Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/M8dNAav4bGEdssIavf8xkWsYnhg.roa
File:                     M8dNAav4bGEdssIavf8xkWsYnhg.roa (raw, json)
Hash identifier:          XQuy4W50mLmkvV791/MW+gWfWSh1bhqASgHVJ90pFyY=
Subject key identifier:   33:C7:4D:01:AB:F8:6C:61:1D:B2:C2:1A:BD:FF:31:91:6B:18:9E:18
Certificate issuer:       /CN=8bc1168da16020287eea1fdeca0541930a9d3689
Certificate serial:       019420D5A9D35B28C351CD9ADCF87FB1D8B7
Authority key identifier: 8B:C1:16:8D:A1:60:20:28:7E:EA:1F:DE:CA:05:41:93:0A:9D:36:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i8EWjaFgICh-6h_eygVBkwqdNok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/M8dNAav4bGEdssIavf8xkWsYnhg.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198738
IP address blocks:        193.169.200.0/24 maxlen: 24
                          193.169.201.0/24 maxlen: 24
                          193.201.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/i8EWjaFgICh-6h_eygVBkwqdNok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/i8EWjaFgICh-6h_eygVBkwqdNok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i8EWjaFgICh-6h_eygVBkwqdNok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a9:d3:5b:28:c3:51:cd:9a:dc:f8:7f:b1:d8:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bc1168da16020287eea1fdeca0541930a9d3689
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33c74d01abf86c611db2c21abdff31916b189e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:08:8a:54:fc:2c:90:fe:4c:ab:bb:ed:1c:39:
                    98:74:19:66:90:f7:30:8f:bf:6a:b2:5b:5f:d2:99:
                    03:76:d9:c0:cc:4b:43:cb:c0:2c:54:43:b1:8d:ff:
                    5c:4c:5b:56:88:35:e1:15:23:ab:52:c7:eb:8a:64:
                    82:48:b3:77:22:cc:18:d1:e9:9f:a3:52:9f:70:f9:
                    e0:08:b9:34:4b:21:c3:13:ca:31:60:03:b7:2d:6e:
                    5f:bc:27:bc:0c:4f:c8:44:6a:09:ad:43:35:0b:9c:
                    3b:ca:79:ef:f7:98:7f:9f:e2:74:11:cd:a4:6d:ac:
                    af:f5:bd:61:6c:49:74:cd:6f:b0:1d:71:8e:ae:68:
                    d0:e8:79:bd:07:a5:e8:ae:09:3c:64:a0:84:05:96:
                    87:7e:5f:4f:0f:bb:15:b2:fa:90:73:25:6b:21:61:
                    b5:99:12:2e:8a:87:b8:c1:76:dc:bc:91:17:93:50:
                    7e:c6:e1:cf:f7:7b:00:e5:04:a7:78:d2:00:97:ad:
                    fc:05:06:8d:81:c3:12:c6:7f:1a:a7:51:c6:86:ae:
                    4c:8e:f9:83:cd:3a:d3:88:26:e0:5e:90:26:c6:d6:
                    c8:0d:e4:ee:61:8e:c9:5e:f5:f1:b3:ce:ea:a6:20:
                    e8:6a:fd:a7:8c:b6:88:96:2c:fb:30:f4:d0:ee:c5:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C7:4D:01:AB:F8:6C:61:1D:B2:C2:1A:BD:FF:31:91:6B:18:9E:18
            X509v3 Authority Key Identifier:
                keyid:8B:C1:16:8D:A1:60:20:28:7E:EA:1F:DE:CA:05:41:93:0A:9D:36:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i8EWjaFgICh-6h_eygVBkwqdNok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/M8dNAav4bGEdssIavf8xkWsYnhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/18bc60-eca6-48dd-ae99-26ce071b0c36/1/i8EWjaFgICh-6h_eygVBkwqdNok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.200.0/23
                  193.201.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6d:83:b4:88:ce:2c:ea:7a:93:e8:ce:ec:99:05:71:e6:6c:
         12:2e:af:08:ad:27:1e:94:ba:eb:5c:42:63:a0:74:ca:60:31:
         14:96:c4:1a:7b:6e:10:e7:53:8d:4e:6d:05:47:59:bc:ac:e2:
         a5:d3:eb:c8:f7:e2:93:59:93:02:77:12:bb:8a:7e:13:b9:e5:
         e2:a6:92:2b:66:ea:d4:73:fb:e8:40:54:75:8b:cf:49:12:60:
         4e:5d:69:19:e3:dc:b9:a9:8e:7e:23:bd:4a:d8:e1:3d:c8:1b:
         43:69:bf:22:03:a0:6e:d8:0b:57:ee:c8:aa:78:9e:70:e4:1a:
         02:94:59:f3:05:4d:55:e4:62:7a:67:d3:b9:e2:80:67:bf:2c:
         95:d2:cf:3d:fd:80:b7:d1:05:30:5e:56:43:51:5a:c1:ec:a7:
         34:ff:f3:6e:ee:80:b1:d7:12:9e:01:50:6c:66:56:0b:5e:72:
         f9:db:43:48:e7:c7:17:84:d6:d6:7b:98:57:13:f4:b6:94:4d:
         b1:a0:db:9c:05:8c:cc:35:c2:af:5b:f7:a9:e7:4e:84:80:81:
         e7:ef:ca:9c:0e:f9:3d:d6:d9:46:bf:a5:28:36:8c:ee:3e:85:
         a1:c9:2a:4a:6d:65:39:81:eb:e7:59:27:09:53:ca:7e:de:c2:
         4e:c7:c4:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1anTWyjDUc2a3Ph/sdi3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYzExNjhkYTE2MDIwMjg3ZWVhMWZkZWNhMDU0MTkzMGE5
ZDM2ODkwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2M3NGQwMWFiZjg2YzYxMWRiMmMyMWFiZGZmMzE5MTZiMTg5ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQiKVPwskP5Mq7vtHDmYdBlmkPcw
j79qsltf0pkDdtnAzEtDy8AsVEOxjf9cTFtWiDXhFSOrUsfrimSCSLN3IswY0emf
o1KfcPngCLk0SyHDE8oxYAO3LW5fvCe8DE/IRGoJrUM1C5w7ynnv95h/n+J0Ec2k
bayv9b1hbEl0zW+wHXGOrmjQ6Hm9B6Xorgk8ZKCEBZaHfl9PD7sVsvqQcyVrIWG1
mRIuioe4wXbcvJEXk1B+xuHP93sA5QSneNIAl638BQaNgcMSxn8ap1HGhq5MjvmD
zTrTiCbgXpAmxtbIDeTuYY7JXvXxs87qpiDoav2njLaIliz7MPTQ7sWUMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDPHTQGr+GxhHbLCGr3/MZFrGJ4YMB8GA1UdIwQY
MBaAFIvBFo2hYCAofuof3soFQZMKnTaJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaThFV2phRmdJQ2gtNmhfZXlnVkJrd3FkTm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8xOGJjNjAtZWNhNi00OGRkLWFlOTkt
MjZjZTA3MWIwYzM2LzEvTThkTkFhdjRiR0Vkc3NJYXZmOHhrV3NZbmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8xOGJjNjAtZWNhNi00OGRkLWFlOTktMjZjZTA3MWIwYzM2
LzEvaThFV2phRmdJQ2gtNmhfZXlnVkJrd3FkTm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwanIAwQA
wclDMA0GCSqGSIb3DQEBCwUAA4IBAQCAbYO0iM4s6nqT6M7smQVx5mwSLq8IrSce
lLrrXEJjoHTKYDEUlsQae24Q51ONTm0FR1m8rOKl0+vI9+KTWZMCdxK7in4TueXi
ppIrZurUc/voQFR1i89JEmBOXWkZ49y5qY5+I71K2OE9yBtDab8iA6Bu2AtX7siq
eJ5w5BoClFnzBU1V5GJ6Z9O54oBnvyyV0s89/YC30QUwXlZDUVrB7Kc0//Nu7oCx
1xKeAVBsZlYLXnL520NI58cXhNbWe5hXE/S2lE2xoNucBYzMNcKvW/ep506EgIHn
78qcDvk91tlGv6UoNozuPoWhySpKbWU5gevnWScJU8p+3sJOx8QA
-----END CERTIFICATE-----