Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/8tcgF35GkRrM-262SaTcEVPw6V8.roa
File:                     8tcgF35GkRrM-262SaTcEVPw6V8.roa (raw, json)
Hash identifier:          kzaKl3CSevmaOWEGbsoGhrMOOV/MJk3Rc5AXB3FnCMA=
Subject key identifier:   F2:D7:20:17:7E:46:91:1A:CC:FB:6E:B6:49:A4:DC:11:53:F0:E9:5F
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018ED3BEE5DE7B45A6D4F0AADDBD4AEBEE9A
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/8tcgF35GkRrM-262SaTcEVPw6V8.roa
Signing time:             Fri 12 Apr 2024 19:18:07 +0000
ROA not before:           Fri 12 Apr 2024 19:18:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58294
IP address blocks:        185.81.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d3:be:e5:de:7b:45:a6:d4:f0:aa:dd:bd:4a:eb:ee:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Apr 12 19:18:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2d720177e46911accfb6eb649a4dc1153f0e95f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e5:25:cb:f4:59:c8:69:40:80:0a:65:ab:8e:
                    dc:a5:b9:ec:ba:e1:c0:ce:32:67:4f:09:94:8d:71:
                    0e:2f:1b:c3:9c:75:02:0d:11:12:56:b3:ca:1e:fd:
                    92:86:5a:37:48:fe:e4:31:ad:86:74:5f:b4:5f:64:
                    3c:f2:9d:b2:a8:3f:54:41:8e:53:39:f3:41:d2:51:
                    8e:2f:0c:07:3a:cf:52:0a:7e:d2:dd:2f:c7:a3:d6:
                    55:85:8a:06:6a:eb:db:a0:3b:0d:6c:06:88:3d:16:
                    b1:52:22:53:ce:6a:ab:37:9a:90:cc:d8:10:2a:3c:
                    90:58:6e:05:f4:b1:5c:03:18:22:09:76:7f:34:0c:
                    dd:61:1c:99:9c:1f:bf:38:01:3b:28:ff:5c:81:f2:
                    9c:51:2f:61:8b:e0:29:74:3a:3e:ce:44:5e:2e:4b:
                    c4:2d:49:f2:c0:38:79:90:40:13:f2:d2:19:ee:1d:
                    00:00:55:00:4d:84:64:b0:ea:54:47:49:75:b4:bc:
                    54:f5:63:c4:a9:cd:51:e8:d2:20:8c:4f:74:6c:3e:
                    b0:3a:db:57:62:db:90:76:15:7b:8d:47:08:74:f2:
                    49:78:e1:41:56:ff:3f:5b:6e:2d:94:39:a9:78:9e:
                    5d:9e:50:41:58:99:a2:65:39:66:bf:d1:01:0d:b8:
                    37:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D7:20:17:7E:46:91:1A:CC:FB:6E:B6:49:A4:DC:11:53:F0:E9:5F
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/8tcgF35GkRrM-262SaTcEVPw6V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:b5:ce:03:d5:21:72:46:15:33:bf:32:3a:bf:7c:29:e1:b2:
         d8:7b:13:25:e5:fe:58:42:d0:05:cf:f4:1d:fa:94:e4:f5:9c:
         cf:dc:49:a7:3c:ed:70:6e:92:4b:70:0c:ce:52:5d:00:12:0e:
         6c:7a:72:8a:48:1a:a6:e6:3c:45:b6:78:98:19:e7:2c:9b:81:
         84:78:98:d7:a1:f9:9b:f9:93:ec:4e:d4:b7:b5:fc:ad:6a:92:
         cf:aa:56:2f:61:2d:96:6f:ff:16:16:73:04:54:ff:a3:ea:61:
         77:39:d4:e9:26:ff:a0:22:d6:ce:93:03:73:af:52:b8:18:bc:
         2a:1e:ee:79:93:a6:02:cd:97:75:73:01:c8:ed:b4:ec:38:69:
         37:98:94:14:c2:68:cc:5d:fe:5f:77:71:4f:ee:8e:8b:23:d4:
         e0:c1:d5:21:67:7a:81:86:65:62:48:d7:95:0f:c2:f4:0b:52:
         4d:b6:c5:84:a0:10:1e:89:0d:3d:cf:92:7c:02:09:4c:33:9b:
         d0:0a:e0:2b:87:91:e4:67:21:49:dc:78:fb:1c:65:e0:1c:d2:
         54:df:51:3e:08:4e:c6:22:27:88:e6:83:c1:b8:db:f5:91:f5:
         f5:2c:7a:15:fe:c4:2e:bd:b8:24:74:45:8b:82:11:de:9a:a8:
         d3:0a:4a:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7TvuXee0Wm1PCq3b1K6+6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwNDEyMTkxODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQ3MjAxNzdlNDY5MTFhY2NmYjZlYjY0OWE0ZGMxMTUzZjBlOTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOUly/RZyGlAgAplq47cpbnsuuHA
zjJnTwmUjXEOLxvDnHUCDRESVrPKHv2Shlo3SP7kMa2GdF+0X2Q88p2yqD9UQY5T
OfNB0lGOLwwHOs9SCn7S3S/Ho9ZVhYoGauvboDsNbAaIPRaxUiJTzmqrN5qQzNgQ
KjyQWG4F9LFcAxgiCXZ/NAzdYRyZnB+/OAE7KP9cgfKcUS9hi+ApdDo+zkReLkvE
LUnywDh5kEAT8tIZ7h0AAFUATYRksOpUR0l1tLxU9WPEqc1R6NIgjE90bD6wOttX
YtuQdhV7jUcIdPJJeOFBVv8/W24tlDmpeJ5dnlBBWJmiZTlmv9EBDbg3OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLXIBd+RpEazPtutkmk3BFT8OlfMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvOHRjZ0YzNUdrUnJNLTI2MlNhVGNFVlB3NlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVHZMA0G
CSqGSIb3DQEBCwUAA4IBAQDKtc4D1SFyRhUzvzI6v3wp4bLYexMl5f5YQtAFz/Qd
+pTk9ZzP3EmnPO1wbpJLcAzOUl0AEg5senKKSBqm5jxFtniYGecsm4GEeJjXofmb
+ZPsTtS3tfytapLPqlYvYS2Wb/8WFnMEVP+j6mF3OdTpJv+gItbOkwNzr1K4GLwq
Hu55k6YCzZd1cwHI7bTsOGk3mJQUwmjMXf5fd3FP7o6LI9TgwdUhZ3qBhmViSNeV
D8L0C1JNtsWEoBAeiQ09z5J8AglMM5vQCuArh5HkZyFJ3Hj7HGXgHNJU31E+CE7G
IieI5oPBuNv1kfX1LHoV/sQuvbgkdEWLghHemqjTCkr/
-----END CERTIFICATE-----