Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/J6ob4qLDTBHq0B8WD1EHKMOj4gk.roa
File:                     J6ob4qLDTBHq0B8WD1EHKMOj4gk.roa (raw, json)
Hash identifier:          57UjxKjGGN9EUVEfBvR4Etnf/Xv+MeSSOoixhR+OvJI=
Subject key identifier:   27:AA:1B:E2:A2:C3:4C:11:EA:D0:1F:16:0F:51:07:28:C3:A3:E2:09
Certificate issuer:       /CN=8a8d19ad31c84a74856b0a6b3cc100e47a2b2aac
Certificate serial:       018CC94CFD0B88EEE2682EC11E71AB101CBF
Authority key identifier: 8A:8D:19:AD:31:C8:4A:74:85:6B:0A:6B:3C:C1:00:E4:7A:2B:2A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/io0ZrTHISnSFawprPMEA5HorKqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/J6ob4qLDTBHq0B8WD1EHKMOj4gk.roa
Signing time:             Tue 02 Jan 2024 08:31:54 +0000
ROA not before:           Tue 02 Jan 2024 08:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        185.163.64.0/22 maxlen: 22
                          2a0a:7400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/io0ZrTHISnSFawprPMEA5HorKqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/io0ZrTHISnSFawprPMEA5HorKqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/io0ZrTHISnSFawprPMEA5HorKqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:fd:0b:88:ee:e2:68:2e:c1:1e:71:ab:10:1c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a8d19ad31c84a74856b0a6b3cc100e47a2b2aac
        Validity
            Not Before: Jan  2 08:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27aa1be2a2c34c11ead01f160f510728c3a3e209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4c:46:9b:c5:6c:dd:30:a3:52:e8:ec:4c:c9:
                    ae:c6:2e:4e:92:94:09:76:9b:96:25:32:d9:0d:2a:
                    23:8b:55:92:b3:b4:98:f3:a4:d0:41:94:2c:59:a2:
                    b6:22:80:a0:9a:52:4e:ae:71:ed:04:b8:b2:95:58:
                    01:d9:c7:60:04:24:bf:34:08:82:d5:76:3e:7b:ed:
                    78:80:10:3e:99:2d:7e:b9:b7:97:12:b2:84:70:ba:
                    25:e6:ba:27:fe:0d:d8:78:4c:e3:a6:5f:4c:0e:4f:
                    50:52:e2:50:b0:98:81:04:de:b7:06:79:b1:e7:ec:
                    4e:2c:2b:f0:1c:0a:2c:75:31:6f:17:e8:a9:f6:ad:
                    a4:ae:db:2a:7f:ff:f4:c4:4e:fe:18:0b:97:0c:52:
                    cd:13:2d:42:f9:6a:93:6d:aa:c4:19:b8:86:33:cc:
                    cb:17:1b:93:51:27:f1:7a:9c:04:07:64:33:34:ab:
                    4d:41:29:1c:f3:96:a1:07:10:d0:5a:f0:ef:aa:e7:
                    6d:0c:26:93:04:cc:b5:51:59:6e:41:d3:e1:cf:48:
                    5e:77:8b:73:4e:fb:52:a6:09:e8:b3:25:af:0b:bf:
                    59:ec:d1:ab:ec:98:6c:53:19:4f:80:7f:8c:95:81:
                    1f:76:96:77:40:eb:7e:a7:1c:f9:23:ef:18:ca:68:
                    e3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AA:1B:E2:A2:C3:4C:11:EA:D0:1F:16:0F:51:07:28:C3:A3:E2:09
            X509v3 Authority Key Identifier:
                keyid:8A:8D:19:AD:31:C8:4A:74:85:6B:0A:6B:3C:C1:00:E4:7A:2B:2A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/io0ZrTHISnSFawprPMEA5HorKqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/J6ob4qLDTBHq0B8WD1EHKMOj4gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ff63a8-974c-4ccc-8cd8-24023403bb0c/1/io0ZrTHISnSFawprPMEA5HorKqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.64.0/22
                IPv6:
                  2a0a:7400::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:3e:6a:f4:77:10:2a:1b:91:18:4d:ee:90:f7:61:b9:96:ea:
         f9:05:87:7d:58:63:ed:34:be:c0:ec:20:9c:a5:4d:69:76:5e:
         34:8b:b8:ef:1b:2d:6a:21:b7:c5:1f:e2:90:47:bc:09:4e:03:
         bc:69:82:8c:e2:38:f7:7d:a0:db:22:f2:ef:a6:54:35:95:ba:
         6e:53:f4:d5:8b:b5:ca:bd:21:b7:d4:e5:b0:d0:12:0a:2e:11:
         d3:68:8b:e4:85:ee:ed:ea:b3:76:e1:e8:17:a1:58:ee:fa:35:
         c1:59:c4:1a:2e:f8:32:31:51:ca:50:cf:e7:24:cb:83:12:a0:
         56:52:00:96:0f:1f:f1:b8:23:7b:8c:1b:8e:04:e0:41:a4:fa:
         26:b1:2b:59:31:8b:6a:84:59:40:f4:93:a7:96:e0:93:12:fd:
         0e:60:2f:af:da:4d:2c:30:49:6a:b8:9a:c1:2c:60:15:66:1b:
         d7:d0:8c:01:05:75:5e:e9:ef:55:a0:79:5d:65:24:a8:f3:86:
         34:f5:c8:b1:90:a9:6d:42:66:50:fc:4e:0a:11:d7:66:89:d1:
         0a:28:f2:e7:70:cc:d2:5e:aa:93:2d:2f:72:b6:19:ca:c8:97:
         19:ba:e6:22:59:12:a6:96:23:18:06:ca:df:45:2c:20:77:95:
         f3:59:54:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTP0LiO7iaC7BHnGrEBy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhOGQxOWFkMzFjODRhNzQ4NTZiMGE2YjNjYzEwMGU0N2Ey
YjJhYWMwHhcNMjQwMTAyMDgzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2FhMWJlMmEyYzM0YzExZWFkMDFmMTYwZjUxMDcyOGMzYTNlMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhExGm8Vs3TCjUujsTMmuxi5OkpQJ
dpuWJTLZDSoji1WSs7SY86TQQZQsWaK2IoCgmlJOrnHtBLiylVgB2cdgBCS/NAiC
1XY+e+14gBA+mS1+ubeXErKEcLol5ron/g3YeEzjpl9MDk9QUuJQsJiBBN63Bnmx
5+xOLCvwHAosdTFvF+ip9q2krtsqf//0xE7+GAuXDFLNEy1C+WqTbarEGbiGM8zL
FxuTUSfxepwEB2QzNKtNQSkc85ahBxDQWvDvqudtDCaTBMy1UVluQdPhz0hed4tz
TvtSpgnosyWvC79Z7NGr7JhsUxlPgH+MlYEfdpZ3QOt+pxz5I+8YymjjnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCeqG+Kiw0wR6tAfFg9RByjDo+IJMB8GA1UdIwQY
MBaAFIqNGa0xyEp0hWsKazzBAOR6KyqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW8wWnJUSElTblNGYXdwclBNRUE1SG9yS3F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mZjYzYTgtOTc0Yy00Y2NjLThjZDgt
MjQwMjM0MDNiYjBjLzEvSjZvYjRxTERUQkhxMEI4V0QxRUhLTU9qNGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mZjYzYTgtOTc0Yy00Y2NjLThjZDgtMjQwMjM0MDNiYjBj
LzEvaW8wWnJUSElTblNGYXdwclBNRUE1SG9yS3F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaNAMA0E
AgACMAcDBQMqCnQAMA0GCSqGSIb3DQEBCwUAA4IBAQBsPmr0dxAqG5EYTe6Q92G5
lur5BYd9WGPtNL7A7CCcpU1pdl40i7jvGy1qIbfFH+KQR7wJTgO8aYKM4jj3faDb
IvLvplQ1lbpuU/TVi7XKvSG31OWw0BIKLhHTaIvkhe7t6rN24egXoVju+jXBWcQa
LvgyMVHKUM/nJMuDEqBWUgCWDx/xuCN7jBuOBOBBpPomsStZMYtqhFlA9JOnluCT
Ev0OYC+v2k0sMElquJrBLGAVZhvX0IwBBXVe6e9VoHldZSSo84Y09cixkKltQmZQ
/E4KEddmidEKKPLncMzSXqqTLS9ythnKyJcZuuYiWRKmliMYBsrfRSwgd5XzWVS2
-----END CERTIFICATE-----