Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/8GhYJJprN0icSYpwHyeNF8XGMNo.roa
File:                     8GhYJJprN0icSYpwHyeNF8XGMNo.roa (raw, json)
Hash identifier:          aFrgeSxfAWnw9G8w+/7KHpGPMvc4ZqHQrZ5ddkRGfD0=
Subject key identifier:   F0:68:58:24:9A:6B:37:48:9C:49:8A:70:1F:27:8D:17:C5:C6:30:DA
Certificate issuer:       /CN=ac94a3691064803d863060230a660f2305eec2e7
Certificate serial:       018CC56EE66567A310D41B38E46150EEB961
Authority key identifier: AC:94:A3:69:10:64:80:3D:86:30:60:23:0A:66:0F:23:05:EE:C2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJSjaRBkgD2GMGAjCmYPIwXuwuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/8GhYJJprN0icSYpwHyeNF8XGMNo.roa
Signing time:             Mon 01 Jan 2024 14:30:28 +0000
ROA not before:           Mon 01 Jan 2024 14:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1715
IP address blocks:        140.93.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/rJSjaRBkgD2GMGAjCmYPIwXuwuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/rJSjaRBkgD2GMGAjCmYPIwXuwuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJSjaRBkgD2GMGAjCmYPIwXuwuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e6:65:67:a3:10:d4:1b:38:e4:61:50:ee:b9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac94a3691064803d863060230a660f2305eec2e7
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f06858249a6b37489c498a701f278d17c5c630da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d9:01:49:90:39:fe:57:69:15:76:6d:38:23:
                    8f:1f:5b:22:7e:89:7d:2f:56:df:4b:42:6e:79:e9:
                    be:b9:56:c9:96:c7:9a:29:12:2c:99:5c:df:4d:f4:
                    32:80:1b:31:83:ba:21:e4:0a:67:f4:6e:89:50:61:
                    45:3c:40:2f:69:81:88:0f:8b:f1:e9:72:ef:d3:a1:
                    da:8b:f1:bb:3b:7d:fc:b5:ea:a1:74:de:14:f4:27:
                    7f:67:95:04:d6:eb:ff:a3:2d:a7:63:84:4a:c1:f7:
                    8e:29:05:f5:d4:c7:f9:fc:e1:2a:fc:2e:d5:9d:14:
                    89:ac:2f:d5:5a:de:92:d3:30:e7:e6:4e:75:11:bf:
                    3b:29:06:6e:b1:5a:ca:39:07:6f:bc:41:0a:6e:38:
                    85:15:8a:a9:a6:64:a5:8f:50:94:ac:7f:98:75:33:
                    4b:af:6c:b6:42:ef:f4:39:7e:d7:4a:b3:14:a4:e4:
                    65:5a:7d:cb:74:93:1b:5d:13:62:33:94:ed:dd:c2:
                    25:ee:01:84:cd:33:9e:31:e9:96:29:3f:79:3e:9e:
                    bb:02:70:9c:09:f6:03:05:6d:0f:1d:1e:9b:6a:da:
                    65:c4:94:b3:f3:73:d4:5c:91:7c:43:fa:47:77:78:
                    1e:8b:1a:e2:4c:d0:73:fe:1d:8a:64:ec:eb:de:ab:
                    39:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:68:58:24:9A:6B:37:48:9C:49:8A:70:1F:27:8D:17:C5:C6:30:DA
            X509v3 Authority Key Identifier:
                keyid:AC:94:A3:69:10:64:80:3D:86:30:60:23:0A:66:0F:23:05:EE:C2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJSjaRBkgD2GMGAjCmYPIwXuwuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/8GhYJJprN0icSYpwHyeNF8XGMNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/30256c-f201-4f48-aca0-dbe6c910bba6/1/rJSjaRBkgD2GMGAjCmYPIwXuwuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.93.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:99:38:63:d7:4b:b6:ab:32:9b:3f:d3:23:2e:d7:ea:2f:05:
         ba:a6:b1:f1:e3:52:78:55:6d:5f:bd:0f:2e:b6:55:57:57:24:
         4e:53:ff:c3:f6:13:41:3f:73:1b:7f:87:e0:2a:1e:e4:c3:25:
         fa:6e:13:19:36:05:f3:28:80:83:8b:77:3e:a2:76:f8:da:fc:
         06:28:0b:3f:10:7b:b9:e9:84:54:e7:c0:21:b3:ad:95:45:9b:
         69:5a:79:b1:7d:7e:c6:5d:74:de:fa:df:97:65:d8:33:c4:3e:
         7d:10:3a:9e:71:e3:76:90:07:3f:82:2d:6a:00:10:c5:7d:23:
         73:30:ff:50:6e:e3:4b:95:b1:e5:cb:9f:c0:40:20:6b:37:5e:
         1b:c5:1c:41:4d:bb:0e:b8:c9:9f:1d:dd:33:60:37:53:63:57:
         6b:2a:26:a0:ff:2e:93:4d:54:b4:ae:d3:cb:db:06:2f:92:e3:
         ee:1e:9a:19:ad:ef:fc:e6:bf:d4:5b:c3:51:80:d3:79:aa:94:
         bd:2c:5b:37:17:fa:43:8d:11:6f:52:79:03:a6:a6:1a:dc:d9:
         d0:dc:0a:42:7e:03:0f:06:29:14:20:c3:47:c0:b0:4b:31:b9:
         90:27:47:aa:37:48:78:5d:c8:27:ee:d1:84:c5:1a:0b:31:ec:
         4a:f4:69:a7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbuZlZ6MQ1Bs45GFQ7rlhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTRhMzY5MTA2NDgwM2Q4NjMwNjAyMzBhNjYwZjIzMDVl
ZWMyZTcwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY4NTgyNDlhNmIzNzQ4OWM0OThhNzAxZjI3OGQxN2M1YzYzMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9kBSZA5/ldpFXZtOCOPH1sifol9
L1bfS0Jueem+uVbJlseaKRIsmVzfTfQygBsxg7oh5Apn9G6JUGFFPEAvaYGID4vx
6XLv06Hai/G7O338teqhdN4U9Cd/Z5UE1uv/oy2nY4RKwfeOKQX11Mf5/OEq/C7V
nRSJrC/VWt6S0zDn5k51Eb87KQZusVrKOQdvvEEKbjiFFYqppmSlj1CUrH+YdTNL
r2y2Qu/0OX7XSrMUpORlWn3LdJMbXRNiM5Tt3cIl7gGEzTOeMemWKT95Pp67AnCc
CfYDBW0PHR6batplxJSz83PUXJF8Q/pHd3geixriTNBz/h2KZOzr3qs5EQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPBoWCSaazdInEmKcB8njRfFxjDaMB8GA1UdIwQY
MBaAFKyUo2kQZIA9hjBgIwpmDyMF7sLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpTamFSQmtnRDJHTUdBakNtWVBJd1h1d3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8zMDI1NmMtZjIwMS00ZjQ4LWFjYTAt
ZGJlNmM5MTBiYmE2LzEvOEdoWUpKcHJOMGljU1lwd0h5ZU5GOFhHTU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8zMDI1NmMtZjIwMS00ZjQ4LWFjYTAtZGJlNmM5MTBiYmE2
LzEvckpTamFSQmtnRDJHTUdBakNtWVBJd1h1d3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjF0wDQYJ
KoZIhvcNAQELBQADggEBABiZOGPXS7arMps/0yMu1+ovBbqmsfHjUnhVbV+9Dy62
VVdXJE5T/8P2E0E/cxt/h+AqHuTDJfpuExk2BfMogIOLdz6idvja/AYoCz8Qe7np
hFTnwCGzrZVFm2laebF9fsZddN7635dl2DPEPn0QOp5x43aQBz+CLWoAEMV9I3Mw
/1Bu40uVseXLn8BAIGs3XhvFHEFNuw64yZ8d3TNgN1NjV2sqJqD/LpNNVLSu08vb
Bi+S4+4emhmt7/zmv9Rbw1GA03mqlL0sWzcX+kONEW9SeQOmphrc2dDcCkJ+Aw8G
KRQgw0fAsEsxuZAnR6o3SHhdyCfu0YTFGgsx7Er0aac=
-----END CERTIFICATE-----