Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/G8p6KBHKYWnr1d3ztzf31gNg1ac.roa
File:                     G8p6KBHKYWnr1d3ztzf31gNg1ac.roa (raw, json)
Hash identifier:          Vlz0CU2y9sUmid3tBgsjhz6wsKIOAJl1jnPT+EfopxM=
Subject key identifier:   1B:CA:7A:28:11:CA:61:69:EB:D5:DD:F3:B7:37:F7:D6:03:60:D5:A7
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B50C512E97B0FB6895AA9D956EA33
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/G8p6KBHKYWnr1d3ztzf31gNg1ac.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38047
IP address blocks:        85.209.254.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:50:c5:12:e9:7b:0f:b6:89:5a:a9:d9:56:ea:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bca7a2811ca6169ebd5ddf3b737f7d60360d5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:85:28:5e:e9:3d:38:38:8c:5f:40:4a:e0:
                    d8:1f:92:62:b4:13:27:33:7d:b7:8d:5b:64:7f:a5:
                    ca:9d:63:69:27:a5:82:53:c2:32:41:e0:7b:e8:7a:
                    74:ae:38:e3:8a:8a:d7:7d:0e:9f:60:a6:34:19:7b:
                    e9:bd:d5:f8:77:bb:a9:88:61:be:df:e6:ab:9e:7e:
                    42:1d:34:f6:52:11:47:d3:df:96:3c:f9:aa:65:a0:
                    26:c4:3e:84:a0:7f:56:a2:63:48:8e:c5:72:90:4a:
                    3f:5b:3b:bc:49:79:95:8a:a0:7e:69:d9:e8:c2:a3:
                    f2:f9:34:dd:ec:01:e9:38:a8:19:8c:6f:95:ec:9f:
                    3b:d1:8d:74:42:7a:bf:ed:df:a5:cf:30:55:40:35:
                    d0:41:8b:4b:6d:52:8c:fc:0a:63:f7:77:98:c9:81:
                    96:15:db:d1:7e:69:93:89:c4:63:bd:28:3d:eb:74:
                    a4:a8:7c:e1:8b:9b:ad:f0:48:65:89:38:a1:6a:3c:
                    d5:c8:33:e7:05:16:5f:a2:73:46:d6:58:02:d1:fa:
                    b6:a7:e9:96:75:ef:80:46:fd:cb:1c:14:d8:58:7e:
                    d9:df:d0:21:88:0a:2b:7d:6a:dd:32:68:48:83:f9:
                    b1:c1:51:7a:c4:9d:a9:c4:c0:c2:ba:13:ff:5a:e8:
                    24:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:CA:7A:28:11:CA:61:69:EB:D5:DD:F3:B7:37:F7:D6:03:60:D5:A7
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/G8p6KBHKYWnr1d3ztzf31gNg1ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:5b:33:46:2f:66:ad:b0:e0:11:49:6a:cf:f0:af:da:68:33:
         71:e2:af:23:b5:b1:6c:bb:8a:9c:4f:51:a1:6b:24:a1:1e:01:
         01:31:53:f9:69:bc:6f:64:0a:26:5d:34:16:bb:e3:2b:d9:72:
         54:0d:44:2b:d6:8f:18:9b:f7:b4:10:0c:f4:8a:f1:4d:ed:ac:
         ed:e9:79:58:aa:d0:25:72:af:ca:4c:9e:24:32:57:00:1e:0e:
         d9:bb:b1:34:5f:67:7e:06:f9:9f:40:d6:4e:2f:ef:1b:89:d9:
         67:bc:d9:ed:6a:61:74:5f:3a:ea:9f:c6:cd:29:dd:97:77:d8:
         3c:e7:11:da:41:84:c2:1d:ea:ee:78:99:0c:52:52:98:b3:34:
         d0:69:ec:e9:45:e9:ee:71:ea:3e:43:d8:31:12:ee:10:91:c1:
         11:46:43:26:aa:0e:05:67:50:7c:56:a3:7c:b4:be:01:03:80:
         39:d9:53:c9:25:15:f2:4a:a6:00:82:5a:c2:02:9c:f6:40:a3:
         60:6c:00:38:a0:49:ba:7c:40:29:fc:13:e9:39:51:fc:4e:21:
         d0:5c:a7:74:2c:72:78:8b:f1:be:1e:90:a6:91:bb:d9:6f:7f:
         26:75:1b:68:90:2e:0a:47:d9:f8:7e:2c:c4:0c:d5:68:1d:e3:
         de:39:3b:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1DFEul7D7aJWqnZVuozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmNhN2EyODExY2E2MTY5ZWJkNWRkZjNiNzM3ZjdkNjAzNjBkNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt76FKF7pPTg4jF9ASuDYH5JitBMn
M323jVtkf6XKnWNpJ6WCU8IyQeB76Hp0rjjjiorXfQ6fYKY0GXvpvdX4d7upiGG+
3+arnn5CHTT2UhFH09+WPPmqZaAmxD6EoH9WomNIjsVykEo/Wzu8SXmViqB+adno
wqPy+TTd7AHpOKgZjG+V7J870Y10Qnq/7d+lzzBVQDXQQYtLbVKM/Apj93eYyYGW
FdvRfmmTicRjvSg963SkqHzhi5ut8EhliTihajzVyDPnBRZfonNG1lgC0fq2p+mW
de+ARv3LHBTYWH7Z39AhiAorfWrdMmhIg/mxwVF6xJ2pxMDCuhP/WugkbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvKeigRymFp69Xd87c399YDYNWnMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvRzhwNktCSEtZV25yMWQzenR6ZjMxZ05nMWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdH+MA0G
CSqGSIb3DQEBCwUAA4IBAQAHWzNGL2atsOARSWrP8K/aaDNx4q8jtbFsu4qcT1Gh
ayShHgEBMVP5abxvZAomXTQWu+Mr2XJUDUQr1o8Ym/e0EAz0ivFN7azt6XlYqtAl
cq/KTJ4kMlcAHg7Zu7E0X2d+BvmfQNZOL+8bidlnvNntamF0Xzrqn8bNKd2Xd9g8
5xHaQYTCHerueJkMUlKYszTQaezpRenuceo+Q9gxEu4QkcERRkMmqg4FZ1B8VqN8
tL4BA4A52VPJJRXySqYAglrCApz2QKNgbAA4oEm6fEAp/BPpOVH8TiHQXKd0LHJ4
i/G+HpCmkbvZb38mdRtokC4KR9n4fizEDNVoHePeOTtS
-----END CERTIFICATE-----