Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/8Bp7HBxI3xmvueezCoGIzkeS1a8.roa
File:                     8Bp7HBxI3xmvueezCoGIzkeS1a8.roa (raw, json)
Hash identifier:          kWb2UwXKiQRgptLU76HQVMZ+FbM72f71URGNB1ssOls=
Subject key identifier:   F0:1A:7B:1C:1C:48:DF:19:AF:B9:E7:B3:0A:81:88:CE:47:92:D5:AF
Certificate issuer:       /CN=400f2ea157bbb53ab026011ace5cd1360ef2f77d
Certificate serial:       018CC86F736D991C127961CFC5FC0399A663
Authority key identifier: 40:0F:2E:A1:57:BB:B5:3A:B0:26:01:1A:CE:5C:D1:36:0E:F2:F7:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QA8uoVe7tTqwJgEazlzRNg7y930.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/8Bp7HBxI3xmvueezCoGIzkeS1a8.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        91.223.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/QA8uoVe7tTqwJgEazlzRNg7y930.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/QA8uoVe7tTqwJgEazlzRNg7y930.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QA8uoVe7tTqwJgEazlzRNg7y930.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:73:6d:99:1c:12:79:61:cf:c5:fc:03:99:a6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=400f2ea157bbb53ab026011ace5cd1360ef2f77d
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f01a7b1c1c48df19afb9e7b30a8188ce4792d5af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:77:b1:8e:76:88:1b:9c:d7:ab:c2:03:1b:dc:
                    1f:c0:0b:3c:4f:61:35:b5:90:28:87:11:44:67:12:
                    c1:02:7a:28:ea:67:8e:12:4e:11:00:f1:0a:63:37:
                    9d:d6:03:59:71:2b:17:dc:31:10:9f:14:a9:65:db:
                    2e:6c:e7:55:0e:d9:8a:9e:07:63:03:74:45:fa:3d:
                    22:8f:09:15:a7:74:52:41:04:aa:1a:ec:aa:18:57:
                    b0:ee:82:5e:ef:65:89:75:41:e1:27:ac:91:c5:30:
                    79:e0:19:2b:0e:2e:9f:19:0f:47:87:23:d2:44:32:
                    48:0d:25:ed:a7:ac:f8:8c:9f:b8:e5:26:e7:8b:47:
                    ff:30:ed:5b:92:a9:be:74:de:d0:7f:4f:ea:78:d5:
                    dc:21:d3:41:82:67:c6:74:a3:8a:ec:a0:9a:4e:7b:
                    62:cb:f2:3d:ee:0d:eb:9a:2f:57:ab:38:e7:5c:b4:
                    0e:16:4b:c8:86:64:1f:fa:04:ba:5b:ae:98:12:76:
                    32:3d:f6:fc:65:c4:d5:af:f1:5f:86:27:68:7f:ef:
                    e6:a8:b4:17:b9:98:36:4a:52:50:d3:65:de:8e:c5:
                    18:97:d7:57:03:1d:5c:a2:59:b2:f5:d7:89:6c:1b:
                    16:64:9c:d0:81:0d:ea:f3:8c:de:56:87:a7:31:40:
                    73:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1A:7B:1C:1C:48:DF:19:AF:B9:E7:B3:0A:81:88:CE:47:92:D5:AF
            X509v3 Authority Key Identifier:
                keyid:40:0F:2E:A1:57:BB:B5:3A:B0:26:01:1A:CE:5C:D1:36:0E:F2:F7:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QA8uoVe7tTqwJgEazlzRNg7y930.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/8Bp7HBxI3xmvueezCoGIzkeS1a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4bfd56-880d-499b-8724-d7971f1e599d/1/QA8uoVe7tTqwJgEazlzRNg7y930.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b1:ee:ee:bc:eb:ae:de:bf:f2:36:46:20:25:f5:19:ef:a4:
         1f:bd:17:81:c4:ab:a1:b9:57:ca:67:e3:5a:d1:48:80:ec:9b:
         43:7c:84:de:77:dc:53:d5:45:71:aa:5f:15:6e:f8:78:0d:02:
         1c:40:46:fc:27:df:2f:d4:c9:2f:c6:98:81:56:f0:42:a4:86:
         47:56:d2:5e:4d:93:27:f9:07:ae:2a:47:76:fe:26:b0:ad:cf:
         29:56:5d:23:21:e1:ef:15:f1:de:71:b9:0c:e4:43:02:c5:ba:
         b3:15:bb:09:c5:f9:b0:56:03:da:8d:d2:e8:55:95:96:4c:5a:
         ac:97:7f:64:cd:c2:20:55:e9:53:d2:e0:03:fd:08:f1:4d:c1:
         1a:e3:94:ec:81:09:5b:c3:0f:87:30:5e:d3:4e:11:5e:79:b5:
         d8:68:a9:31:97:a9:d9:b4:71:48:af:44:2f:ea:13:00:f8:48:
         77:7e:ff:bc:f5:75:b9:11:93:6b:cd:02:ad:13:98:1b:29:b3:
         23:79:2e:03:8a:80:9d:08:7b:36:f7:c4:ae:37:6d:65:a2:18:
         7c:86:51:69:35:f8:a8:a7:e9:0c:08:e8:1b:c8:2b:ea:41:d5:
         c2:73:67:2c:89:ef:e3:0f:50:19:67:2e:df:6b:cf:5e:ab:69:
         be:3e:32:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3NtmRwSeWHPxfwDmaZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMGYyZWExNTdiYmI1M2FiMDI2MDExYWNlNWNkMTM2MGVm
MmY3N2QwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDFhN2IxYzFjNDhkZjE5YWZiOWU3YjMwYTgxODhjZTQ3OTJkNWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnexjnaIG5zXq8IDG9wfwAs8T2E1
tZAohxFEZxLBAnoo6meOEk4RAPEKYzed1gNZcSsX3DEQnxSpZdsubOdVDtmKngdj
A3RF+j0ijwkVp3RSQQSqGuyqGFew7oJe72WJdUHhJ6yRxTB54BkrDi6fGQ9HhyPS
RDJIDSXtp6z4jJ+45Sbni0f/MO1bkqm+dN7Qf0/qeNXcIdNBgmfGdKOK7KCaTnti
y/I97g3rmi9XqzjnXLQOFkvIhmQf+gS6W66YEnYyPfb8ZcTVr/Ffhidof+/mqLQX
uZg2SlJQ02XejsUYl9dXAx1colmy9deJbBsWZJzQgQ3q84zeVoenMUBzhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAaexwcSN8Zr7nnswqBiM5HktWvMB8GA1UdIwQY
MBaAFEAPLqFXu7U6sCYBGs5c0TYO8vd9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUE4dW9WZTd0VHF3SmdFYXpselJOZzd5OTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80YmZkNTYtODgwZC00OTliLTg3MjQt
ZDc5NzFmMWU1OTlkLzEvOEJwN0hCeEkzeG12dWVlekNvR0l6a2VTMWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80YmZkNTYtODgwZC00OTliLTg3MjQtZDc5NzFmMWU1OTlk
LzEvUUE4dW9WZTd0VHF3SmdFYXpselJOZzd5OTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98jMA0G
CSqGSIb3DQEBCwUAA4IBAQBsse7uvOuu3r/yNkYgJfUZ76QfvReBxKuhuVfKZ+Na
0UiA7JtDfITed9xT1UVxql8Vbvh4DQIcQEb8J98v1MkvxpiBVvBCpIZHVtJeTZMn
+QeuKkd2/iawrc8pVl0jIeHvFfHecbkM5EMCxbqzFbsJxfmwVgPajdLoVZWWTFqs
l39kzcIgVelT0uAD/QjxTcEa45TsgQlbww+HMF7TThFeebXYaKkxl6nZtHFIr0Qv
6hMA+Eh3fv+89XW5EZNrzQKtE5gbKbMjeS4DioCdCHs298SuN21lohh8hlFpNfio
p+kMCOgbyCvqQdXCc2csie/jD1AZZy7fa89eq2m+PjIc
-----END CERTIFICATE-----