Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/1-8Gxs5j_XOuXjuT72Ypy07HcnHM.roa
File:                     1-8Gxs5j_XOuXjuT72Ypy07HcnHM.roa (raw, json)
Hash identifier:          jV9wWGlpW7Go4ftZoMkqfEoDY9yowz7/C+Nwaf/knUg=
Subject key identifier:   FB:C1:B1:B3:98:FF:5C:EB:97:8E:E4:FB:D9:8A:72:D3:B1:DC:9C:73
Certificate issuer:       /CN=4df92658601094ed64985c64c6952be3416301ce
Certificate serial:       018CC2DB53B91A9ECDFDC34B2DDADE580CB6
Authority key identifier: 4D:F9:26:58:60:10:94:ED:64:98:5C:64:C6:95:2B:E3:41:63:01:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfkmWGAQlO1kmFxkxpUr40FjAc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/1-8Gxs5j_XOuXjuT72Ypy07HcnHM.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56376
IP address blocks:        185.139.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/TfkmWGAQlO1kmFxkxpUr40FjAc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/TfkmWGAQlO1kmFxkxpUr40FjAc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfkmWGAQlO1kmFxkxpUr40FjAc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:53:b9:1a:9e:cd:fd:c3:4b:2d:da:de:58:0c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df92658601094ed64985c64c6952be3416301ce
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbc1b1b398ff5ceb978ee4fbd98a72d3b1dc9c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:3d:3d:82:5d:27:b0:e2:88:1f:d2:ad:98:
                    ac:16:81:bf:21:1d:f2:90:be:8c:d7:80:1b:7e:b1:
                    9c:5c:1c:ca:00:da:87:33:77:08:0b:a2:98:f2:9e:
                    b0:93:1e:cb:cb:35:5f:dd:d8:7b:28:1d:54:99:08:
                    f3:e1:31:fe:a8:5f:0f:9b:c0:6a:7e:c8:d6:d4:dc:
                    a5:fa:9f:d7:40:fd:8e:e8:55:46:01:b9:92:61:c3:
                    a2:d2:e4:66:70:96:ba:2b:89:50:a4:c0:b5:1d:ce:
                    4e:6f:a2:f1:c7:39:b8:e8:50:e9:21:22:30:29:b3:
                    6a:26:21:3f:91:db:98:13:e3:b9:9c:97:3a:70:88:
                    f6:c8:e2:62:9f:c3:5c:28:29:48:b9:3e:9a:1c:75:
                    b7:c7:4b:c8:4c:6d:75:59:b8:f3:f1:05:c7:f1:36:
                    4d:7d:e5:b7:c8:02:0a:6b:15:06:10:1d:ed:10:10:
                    66:ce:9f:3c:64:3d:b0:3c:1b:67:c8:65:e0:c0:7b:
                    26:3c:e9:f6:96:47:19:94:c8:d6:ec:30:8e:81:27:
                    30:5e:e4:08:a4:11:31:5d:53:63:b4:9e:0f:b4:08:
                    57:ce:ff:a3:98:36:3e:58:4d:a0:77:df:04:01:e4:
                    1a:56:be:03:9b:4e:75:83:6c:a3:ab:24:07:4f:ce:
                    66:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C1:B1:B3:98:FF:5C:EB:97:8E:E4:FB:D9:8A:72:D3:B1:DC:9C:73
            X509v3 Authority Key Identifier:
                keyid:4D:F9:26:58:60:10:94:ED:64:98:5C:64:C6:95:2B:E3:41:63:01:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfkmWGAQlO1kmFxkxpUr40FjAc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/1-8Gxs5j_XOuXjuT72Ypy07HcnHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/a9e57e-2479-4576-b275-87433157a25b/1/TfkmWGAQlO1kmFxkxpUr40FjAc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:80:12:fd:9f:fa:bd:21:84:84:2a:5f:25:e4:4f:a2:6e:48:
         e5:41:27:b6:d3:83:37:21:17:b5:21:0b:20:74:77:67:b9:bc:
         0a:03:a5:2e:4f:3b:1c:ab:37:34:0d:16:17:80:82:3c:6e:26:
         f4:a0:b1:9e:93:1a:90:c2:39:c1:1a:ac:55:1b:aa:92:b5:0b:
         3b:d4:57:e1:73:b8:a8:60:50:61:ed:bf:ab:ca:26:fa:89:af:
         f0:93:7a:81:65:05:af:4e:a1:93:6d:50:84:83:1e:88:be:ca:
         1c:7c:dc:7d:c8:b1:0c:a2:41:66:3b:e9:da:d4:c0:37:d1:95:
         c1:12:f4:ca:80:c5:4b:0c:f5:1b:2a:a9:fc:bd:71:49:7f:45:
         ca:b5:3e:84:bb:45:32:2c:ea:e3:a3:86:a8:18:1e:7f:fc:20:
         5f:c1:cc:19:a5:ff:60:76:48:5a:b0:8a:61:4b:e8:bb:58:78:
         6e:f7:3e:a4:79:fb:8f:f6:09:fb:c7:6f:11:28:cb:1a:cc:e4:
         74:b5:9a:08:c7:65:ca:ca:53:1e:e0:cb:ea:77:6b:3d:0b:b3:
         9d:f2:a5:74:4b:29:03:45:4a:1b:9f:53:b1:5b:ff:e3:49:63:
         24:81:15:6c:04:67:33:77:ec:0d:e8:ab:ba:89:ff:4d:45:da:
         ed:a4:f5:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC21O5Gp7N/cNLLdreWAy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjkyNjU4NjAxMDk0ZWQ2NDk4NWM2NGM2OTUyYmUzNDE2
MzAxY2UwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmMxYjFiMzk4ZmY1Y2ViOTc4ZWU0ZmJkOThhNzJkM2IxZGM5YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA89PYJdJ7DiiB/SrZisFoG/IR3y
kL6M14AbfrGcXBzKANqHM3cIC6KY8p6wkx7LyzVf3dh7KB1UmQjz4TH+qF8Pm8Bq
fsjW1Nyl+p/XQP2O6FVGAbmSYcOi0uRmcJa6K4lQpMC1Hc5Ob6Lxxzm46FDpISIw
KbNqJiE/kduYE+O5nJc6cIj2yOJin8NcKClIuT6aHHW3x0vITG11Wbjz8QXH8TZN
feW3yAIKaxUGEB3tEBBmzp88ZD2wPBtnyGXgwHsmPOn2lkcZlMjW7DCOgScwXuQI
pBExXVNjtJ4PtAhXzv+jmDY+WE2gd98EAeQaVr4Dm051g2yjqyQHT85mFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvBsbOY/1zrl47k+9mKctOx3JxzMB8GA1UdIwQY
MBaAFE35JlhgEJTtZJhcZMaVK+NBYwHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZrbVdHQVFsTzFrbUZ4a3hwVXI0MEZqQWM0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9hOWU1N2UtMjQ3OS00NTc2LWIyNzUt
ODc0MzMxNTdhMjViLzEvMS04R3hzNWpfWE91WGp1VDcyWXB5MDdIY25ITS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDgvYTllNTdlLTI0NzktNDU3Ni1iMjc1LTg3NDMzMTU3YTI1
Yi8xL1Rma21XR0FRbE8xa21GeGt4cFVyNDBGakFjNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmLtzAN
BgkqhkiG9w0BAQsFAAOCAQEAgIAS/Z/6vSGEhCpfJeRPom5I5UEnttODNyEXtSEL
IHR3Z7m8CgOlLk87HKs3NA0WF4CCPG4m9KCxnpMakMI5wRqsVRuqkrULO9RX4XO4
qGBQYe2/q8om+omv8JN6gWUFr06hk21QhIMeiL7KHHzcfcixDKJBZjvp2tTAN9GV
wRL0yoDFSwz1Gyqp/L1xSX9FyrU+hLtFMizq46OGqBgef/wgX8HMGaX/YHZIWrCK
YUvou1h4bvc+pHn7j/YJ+8dvESjLGszkdLWaCMdlyspTHuDL6ndrPQuznfKldEsp
A0VKG59TsVv/40ljJIEVbARnM3fsDeiruon/TUXa7aT1QQ==
-----END CERTIFICATE-----