Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/s8SaQXyhUxvWXDItM6AHkUcBRhk.roa
File:                     s8SaQXyhUxvWXDItM6AHkUcBRhk.roa (raw, json)
Hash identifier:          FLRNgGBuPELkrqMNTeIqpkeFXUupNLUAlnlDv2UWaOo=
Subject key identifier:   B3:C4:9A:41:7C:A1:53:1B:D6:5C:32:2D:33:A0:07:91:47:01:46:19
Certificate issuer:       /CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
Certificate serial:       018CC8713BA592F653557265B35B8B10D688
Authority key identifier: A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/s8SaQXyhUxvWXDItM6AHkUcBRhk.roa
Signing time:             Tue 02 Jan 2024 04:31:53 +0000
ROA not before:           Tue 02 Jan 2024 04:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207240
IP address blocks:        171.25.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3b:a5:92:f6:53:55:72:65:b3:5b:8b:10:d6:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
        Validity
            Not Before: Jan  2 04:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3c49a417ca1531bd65c322d33a0079147014619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c7:4b:92:cb:a6:ca:ff:2a:d8:0f:59:76:fe:
                    40:1c:da:23:c8:21:23:64:9a:30:08:30:fa:0d:06:
                    ed:24:c4:4f:ce:66:52:37:e1:b4:61:1b:46:23:a5:
                    9b:16:1f:76:12:f8:e5:0a:86:df:7b:27:f0:d3:4f:
                    ee:20:74:f4:93:99:3a:54:74:19:6f:11:6c:df:19:
                    66:6b:b5:f1:8f:82:48:b4:01:b5:e7:22:e2:5e:86:
                    49:ea:3c:f0:3b:18:8f:4b:19:2b:ac:1d:c9:ce:d3:
                    03:d5:0e:9e:24:e5:fe:4f:bc:57:ff:ac:f2:d7:a1:
                    7c:d7:77:4f:93:58:9f:9a:25:68:c4:fc:0a:60:07:
                    04:1d:f7:fc:77:a9:95:49:cc:60:d7:42:e4:b4:09:
                    a1:5c:51:c8:83:2f:9e:bb:07:ef:d0:d9:57:93:37:
                    3c:d5:92:9f:40:42:49:9b:7c:be:fd:03:a2:35:46:
                    85:a6:3f:97:5c:e3:64:e5:ce:c6:70:17:58:6e:33:
                    ca:c5:2c:f5:ac:c7:de:6c:6e:9b:d0:7d:58:38:07:
                    a7:f5:b4:e5:94:1c:be:2a:66:fc:50:29:0d:6f:c2:
                    2c:69:2d:bb:26:f6:4c:c5:96:1c:de:88:6a:35:f0:
                    2d:de:0e:f7:40:cd:27:32:9f:a2:dd:77:73:c7:92:
                    d0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C4:9A:41:7C:A1:53:1B:D6:5C:32:2D:33:A0:07:91:47:01:46:19
            X509v3 Authority Key Identifier:
                keyid:A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/s8SaQXyhUxvWXDItM6AHkUcBRhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:48:05:13:18:f2:5c:72:ee:2b:58:1a:8b:90:48:45:f5:b8:
         46:0e:54:62:8a:36:ff:73:6c:42:2b:ae:ae:ec:15:de:02:c9:
         71:98:80:2a:3f:2b:ab:57:6b:1c:b2:72:ac:21:37:d0:9e:e4:
         08:90:ac:32:8e:28:b4:f0:89:28:e3:af:16:78:23:38:d2:86:
         c2:19:41:c5:2a:d4:67:7d:e3:95:5b:5a:aa:8e:69:c6:96:7d:
         62:f5:35:67:38:c3:94:1e:1c:16:89:44:b2:eb:77:28:39:cf:
         cc:8c:ff:fc:47:d0:56:0e:d2:0e:55:38:e4:3d:58:5c:c8:da:
         51:e8:e4:98:93:c0:20:3b:1b:cf:8a:f1:d8:64:98:4d:b7:07:
         df:1c:de:0e:e9:71:69:d3:20:33:67:46:d5:16:e4:60:01:bc:
         74:b8:77:63:65:e5:b1:ce:95:e2:23:1b:4f:e7:a7:fe:3d:47:
         b3:5c:80:32:1e:e0:29:96:7c:13:2c:a6:79:44:61:30:9e:03:
         e8:40:1d:86:2d:66:5f:7a:f7:16:d3:7a:5a:fb:75:93:ad:a7:
         92:ba:c5:38:28:3b:2b:4c:52:10:50:05:f7:38:12:3d:09:0d:
         3d:0a:64:5c:72:b3:21:f1:f8:56:44:bf:d9:b6:b4:1c:e6:4e:
         62:c1:68:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTulkvZTVXJls1uLENaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNmQwYWU1ZTJmYmZmY2NlMDg3NzBlYmMyMGMyMTZiOWZi
Zjk0ODUwHhcNMjQwMTAyMDQzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2M0OWE0MTdjYTE1MzFiZDY1YzMyMmQzM2EwMDc5MTQ3MDE0NjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MdLksumyv8q2A9Zdv5AHNojyCEj
ZJowCDD6DQbtJMRPzmZSN+G0YRtGI6WbFh92EvjlCobfeyfw00/uIHT0k5k6VHQZ
bxFs3xlma7Xxj4JItAG15yLiXoZJ6jzwOxiPSxkrrB3JztMD1Q6eJOX+T7xX/6zy
16F813dPk1ifmiVoxPwKYAcEHff8d6mVScxg10LktAmhXFHIgy+euwfv0NlXkzc8
1ZKfQEJJm3y+/QOiNUaFpj+XXONk5c7GcBdYbjPKxSz1rMfebG6b0H1YOAen9bTl
lBy+Kmb8UCkNb8IsaS27JvZMxZYc3ohqNfAt3g73QM0nMp+i3Xdzx5LQnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPEmkF8oVMb1lwyLTOgB5FHAUYZMB8GA1UdIwQY
MBaAFKNtCuXi+//M4Idw68IMIWufv5SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAt
Y2JiOTUxODNiMjdhLzEvczhTYVFYeWhVeHZXWERJdE02QUhrVWNCUmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAtY2JiOTUxODNiMjdh
LzEvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxmxMA0G
CSqGSIb3DQEBCwUAA4IBAQACSAUTGPJccu4rWBqLkEhF9bhGDlRiijb/c2xCK66u
7BXeAslxmIAqPyurV2scsnKsITfQnuQIkKwyjii08Iko468WeCM40obCGUHFKtRn
feOVW1qqjmnGln1i9TVnOMOUHhwWiUSy63coOc/MjP/8R9BWDtIOVTjkPVhcyNpR
6OSYk8AgOxvPivHYZJhNtwffHN4O6XFp0yAzZ0bVFuRgAbx0uHdjZeWxzpXiIxtP
56f+PUezXIAyHuAplnwTLKZ5RGEwngPoQB2GLWZfevcW03pa+3WTraeSusU4KDsr
TFIQUAX3OBI9CQ09CmRccrMh8fhWRL/ZtrQc5k5iwWi+
-----END CERTIFICATE-----