Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/8lMT6vqHPgd4FF2FbIALz1qCCnU.roa
File:                     8lMT6vqHPgd4FF2FbIALz1qCCnU.roa (raw, json)
Hash identifier:          3k3CD4VMukpSU1yLVPV6VScYv7/6D4mCm7ykk/o8QCQ=
Subject key identifier:   F2:53:13:EA:FA:87:3E:07:78:14:5D:85:6C:80:0B:CF:5A:82:0A:75
Certificate issuer:       /CN=712f9cb3c298b150beb79080376f74bdeac438ac
Certificate serial:       018CC64A8B08F2836D5E7C792BD54AC2FE24
Authority key identifier: 71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/8lMT6vqHPgd4FF2FbIALz1qCCnU.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203500
IP address blocks:        185.22.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 19:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8b:08:f2:83:6d:5e:7c:79:2b:d5:4a:c2:fe:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f9cb3c298b150beb79080376f74bdeac438ac
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f25313eafa873e0778145d856c800bcf5a820a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e2:ca:e8:22:91:80:71:c7:ee:7b:85:0a:ab:
                    42:e8:c2:92:01:65:58:f0:e3:d8:7c:3e:de:aa:1b:
                    3d:f3:9b:27:c1:4b:30:a4:12:20:fd:30:73:a1:bb:
                    5e:61:9b:34:58:ae:22:d3:ea:c3:4c:a8:86:62:a7:
                    62:50:73:49:86:48:c6:15:09:22:6b:87:34:dc:78:
                    fe:0f:82:11:db:7e:76:23:bd:42:b1:95:1d:b3:ee:
                    a2:db:a1:50:33:d7:73:45:61:55:0b:8a:e1:64:b5:
                    89:40:e1:ff:53:29:95:52:71:7b:a0:0f:cf:b2:8d:
                    0e:9b:ec:7d:50:67:6d:e3:cf:20:10:18:71:e4:a5:
                    fb:71:2e:52:dd:81:dd:8d:a9:86:f7:62:1c:9f:56:
                    db:f2:e7:38:37:2d:43:5d:f0:9a:e4:98:2c:13:c3:
                    3a:c3:cb:3b:4a:03:54:e7:79:05:93:60:c9:e1:8b:
                    26:8d:9c:d4:7b:23:22:b8:12:d7:0d:94:7c:86:86:
                    f6:10:c3:ec:87:f6:f6:3c:db:b0:a6:35:1c:04:8e:
                    d5:50:cb:c9:c5:e2:a7:d2:c6:a7:79:0f:1f:77:66:
                    ba:e4:8a:3d:b7:df:9f:21:80:d5:22:18:af:15:f4:
                    f9:fb:d4:03:70:e0:40:54:06:d7:29:ff:7f:a1:db:
                    13:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:53:13:EA:FA:87:3E:07:78:14:5D:85:6C:80:0B:CF:5A:82:0A:75
            X509v3 Authority Key Identifier:
                keyid:71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/8lMT6vqHPgd4FF2FbIALz1qCCnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:64:84:bd:f5:cf:28:cb:22:e6:a7:8c:10:e5:6d:3f:41:c9:
         4b:9e:ec:52:04:2c:cb:8b:bd:53:b5:e2:27:e8:07:51:10:8c:
         24:2f:3b:84:9b:af:59:1b:81:0f:7c:21:f6:ab:82:20:25:02:
         96:2e:55:9a:16:8b:08:f7:c1:87:61:c2:39:02:b6:29:e5:d7:
         7b:b2:f7:4a:d2:c1:7f:01:36:77:15:d7:22:d5:f8:6f:22:be:
         df:d3:38:84:43:cc:af:2f:23:af:f8:28:b8:28:24:f4:3e:40:
         fd:68:d9:fd:d5:5b:88:bd:73:cc:82:f0:0d:c8:4d:39:78:82:
         0b:07:8c:64:96:ae:db:7c:b9:fb:4f:e8:60:d1:9a:eb:f7:13:
         b4:cc:d7:73:57:12:9d:ea:e4:b0:7a:58:02:91:0d:b1:b3:a1:
         61:13:5e:5b:17:a4:9a:48:75:df:b8:5f:3e:2c:95:c2:50:e2:
         09:4b:ef:72:f5:40:bc:d1:ed:5b:07:f0:09:c2:fc:4f:55:3d:
         2d:ba:ce:a5:f6:7a:b9:9f:26:c2:bd:4d:1c:a3:49:e4:40:8e:
         4d:1c:dd:4b:cc:00:69:04:32:da:5b:25:9c:49:31:47:08:00:
         ea:ff:ef:e4:7b:c4:aa:af:d0:fd:1c:6a:61:44:6f:b5:df:1b:
         0e:a6:80:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSosI8oNtXnx5K9VKwv4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmY5Y2IzYzI5OGIxNTBiZWI3OTA4MDM3NmY3NGJkZWFj
NDM4YWMwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjUzMTNlYWZhODczZTA3NzgxNDVkODU2YzgwMGJjZjVhODIwYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuLK6CKRgHHH7nuFCqtC6MKSAWVY
8OPYfD7eqhs985snwUswpBIg/TBzobteYZs0WK4i0+rDTKiGYqdiUHNJhkjGFQki
a4c03Hj+D4IR2352I71CsZUds+6i26FQM9dzRWFVC4rhZLWJQOH/UymVUnF7oA/P
so0Om+x9UGdt488gEBhx5KX7cS5S3YHdjamG92Icn1bb8uc4Ny1DXfCa5JgsE8M6
w8s7SgNU53kFk2DJ4YsmjZzUeyMiuBLXDZR8hob2EMPsh/b2PNuwpjUcBI7VUMvJ
xeKn0saneQ8fd2a65Io9t9+fIYDVIhivFfT5+9QDcOBAVAbXKf9/odsTfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJTE+r6hz4HeBRdhWyAC89aggp1MB8GA1UdIwQY
MBaAFHEvnLPCmLFQvreQgDdvdL3qxDisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEt
OTg3ZGE0MzkyMDU2LzEvOGxNVDZ2cUhQZ2Q0RkYyRmJJQUx6MXFDQ25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEtOTg3ZGE0MzkyMDU2
LzEvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRaCMA0G
CSqGSIb3DQEBCwUAA4IBAQCpZIS99c8oyyLmp4wQ5W0/QclLnuxSBCzLi71TteIn
6AdREIwkLzuEm69ZG4EPfCH2q4IgJQKWLlWaFosI98GHYcI5ArYp5dd7svdK0sF/
ATZ3Fdci1fhvIr7f0ziEQ8yvLyOv+Ci4KCT0PkD9aNn91VuIvXPMgvANyE05eIIL
B4xklq7bfLn7T+hg0Zrr9xO0zNdzVxKd6uSwelgCkQ2xs6FhE15bF6SaSHXfuF8+
LJXCUOIJS+9y9UC80e1bB/AJwvxPVT0tus6l9nq5nybCvU0co0nkQI5NHN1LzABp
BDLaWyWcSTFHCADq/+/ke8Sqr9D9HGphRG+13xsOpoB3
-----END CERTIFICATE-----