Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/8AsrqIqLmJW9k47Jua1RkdFp9B8.roa
File:                     8AsrqIqLmJW9k47Jua1RkdFp9B8.roa (raw, json)
Hash identifier:          Fwqf3pzyWNosdkkhvuNWxzniXmMzERCJ9iz1JP6ws+E=
Subject key identifier:   F0:0B:2B:A8:8A:8B:98:95:BD:93:8E:C9:B9:AD:51:91:D1:69:F4:1F
Certificate issuer:       /CN=e5164534979e60a564701232b2e5200889542606
Certificate serial:       018CC3492C94C756606E4ED8D470E1612F71
Authority key identifier: E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/8AsrqIqLmJW9k47Jua1RkdFp9B8.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31416
IP address blocks:        2a00:18f8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2c:94:c7:56:60:6e:4e:d8:d4:70:e1:61:2f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5164534979e60a564701232b2e5200889542606
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f00b2ba88a8b9895bd938ec9b9ad5191d169f41f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a9:ed:19:90:b3:a9:ea:f6:1a:03:69:79:62:
                    3e:d3:e3:da:1a:15:9e:03:69:75:14:27:79:11:83:
                    37:39:2a:d9:21:7f:6c:77:44:7f:6d:91:2b:c4:6b:
                    0f:b9:19:33:74:c3:3f:26:11:a1:25:97:e2:56:94:
                    4d:74:17:8b:3b:97:94:b8:b8:9c:cf:bf:2b:19:f0:
                    7d:4e:05:f5:f9:2d:c7:fe:99:e3:8e:0d:8a:66:5f:
                    a8:3c:97:19:80:6c:bc:3b:86:54:b2:5a:32:2d:97:
                    fe:a8:fd:f7:91:f1:7d:ce:78:89:66:cb:8b:d4:6e:
                    c0:d8:6f:77:e0:ba:2a:6a:81:0e:6a:0d:2b:cf:e4:
                    4e:ad:c2:ce:d0:c5:b6:11:3a:21:35:68:16:ea:02:
                    75:8e:d5:a4:3b:2f:f4:c4:c4:4e:8f:7d:38:e9:f4:
                    73:aa:06:78:3b:c1:fa:12:c6:c1:4e:29:62:82:40:
                    72:41:8a:db:9c:7e:25:85:0a:58:52:f7:15:3c:80:
                    72:e7:20:25:8e:61:50:48:99:12:1c:2a:73:12:0d:
                    dd:3d:73:46:9c:84:6e:11:19:3a:ca:7c:ce:55:51:
                    a2:31:10:0f:3e:8c:7c:ef:3d:45:6d:e0:62:08:2b:
                    8a:e4:83:ea:0b:46:c6:d9:94:e7:38:d6:9b:0a:e2:
                    b0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:0B:2B:A8:8A:8B:98:95:BD:93:8E:C9:B9:AD:51:91:D1:69:F4:1F
            X509v3 Authority Key Identifier:
                keyid:E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/8AsrqIqLmJW9k47Jua1RkdFp9B8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:18f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:61:74:89:2b:98:e7:37:e8:3c:f2:b1:48:bd:95:4d:2d:e2:
         25:10:e2:f9:29:a0:4a:27:57:84:0f:66:4c:48:01:77:59:fc:
         78:23:4a:9c:06:4d:e5:f4:6b:a6:89:95:6e:e5:4d:23:72:96:
         b7:be:11:34:6e:d7:79:bc:81:47:9d:5d:e8:69:a1:6d:33:ed:
         71:5f:56:de:f7:2a:ba:a2:d8:6c:80:34:17:42:14:d4:12:9d:
         0c:a7:15:60:e7:6b:4e:93:85:96:a9:52:b4:e8:ae:23:10:a3:
         7d:e3:f8:8b:f2:af:1b:6b:53:dc:67:d0:cf:9f:b3:af:2f:71:
         c3:46:75:e9:9d:a7:71:4c:60:f4:b5:ac:14:c6:e4:4d:a5:b3:
         69:1c:39:d6:a5:a1:fe:46:6b:cf:b1:bf:89:f1:45:09:bd:07:
         fd:b8:e5:ee:97:8d:54:4d:93:f9:2d:5b:78:e3:8b:22:53:3f:
         80:ea:1f:fa:38:b5:4f:14:e0:74:d6:7c:8c:d3:e8:e1:20:66:
         f4:46:1f:1d:33:01:17:94:29:39:70:18:14:d0:75:f8:93:cb:
         23:32:09:ed:d4:df:cd:ec:a2:5d:e9:f6:af:00:0e:01:af:98:
         91:fd:73:6c:1a:c4:c9:50:85:f0:11:e5:a6:a9:ab:5b:97:4b:
         03:75:12:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSSyUx1Zgbk7Y1HDhYS9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MTY0NTM0OTc5ZTYwYTU2NDcwMTIzMmIyZTUyMDA4ODk1
NDI2MDYwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDBiMmJhODhhOGI5ODk1YmQ5MzhlYzliOWFkNTE5MWQxNjlmNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKntGZCzqer2GgNpeWI+0+PaGhWe
A2l1FCd5EYM3OSrZIX9sd0R/bZErxGsPuRkzdMM/JhGhJZfiVpRNdBeLO5eUuLic
z78rGfB9TgX1+S3H/pnjjg2KZl+oPJcZgGy8O4ZUsloyLZf+qP33kfF9zniJZsuL
1G7A2G934LoqaoEOag0rz+ROrcLO0MW2ETohNWgW6gJ1jtWkOy/0xMROj3046fRz
qgZ4O8H6EsbBTiligkByQYrbnH4lhQpYUvcVPIBy5yAljmFQSJkSHCpzEg3dPXNG
nIRuERk6ynzOVVGiMRAPPox87z1FbeBiCCuK5IPqC0bG2ZTnONabCuKwjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPALK6iKi5iVvZOOybmtUZHRafQfMB8GA1UdIwQY
MBaAFOUWRTSXnmClZHASMrLlIAiJVCYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEt
ZDFlZWIyOWM5NTFiLzEvOEFzcnFJcUxtSlc5azQ3SnVhMVJrZEZwOUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEtZDFlZWIyOWM5NTFi
LzEvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAY+DAN
BgkqhkiG9w0BAQsFAAOCAQEApGF0iSuY5zfoPPKxSL2VTS3iJRDi+SmgSidXhA9m
TEgBd1n8eCNKnAZN5fRrpomVbuVNI3KWt74RNG7XebyBR51d6GmhbTPtcV9W3vcq
uqLYbIA0F0IU1BKdDKcVYOdrTpOFlqlStOiuIxCjfeP4i/KvG2tT3GfQz5+zry9x
w0Z16Z2ncUxg9LWsFMbkTaWzaRw51qWh/kZrz7G/ifFFCb0H/bjl7peNVE2T+S1b
eOOLIlM/gOof+ji1TxTgdNZ8jNPo4SBm9EYfHTMBF5QpOXAYFNB1+JPLIzIJ7dTf
zeyiXen2rwAOAa+Ykf1zbBrEyVCF8BHlpqmrW5dLA3US2w==
-----END CERTIFICATE-----