Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/b8P-zjOwYGOoVtbEw3jy4PnUCBg.roa
File:                     b8P-zjOwYGOoVtbEw3jy4PnUCBg.roa (raw, json)
Hash identifier:          +vWjYFKZpamMfOeT7dDF+X+WoHoQZb3iux1QCW3Yz7o=
Subject key identifier:   6F:C3:FE:CE:33:B0:60:63:A8:56:D6:C4:C3:78:F2:E0:F9:D4:08:18
Certificate issuer:       /CN=7d15cfedb9aeab42bf8ac5b24cb1aeec2a660943
Certificate serial:       018D64FCF64FAE225767F63FE2D57BED0F10
Authority key identifier: 7D:15:CF:ED:B9:AE:AB:42:BF:8A:C5:B2:4C:B1:AE:EC:2A:66:09:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/b8P-zjOwYGOoVtbEw3jy4PnUCBg.roa
Signing time:             Thu 01 Feb 2024 14:05:16 +0000
ROA not before:           Thu 01 Feb 2024 14:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8851
IP address blocks:        194.207.0.0/19 maxlen: 19
                          2a00:4901::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:fc:f6:4f:ae:22:57:67:f6:3f:e2:d5:7b:ed:0f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d15cfedb9aeab42bf8ac5b24cb1aeec2a660943
        Validity
            Not Before: Feb  1 14:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc3fece33b06063a856d6c4c378f2e0f9d40818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:06:dc:33:4b:40:bd:a5:e4:06:e3:f3:7c:62:
                    bb:33:d7:e9:1f:38:ad:d7:9b:29:6e:59:90:3f:fe:
                    3c:90:55:00:fa:fb:71:3b:fb:90:52:fa:00:9e:42:
                    5c:64:4b:16:5c:8e:5f:f1:25:b0:e5:fd:a3:cb:ad:
                    4b:cc:5e:d5:13:a9:2f:d4:13:90:e0:18:75:3a:a2:
                    54:66:aa:a1:88:5e:b0:05:92:cd:ad:1d:55:cc:2a:
                    89:6a:13:71:92:9f:45:10:e9:0a:10:14:f4:3c:8b:
                    be:89:3e:ed:bb:88:b3:74:3d:c3:9f:d9:0b:46:d2:
                    51:7b:4e:c4:6a:86:64:11:bb:36:48:f1:fd:02:e1:
                    f4:1d:f8:69:cd:be:37:06:b1:16:2b:7a:aa:24:15:
                    2f:a0:3f:2f:0b:b6:cf:99:0c:9c:80:40:f2:29:e9:
                    b9:5a:1d:8f:fa:ec:ec:80:6a:85:ea:10:9d:5f:06:
                    8d:94:ad:78:ca:69:47:d8:14:c9:8e:fb:65:4d:39:
                    22:44:e3:c6:0e:ce:6d:a1:e7:8d:1c:53:78:d0:f2:
                    97:af:c8:96:b2:c4:1e:40:aa:43:2e:72:9c:cf:15:
                    ff:50:b6:a6:96:01:ea:a7:b4:c2:b3:e8:93:86:a8:
                    8e:3f:ec:c0:63:38:fd:d6:dd:61:57:51:5a:66:53:
                    71:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C3:FE:CE:33:B0:60:63:A8:56:D6:C4:C3:78:F2:E0:F9:D4:08:18
            X509v3 Authority Key Identifier:
                keyid:7D:15:CF:ED:B9:AE:AB:42:BF:8A:C5:B2:4C:B1:AE:EC:2A:66:09:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRXP7bmuq0K_isWyTLGu7CpmCUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/b8P-zjOwYGOoVtbEw3jy4PnUCBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ad6b73-0e8c-4a45-b6bb-42281f5518a9/1/fRXP7bmuq0K_isWyTLGu7CpmCUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.207.0.0/19
                IPv6:
                  2a00:4901::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:e7:3d:ae:6c:ea:a6:ca:34:20:ce:a5:0e:a1:fc:54:11:2b:
         02:92:c7:4f:94:a9:d8:37:c9:a1:66:b7:7b:0b:8f:4c:76:de:
         24:84:d1:16:84:04:18:34:69:cc:9c:8d:4a:a2:d1:6e:37:1b:
         a9:e5:45:a1:34:d2:9a:64:b5:aa:84:d3:46:ea:de:69:95:b2:
         a2:e0:e6:18:90:74:58:06:e6:09:40:b3:56:4f:45:2e:b1:28:
         65:fc:0f:de:3b:6a:38:8d:03:eb:0c:86:1e:bb:0a:f8:27:1d:
         0d:0f:27:4c:a3:9d:be:20:8d:4d:92:b6:1a:68:13:1c:ef:d9:
         e0:39:31:c5:d2:5f:cb:b4:d5:5e:ad:de:10:d7:ef:3c:e8:19:
         6f:73:ee:f4:cd:95:35:5c:19:43:a9:38:10:89:42:87:53:84:
         18:09:a0:13:99:3c:4e:f1:38:f8:2b:e2:7b:14:f2:8f:13:48:
         30:17:68:e3:af:17:3a:8f:0f:89:eb:4f:27:50:35:f5:d0:91:
         4e:b6:2e:4f:f2:62:47:91:50:5f:d2:34:96:25:21:40:8b:1b:
         fd:3c:27:90:66:7a:ad:af:8a:ac:68:a6:42:e5:fe:15:55:96:
         31:22:fd:11:e0:5e:f7:d1:c4:a4:1d:21:58:eb:e0:90:9f:61:
         3f:f6:05:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1k/PZPriJXZ/Y/4tV77Q8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTVjZmVkYjlhZWFiNDJiZjhhYzViMjRjYjFhZWVjMmE2
NjA5NDMwHhcNMjQwMjAxMTQwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMzZmVjZTMzYjA2MDYzYTg1NmQ2YzRjMzc4ZjJlMGY5ZDQwODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwbcM0tAvaXkBuPzfGK7M9fpHzit
15spblmQP/48kFUA+vtxO/uQUvoAnkJcZEsWXI5f8SWw5f2jy61LzF7VE6kv1BOQ
4Bh1OqJUZqqhiF6wBZLNrR1VzCqJahNxkp9FEOkKEBT0PIu+iT7tu4izdD3Dn9kL
RtJRe07EaoZkEbs2SPH9AuH0Hfhpzb43BrEWK3qqJBUvoD8vC7bPmQycgEDyKem5
Wh2P+uzsgGqF6hCdXwaNlK14ymlH2BTJjvtlTTkiROPGDs5toeeNHFN40PKXr8iW
ssQeQKpDLnKczxX/ULamlgHqp7TCs+iThqiOP+zAYzj91t1hV1FaZlNxiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG/D/s4zsGBjqFbWxMN48uD51AgYMB8GA1UdIwQY
MBaAFH0Vz+25rqtCv4rFskyxruwqZglDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJYUDdibXVxMEtfaXNXeVRMR3U3Q3BtQ1VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hZDZiNzMtMGU4Yy00YTQ1LWI2YmIt
NDIyODFmNTUxOGE5LzEvYjhQLXpqT3dZR09vVnRiRXczank0UG5VQ0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hZDZiNzMtMGU4Yy00YTQ1LWI2YmItNDIyODFmNTUxOGE5
LzEvZlJYUDdibXVxMEtfaXNXeVRMR3U3Q3BtQ1VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFws8AMA0E
AgACMAcDBQAqAEkBMA0GCSqGSIb3DQEBCwUAA4IBAQCb5z2ubOqmyjQgzqUOofxU
ESsCksdPlKnYN8mhZrd7C49Mdt4khNEWhAQYNGnMnI1KotFuNxup5UWhNNKaZLWq
hNNG6t5plbKi4OYYkHRYBuYJQLNWT0UusShl/A/eO2o4jQPrDIYeuwr4Jx0NDydM
o52+II1NkrYaaBMc79ngOTHF0l/LtNVerd4Q1+886Blvc+70zZU1XBlDqTgQiUKH
U4QYCaATmTxO8Tj4K+J7FPKPE0gwF2jjrxc6jw+J608nUDX10JFOti5P8mJHkVBf
0jSWJSFAixv9PCeQZnqtr4qsaKZC5f4VVZYxIv0R4F730cSkHSFY6+CQn2E/9gWT
-----END CERTIFICATE-----