Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/yZ_lG1hkpr0P8HmB0kenOP3qqX8.roa
File:                     yZ_lG1hkpr0P8HmB0kenOP3qqX8.roa (raw, json)
Hash identifier:          gg7kAED5djYS89MIi/RmdyLx9vDouGJK2mlm1MQRNU8=
Subject key identifier:   C9:9F:E5:1B:58:64:A6:BD:0F:F0:79:81:D2:47:A7:38:FD:EA:A9:7F
Certificate issuer:       /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial:       018CC7958516EEEB279CBFEBE24222269393
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/yZ_lG1hkpr0P8HmB0kenOP3qqX8.roa
Signing time:             Tue 02 Jan 2024 00:31:53 +0000
ROA not before:           Tue 02 Jan 2024 00:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204653
IP address blocks:        212.80.177.0/24 maxlen: 24
                          185.123.120.0/23 maxlen: 23
                          185.123.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:85:16:ee:eb:27:9c:bf:eb:e2:42:22:26:93:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
        Validity
            Not Before: Jan  2 00:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c99fe51b5864a6bd0ff07981d247a738fdeaa97f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:84:e0:fa:cb:0d:ba:56:d9:bd:f4:46:df:62:
                    0a:ef:62:dd:8a:3a:06:67:2e:38:e5:71:f4:c9:f0:
                    71:a6:cd:ef:f4:83:4e:00:5e:e1:25:1d:1a:a3:00:
                    a7:29:ce:9e:05:d0:b9:c1:ba:9f:1a:48:7c:ed:10:
                    dc:4e:55:84:ce:fc:77:70:a6:03:d6:36:b8:c1:b0:
                    b2:cb:03:d3:8c:10:a3:00:4e:85:e4:fe:2b:33:c1:
                    70:11:4d:29:56:d4:9d:3d:4a:fb:e4:9e:7d:96:4c:
                    85:65:26:35:7b:f7:51:54:96:92:b7:a3:66:c2:72:
                    65:fe:8c:5b:94:6d:07:69:73:b7:a8:d3:d8:5b:03:
                    bb:19:44:a6:65:c1:77:82:11:d4:72:db:6b:f3:8c:
                    49:8a:10:09:96:87:94:b0:dc:19:61:27:54:ee:f9:
                    03:c1:c8:14:ff:e0:cb:5e:e6:7c:5f:df:a9:c5:a6:
                    11:13:b2:8a:a8:51:6f:97:ad:d6:b5:74:44:19:71:
                    aa:a3:ad:57:13:88:d4:2f:d4:ce:0d:05:41:bb:92:
                    33:3b:39:cc:b5:28:a1:8b:d2:6a:b4:91:cf:ff:61:
                    58:71:3c:23:79:15:e8:84:aa:13:0b:66:c1:be:1a:
                    07:b4:47:bc:42:42:00:9e:0c:0e:04:c9:0c:70:71:
                    d9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9F:E5:1B:58:64:A6:BD:0F:F0:79:81:D2:47:A7:38:FD:EA:A9:7F
            X509v3 Authority Key Identifier:
                keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/yZ_lG1hkpr0P8HmB0kenOP3qqX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.120.0/23
                  212.80.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:8a:21:86:64:82:f3:d8:f1:4f:50:b6:40:5c:48:95:9b:d2:
         5b:9a:8a:97:ff:be:be:54:d4:83:18:86:b3:60:e2:65:6b:7d:
         3d:6e:d1:05:19:b7:b7:b7:26:24:a2:5d:1b:18:c6:5d:1d:1e:
         cc:6e:7c:0c:99:d7:f8:b4:74:7c:45:91:26:e6:d5:a7:95:de:
         12:4f:38:48:6c:e9:f8:bf:00:10:36:5d:fd:21:c2:97:11:8c:
         b6:42:67:1a:3c:44:49:94:81:e9:92:c6:8d:5f:8a:5f:c4:84:
         38:bc:55:bf:bc:d2:2a:86:34:12:d2:c0:d9:78:ce:56:a2:72:
         a3:3a:f3:8c:0a:db:d0:4f:98:c0:d3:77:59:03:3b:1f:a7:25:
         1b:73:55:13:c7:d0:99:87:04:16:cd:6b:fd:9b:a0:37:79:1e:
         3c:40:66:b8:c9:8d:0e:35:fa:6e:42:33:c0:4b:b1:ab:3a:f0:
         be:73:d6:c8:b2:6a:23:70:c4:fc:6d:4b:06:ba:ae:f2:40:d9:
         a5:81:d3:5c:e0:e0:a3:88:22:f4:91:d8:e0:8e:c0:af:8e:3c:
         7c:55:fb:7d:8a:45:1c:a9:af:df:5e:dc:21:02:68:39:51:4f:
         e8:cd:e8:48:a9:39:2b:16:23:ff:61:4b:27:32:99:12:20:88:
         fc:74:a2:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlYUW7usnnL/r4kIiJpOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjQwMTAyMDAzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTlmZTUxYjU4NjRhNmJkMGZmMDc5ODFkMjQ3YTczOGZkZWFhOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlITg+ssNulbZvfRG32IK72LdijoG
Zy445XH0yfBxps3v9INOAF7hJR0aowCnKc6eBdC5wbqfGkh87RDcTlWEzvx3cKYD
1ja4wbCyywPTjBCjAE6F5P4rM8FwEU0pVtSdPUr75J59lkyFZSY1e/dRVJaSt6Nm
wnJl/oxblG0HaXO3qNPYWwO7GUSmZcF3ghHUcttr84xJihAJloeUsNwZYSdU7vkD
wcgU/+DLXuZ8X9+pxaYRE7KKqFFvl63WtXREGXGqo61XE4jUL9TODQVBu5IzOznM
tSihi9JqtJHP/2FYcTwjeRXohKoTC2bBvhoHtEe8QkIAngwOBMkMcHHZawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMmf5RtYZKa9D/B5gdJHpzj96ql/MB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEveVpfbEcxaGtwcjBQOEhtQjBrZW5PUDNxcVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuXt4AwQA
1FCxMA0GCSqGSIb3DQEBCwUAA4IBAQDaiiGGZILz2PFPULZAXEiVm9JbmoqX/76+
VNSDGIazYOJla309btEFGbe3tyYkol0bGMZdHR7MbnwMmdf4tHR8RZEm5tWnld4S
TzhIbOn4vwAQNl39IcKXEYy2QmcaPERJlIHpksaNX4pfxIQ4vFW/vNIqhjQS0sDZ
eM5WonKjOvOMCtvQT5jA03dZAzsfpyUbc1UTx9CZhwQWzWv9m6A3eR48QGa4yY0O
NfpuQjPAS7GrOvC+c9bIsmojcMT8bUsGuq7yQNmlgdNc4OCjiCL0kdjgjsCvjjx8
Vft9ikUcqa/fXtwhAmg5UU/ozehIqTkrFiP/YUsnMpkSIIj8dKI+
-----END CERTIFICATE-----