Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/9fC8KPTzq3muTu_cE5lb0Qc3FQ0.roa
File:                     9fC8KPTzq3muTu_cE5lb0Qc3FQ0.roa (raw, json)
Hash identifier:          stNdiwZk7KfMafzxghGZaLKYrlcN6qsRnHeW4aGrcZI=
Subject key identifier:   F5:F0:BC:28:F4:F3:AB:79:AE:4E:EF:DC:13:99:5B:D1:07:37:15:0D
Certificate issuer:       /CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
Certificate serial:       018CC94DC7ED5AAAE623AB0A944ECAFDCC05
Authority key identifier: 80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/9fC8KPTzq3muTu_cE5lb0Qc3FQ0.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40965
IP address blocks:        185.110.133.0/24 maxlen: 24
                          185.110.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c7:ed:5a:aa:e6:23:ab:0a:94:4e:ca:fd:cc:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5f0bc28f4f3ab79ae4eefdc13995bd10737150d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c5:28:67:7c:9a:ac:32:c7:08:1a:a6:3f:07:
                    ca:09:4a:62:2e:3e:54:d2:02:b7:40:de:44:ce:f7:
                    fd:9e:6c:03:d5:5c:19:1b:be:f3:7c:e2:f6:dc:d4:
                    6f:6d:e4:02:79:8b:be:4f:bd:34:b7:34:6d:fe:b3:
                    fb:a4:fc:70:97:4f:c6:49:5c:2c:fe:54:c2:23:69:
                    0b:ce:4e:24:48:f3:e6:d3:c3:df:ae:ea:8d:47:eb:
                    c3:b5:c3:d1:3a:80:d1:61:e7:ea:29:f7:73:af:61:
                    56:11:0d:7a:73:a6:80:4c:d7:9e:e2:9c:76:47:aa:
                    f7:a6:94:57:65:05:d4:ee:9e:99:2c:d7:e6:cd:18:
                    68:a3:89:48:39:c1:cd:26:67:e1:bc:16:4b:77:be:
                    31:20:2e:57:26:8d:ca:9a:79:a2:9e:62:fa:0e:9c:
                    1a:bc:49:18:31:1d:6c:14:f3:22:c5:93:e3:33:99:
                    9b:1e:98:84:74:73:a7:76:96:fe:ba:d9:31:15:e8:
                    15:c9:3e:1d:bf:fb:8d:6d:94:97:9c:09:b1:7d:75:
                    04:0c:67:a7:6c:35:78:14:2a:d2:03:70:1a:19:e3:
                    b6:7c:ac:c6:b9:0c:e5:ce:f3:e8:3e:9b:8a:b8:08:
                    b6:0f:b9:8e:73:73:62:ed:75:a9:a2:bb:b5:1b:03:
                    f3:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F0:BC:28:F4:F3:AB:79:AE:4E:EF:DC:13:99:5B:D1:07:37:15:0D
            X509v3 Authority Key Identifier:
                keyid:80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/9fC8KPTzq3muTu_cE5lb0Qc3FQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cf:4d:d3:db:06:ee:d5:da:b8:ea:54:cc:64:eb:8c:d9:01:f9:
         51:a3:1e:52:d3:44:f9:67:58:e2:ac:c8:52:1a:1a:64:44:f8:
         33:0f:aa:99:a8:3e:50:bd:dd:88:b3:a4:f7:8c:ac:ea:e1:bd:
         f1:d2:b7:81:a2:0d:79:1b:00:68:c5:90:ec:95:2b:c7:89:e7:
         ee:52:b9:05:c0:8e:d7:f7:67:bb:28:4c:a1:44:72:f7:ee:61:
         fe:3f:d9:20:d2:cb:5f:00:fe:1a:15:39:87:36:6a:ed:ca:26:
         37:ea:07:0e:2c:2e:13:8e:b7:ff:85:f2:14:98:7d:46:7f:92:
         98:88:cf:be:c8:a0:9d:47:3e:bf:b5:e5:85:e5:c5:17:d2:21:
         36:7f:ec:26:0e:d5:19:cf:67:fc:2f:1b:f3:d8:87:d9:44:e2:
         a3:b4:d7:b9:27:12:8f:88:cb:52:9c:a7:52:22:2b:2e:c0:64:
         e1:ad:8e:22:9d:9a:72:fb:c0:3a:18:2e:14:d9:d3:37:af:9d:
         d7:20:7f:0b:4e:84:54:d7:15:50:16:e1:cc:4e:f1:f0:20:6b:
         32:f3:f8:7a:8f:3b:2e:72:ec:c5:8b:33:36:86:a5:02:00:5c:
         f3:e5:33:4b:85:cd:4a:ca:f7:05:63:91:70:c2:af:f1:e9:b8:
         af:6a:5d:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTcftWqrmI6sKlE7K/cwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYmQwMDgyOTUzNmQ0Nzc0NWY0N2RhOWQxYThhNzJmNmRk
NDYyZDQwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWYwYmMyOGY0ZjNhYjc5YWU0ZWVmZGMxMzk5NWJkMTA3MzcxNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8UoZ3yarDLHCBqmPwfKCUpiLj5U
0gK3QN5Ezvf9nmwD1VwZG77zfOL23NRvbeQCeYu+T700tzRt/rP7pPxwl0/GSVws
/lTCI2kLzk4kSPPm08PfruqNR+vDtcPROoDRYefqKfdzr2FWEQ16c6aATNee4px2
R6r3ppRXZQXU7p6ZLNfmzRhoo4lIOcHNJmfhvBZLd74xIC5XJo3KmnminmL6Dpwa
vEkYMR1sFPMixZPjM5mbHpiEdHOndpb+utkxFegVyT4dv/uNbZSXnAmxfXUEDGen
bDV4FCrSA3AaGeO2fKzGuQzlzvPoPpuKuAi2D7mOc3Ni7XWporu1GwPzMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXwvCj086t5rk7v3BOZW9EHNxUNMB8GA1UdIwQY
MBaAFIC9AIKVNtR3RfR9qdGopy9t1GLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMt
MDliOTkyMGZlMDBmLzEvOWZDOEtQVHpxM211VHVfY0U1bGIwUWMzRlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMtMDliOTkyMGZlMDBm
LzEvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW6EMA0G
CSqGSIb3DQEBCwUAA4IBAQDPTdPbBu7V2rjqVMxk64zZAflRox5S00T5Z1jirMhS
GhpkRPgzD6qZqD5Qvd2Is6T3jKzq4b3x0reBog15GwBoxZDslSvHiefuUrkFwI7X
92e7KEyhRHL37mH+P9kg0stfAP4aFTmHNmrtyiY36gcOLC4Tjrf/hfIUmH1Gf5KY
iM++yKCdRz6/teWF5cUX0iE2f+wmDtUZz2f8Lxvz2IfZROKjtNe5JxKPiMtSnKdS
IisuwGThrY4inZpy+8A6GC4U2dM3r53XIH8LToRU1xVQFuHMTvHwIGsy8/h6jzsu
cuzFizM2hqUCAFzz5TNLhc1KyvcFY5Fwwq/x6bival0x
-----END CERTIFICATE-----