9:
                    30:3b:65:b8:60:b2:a3:01:40:4c:3c:52:ad:17:ef:
                    aa:33:4f:ac:48:25:05:b3:e0:3c:b7:ce:15:58:61:
                    65:a6:b4:4d:5b:6b:67:5a:44:3a:15:4f:bd:d8:08:
                    9d:dd:e0:fa:c1:5c:59:d6:f5:6b:f2:e2:22:17:9f:
                    32:6c:89:d3:0f:18:8a:21:51:a2:65:2a:19:e1:51:
                    56:bc:1d:5e:ec:a3:80:f2:77:86:d1:0e:31:51:4f:
                    ee:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C2:EC:1E:78:97:49:AA:CB:4B:67:0D:A2:E1:BF:FF:49:B9:EB:36
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/g8LsHniXSarLS2cNouG__0m56zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.88.0/22
                  185.235.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:64:ed:c5:fe:29:f3:e6:79:eb:8c:d6:0a:02:e4:d8:9f:9f:
         42:cd:09:ca:66:7a:ff:12:29:98:c5:bd:2e:29:ee:98:e8:b9:
         bb:84:8d:52:61:4f:c5:3a:ae:a1:52:ad:2b:5d:41:a0:34:9d:
         ee:0b:65:d9:4e:63:69:0a:af:9f:25:71:b7:1c:a8:70:25:62:
         49:a9:87:ab:ad:c4:0c:57:d4:ce:99:37:8c:40:be:01:d8:cf:
         0c:18:9a:84:98:0b:83:76:f2:8b:69:01:af:78:fe:a9:09:52:
         5c:1a:8c:13:0e:47:42:f6:88:81:cc:1f:6d:2d:ba:f2:c1:3a:
         6c:74:fc:34:e6:8a:48:10:2e:52:b8:a4:8e:e9:1a:2d:79:f3:
         bf:d4:98:0f:98:97:59:af:af:6e:67:c6:3a:11:bf:77:91:38:
         68:39:a7:ba:e4:93:aa:b8:74:15:5b:b1:c5:ed:92:6e:73:59:
         02:9b:fb:52:28:c2:9f:70:ab:f1:04:80:77:bf:8d:8b:97:7e:
         a7:e1:6a:7f:c5:cd:68:46:9c:ae:7c:1e:f0:87:1e:4d:ee:46:
         e2:cc:5a:df:41:eb:cc:fc:ec:bf:2b:e7:c6:8f:af:72:8d:a8:
         b8:24:5f:d4:49:96:89:86:0e:85:fa:2a:b5:6b:83:68:9b:f2:
         89:f7:d6:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2sM4C+E5EBjgWhn5ywBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2MyZWMxZTc4OTc0OWFhY2I0YjY3MGRhMmUxYmZmZjQ5YjllYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rwH1vFHnApXpR6bDTHiJCOZSonF
DJWmE1KiKSMXuGHAvqEJiAyP3z3nDjIqGh4OvAOzIPFgCeMyb9HOIUEsbhWvIOoa
U16EBSYe9nhzMgFMvkmdyuji5nwHVlJXzPDx1mrmuK7mTxpYVgGQIWyvLe0sAoKw
LqSqmlSE+OX97Zzf+M4mprhydK9QI6gGqCqZ6rChmb1B5o/tatY43PzkmDijZvkw
O2W4YLKjAUBMPFKtF++qM0+sSCUFs+A8t84VWGFlprRNW2tnWkQ6FU+92Aid3eD6
wVxZ1vVr8uIiF58ybInTDxiKIVGiZSoZ4VFWvB1e7KOA8neG0Q4xUU/uWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIPC7B54l0mqy0tnDaLhv/9Jues2MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvZzhMc0huaVhTYXJMUzJjTm91R19fMG01NnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCudJYAwQC
uetkMA0GCSqGSIb3DQEBCwUAA4IBAQAzZO3F/inz5nnrjNYKAuTYn59CzQnKZnr/
EimYxb0uKe6Y6Lm7hI1SYU/FOq6hUq0rXUGgNJ3uC2XZTmNpCq+fJXG3HKhwJWJJ
qYerrcQMV9TOmTeMQL4B2M8MGJqEmAuDdvKLaQGveP6pCVJcGowTDkdC9oiBzB9t
LbrywTpsdPw05opIEC5SuKSO6RotefO/1JgPmJdZr69uZ8Y6Eb93kThoOae65JOq
uHQVW7HF7ZJuc1kCm/tSKMKfcKvxBIB3v42Ll36n4Wp/xc1oRpyufB7whx5N7kbi
zFrfQevM/Oy/K+fGj69yjai4JF/USZaJhg6F+iq1a4Nom/KJ99Zu
-----END CERTIFICATE-----