Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/8s3dvDOpKfKvysldwSVNhlHHXQ4.roa
File:                     8s3dvDOpKfKvysldwSVNhlHHXQ4.roa (raw, json)
Hash identifier:          juhFAO3xvhev7E4Eo7gSkAfpubSKRHb6ORQ71ihMHf0=
Subject key identifier:   F2:CD:DD:BC:33:A9:29:F2:AF:CA:C9:5D:C1:25:4D:86:51:C7:5D:0E
Certificate issuer:       /CN=2101b6388d6435f54990905382b41dc9675fd490
Certificate serial:       018F7CBF57FE7DB1DC311463C59693296D49
Authority key identifier: 21:01:B6:38:8D:64:35:F5:49:90:90:53:82:B4:1D:C9:67:5F:D4:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQG2OI1kNfVJkJBTgrQdyWdf1JA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/8s3dvDOpKfKvysldwSVNhlHHXQ4.roa
Signing time:             Wed 15 May 2024 14:54:25 +0000
ROA not before:           Wed 15 May 2024 14:54:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198371
IP address blocks:        217.79.148.0/24 maxlen: 24
                          217.79.149.0/24 maxlen: 24
                          217.79.150.0/24 maxlen: 24
                          217.79.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/IQG2OI1kNfVJkJBTgrQdyWdf1JA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/IQG2OI1kNfVJkJBTgrQdyWdf1JA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQG2OI1kNfVJkJBTgrQdyWdf1JA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:bf:57:fe:7d:b1:dc:31:14:63:c5:96:93:29:6d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2101b6388d6435f54990905382b41dc9675fd490
        Validity
            Not Before: May 15 14:54:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2cdddbc33a929f2afcac95dc1254d8651c75d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:46:13:11:82:2d:68:ff:6f:89:1f:55:aa:
                    66:66:29:7b:c0:e9:fb:36:e9:30:a3:1b:31:8a:51:
                    2b:79:46:b4:97:34:48:c1:02:e6:20:f8:50:a8:ce:
                    b7:c8:25:c6:ed:99:ff:a0:52:64:72:8a:ce:8e:b3:
                    06:b2:2b:ac:29:61:99:cd:bc:5d:14:d4:31:00:08:
                    e6:b3:fb:22:10:8f:80:39:e4:4a:9f:73:13:2f:52:
                    83:f3:38:98:0a:ab:0f:29:31:aa:42:90:a0:87:b8:
                    9b:53:4c:2b:7d:9d:c2:d4:e0:bb:90:80:a4:15:cb:
                    32:a6:42:17:b4:bb:01:86:c9:bf:bb:94:23:ec:26:
                    ba:b8:2c:64:e2:27:22:2c:8a:13:ef:fa:7a:cd:90:
                    eb:26:f1:b4:68:43:bd:86:d7:05:83:28:ff:c5:3c:
                    69:4c:7a:af:a5:57:af:f6:45:bf:f6:6c:64:5b:5b:
                    04:2e:d5:e5:90:e3:d2:a4:3d:f3:f5:a5:5f:ec:c8:
                    cd:2c:36:f0:a5:d5:e4:63:13:b2:01:05:fa:3c:95:
                    36:f9:48:3a:70:17:af:14:b0:ee:35:dd:7f:2f:01:
                    22:e0:86:99:e0:3a:5b:20:5f:bc:66:6d:3e:fb:f6:
                    b3:a7:83:6d:ce:7b:0e:8a:99:03:40:bb:5a:08:34:
                    8b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CD:DD:BC:33:A9:29:F2:AF:CA:C9:5D:C1:25:4D:86:51:C7:5D:0E
            X509v3 Authority Key Identifier:
                keyid:21:01:B6:38:8D:64:35:F5:49:90:90:53:82:B4:1D:C9:67:5F:D4:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQG2OI1kNfVJkJBTgrQdyWdf1JA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/8s3dvDOpKfKvysldwSVNhlHHXQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c2095a-3b3d-4ac4-9c32-4df8912188f7/1/IQG2OI1kNfVJkJBTgrQdyWdf1JA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.79.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:0d:59:d8:63:54:db:11:a9:6c:45:de:ee:30:0f:6c:8a:fa:
         7b:43:0c:b7:86:11:69:53:ba:48:41:ee:e0:95:5b:9e:5e:62:
         e9:11:44:bf:6b:a4:63:8c:32:9d:2e:60:0b:cd:2b:4d:a6:8f:
         bb:6f:65:00:27:a4:9f:ff:a5:b4:18:21:79:e1:51:0e:83:e9:
         b1:85:20:e2:f4:6e:03:22:3e:ba:ef:cd:9f:9a:06:5f:11:44:
         47:bb:4c:a7:73:d0:3e:84:ff:bf:60:2f:ed:ad:7f:7e:33:a0:
         6c:3c:63:39:2d:d1:61:1e:a9:42:8b:3a:16:e8:19:01:43:aa:
         eb:66:5a:9c:80:25:49:ca:d7:5b:39:0d:87:33:62:b1:03:09:
         7a:08:cf:1e:e4:15:56:0f:6e:9b:95:ab:ba:d3:30:7f:57:2c:
         5c:9d:83:17:96:6c:27:d9:2d:5a:df:46:09:97:60:02:36:d1:
         80:ac:76:6c:63:1e:d0:e8:d7:7f:8f:94:82:b3:cb:a2:27:55:
         ca:30:e4:f9:d5:fd:f8:3f:03:ca:a0:16:35:a6:a3:cd:92:bb:
         e2:e5:d5:51:9d:03:11:b4:74:8b:9d:66:c5:96:cd:57:55:d5:
         28:50:54:d9:66:9c:3b:21:fc:50:87:56:3b:d8:91:c6:0d:00:
         1a:5e:e3:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY98v1f+fbHcMRRjxZaTKW1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDFiNjM4OGQ2NDM1ZjU0OTkwOTA1MzgyYjQxZGM5Njc1
ZmQ0OTAwHhcNMjQwNTE1MTQ1NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNkZGRiYzMzYTkyOWYyYWZjYWM5NWRjMTI1NGQ4NjUxYzc1ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt75GExGCLWj/b4kfVapmZil7wOn7
NukwoxsxilEreUa0lzRIwQLmIPhQqM63yCXG7Zn/oFJkcorOjrMGsiusKWGZzbxd
FNQxAAjms/siEI+AOeRKn3MTL1KD8ziYCqsPKTGqQpCgh7ibU0wrfZ3C1OC7kICk
FcsypkIXtLsBhsm/u5Qj7Ca6uCxk4iciLIoT7/p6zZDrJvG0aEO9htcFgyj/xTxp
THqvpVev9kW/9mxkW1sELtXlkOPSpD3z9aVf7MjNLDbwpdXkYxOyAQX6PJU2+Ug6
cBevFLDuNd1/LwEi4IaZ4DpbIF+8Zm0++/azp4NtznsOipkDQLtaCDSLmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLN3bwzqSnyr8rJXcElTYZRx10OMB8GA1UdIwQY
MBaAFCEBtjiNZDX1SZCQU4K0HclnX9SQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFHMk9JMWtOZlZKa0pCVGdyUWR5V2RmMUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jMjA5NWEtM2IzZC00YWM0LTljMzIt
NGRmODkxMjE4OGY3LzEvOHMzZHZET3BLZkt2eXNsZHdTVk5obEhIWFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jMjA5NWEtM2IzZC00YWM0LTljMzItNGRmODkxMjE4OGY3
LzEvSVFHMk9JMWtOZlZKa0pCVGdyUWR5V2RmMUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2U+UMA0G
CSqGSIb3DQEBCwUAA4IBAQB+DVnYY1TbEalsRd7uMA9sivp7Qwy3hhFpU7pIQe7g
lVueXmLpEUS/a6RjjDKdLmALzStNpo+7b2UAJ6Sf/6W0GCF54VEOg+mxhSDi9G4D
Ij66782fmgZfEURHu0ync9A+hP+/YC/trX9+M6BsPGM5LdFhHqlCizoW6BkBQ6rr
ZlqcgCVJytdbOQ2HM2KxAwl6CM8e5BVWD26blau60zB/VyxcnYMXlmwn2S1a30YJ
l2ACNtGArHZsYx7Q6Nd/j5SCs8uiJ1XKMOT51f34PwPKoBY1pqPNkrvi5dVRnQMR
tHSLnWbFls1XVdUoUFTZZpw7IfxQh1Y72JHGDQAaXuOU
-----END CERTIFICATE-----