Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/8YRa0_lPen221I8Wwq49UtU5b1Q.roa
File:                     8YRa0_lPen221I8Wwq49UtU5b1Q.roa (raw, json)
Hash identifier:          cUOqCwwShAbnSFjR3gjpFhZsZ5QwzZ04DC42lB4C1lA=
Subject key identifier:   F1:84:5A:D3:F9:4F:7A:7D:B6:D4:8F:16:C2:AE:3D:52:D5:39:6F:54
Certificate issuer:       /CN=e29ed9a9d1b6b5383ebf946d5fc54980612563ea
Certificate serial:       018CC9BB3CF3C29E85A3497C460BBD24FC22
Authority key identifier: E2:9E:D9:A9:D1:B6:B5:38:3E:BF:94:6D:5F:C5:49:80:61:25:63:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4p7ZqdG2tTg-v5RtX8VJgGElY-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/8YRa0_lPen221I8Wwq49UtU5b1Q.roa
Signing time:             Tue 02 Jan 2024 10:32:20 +0000
ROA not before:           Tue 02 Jan 2024 10:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197745
IP address blocks:        185.2.0.0/22 maxlen: 24
                          2a00:90c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/4p7ZqdG2tTg-v5RtX8VJgGElY-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/4p7ZqdG2tTg-v5RtX8VJgGElY-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4p7ZqdG2tTg-v5RtX8VJgGElY-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:3c:f3:c2:9e:85:a3:49:7c:46:0b:bd:24:fc:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29ed9a9d1b6b5383ebf946d5fc54980612563ea
        Validity
            Not Before: Jan  2 10:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1845ad3f94f7a7db6d48f16c2ae3d52d5396f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ff:cc:25:5c:5f:3f:54:9d:f8:15:56:3b:1b:
                    de:43:a0:a2:ec:59:47:cc:fb:f5:e0:50:e3:92:e5:
                    c6:16:35:57:a5:b0:e9:51:50:bd:17:e8:b8:5e:14:
                    66:e2:3c:e8:b1:0b:d2:0a:31:6e:e3:e1:eb:55:15:
                    33:d3:8d:c6:dd:f7:b5:b0:57:b4:d5:3f:c4:4b:be:
                    28:20:97:a9:09:cb:f7:2c:d5:54:4a:6d:62:47:7c:
                    ce:ca:59:cd:1f:d8:26:b7:a6:ad:51:5d:d9:12:4f:
                    fe:81:8f:ae:9c:95:4a:88:de:2d:02:af:16:9c:17:
                    d1:22:c4:8f:e8:ff:20:4c:39:c1:fc:6c:65:1a:61:
                    cd:e9:42:db:6e:13:57:3c:b9:b6:37:e4:05:7e:d1:
                    7f:9e:82:6b:c2:f9:11:79:1f:32:ae:d3:bb:0c:b6:
                    cf:39:0c:15:cd:c3:61:bd:44:2c:09:8e:11:4c:00:
                    5f:d8:05:5f:ff:9e:31:d0:40:f8:ea:7f:51:85:8a:
                    d5:18:11:67:a7:3a:bc:88:c9:23:f0:f8:94:7b:b9:
                    d4:de:ca:04:76:b1:0f:e0:be:b2:2b:37:c8:f2:36:
                    96:4e:0d:34:74:ca:7e:b7:77:9a:f9:a9:eb:ee:86:
                    f7:9e:cc:cb:8a:c9:a5:21:5d:e5:1f:c4:52:ea:91:
                    3a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:84:5A:D3:F9:4F:7A:7D:B6:D4:8F:16:C2:AE:3D:52:D5:39:6F:54
            X509v3 Authority Key Identifier:
                keyid:E2:9E:D9:A9:D1:B6:B5:38:3E:BF:94:6D:5F:C5:49:80:61:25:63:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4p7ZqdG2tTg-v5RtX8VJgGElY-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/8YRa0_lPen221I8Wwq49UtU5b1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/38ec5b-336d-4a1c-a84a-f6c6859b30f0/1/4p7ZqdG2tTg-v5RtX8VJgGElY-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.0.0/22
                IPv6:
                  2a00:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:93:b5:90:ec:d0:23:d5:16:ec:c0:69:94:0c:81:a0:c6:ea:
         a6:8a:04:e6:e0:bd:1d:fd:e5:43:e5:05:3d:6d:eb:48:1a:86:
         79:31:a5:1b:bb:c0:59:d9:3d:e3:10:89:be:01:f2:85:80:05:
         3f:b2:a0:d8:3d:d0:32:80:0a:0e:a9:33:d0:94:15:2f:9a:81:
         9d:2e:f7:8b:b7:03:a8:21:32:9f:51:eb:10:07:b8:f8:72:36:
         f8:53:7b:ff:4c:95:9d:d8:46:fe:6c:1e:5f:72:9a:72:c6:58:
         84:72:cf:7e:54:70:05:3f:d3:64:72:43:7a:e0:40:d7:72:63:
         60:96:1a:73:7c:82:eb:07:4a:35:ae:94:06:42:cf:e6:69:90:
         19:20:2d:8e:46:0f:99:5e:b1:14:de:0b:b7:7f:2b:53:c7:76:
         28:9c:bd:6a:da:7f:c3:ce:b3:3c:1e:c0:42:fd:b6:1a:a5:64:
         03:03:c0:01:ba:9b:d9:03:45:62:66:12:47:99:42:74:16:28:
         3c:81:3a:a7:d4:fb:47:da:ba:0c:d3:59:ff:74:ae:11:9b:7f:
         2e:58:0e:89:fd:7a:ff:c2:50:65:0f:9d:e5:6b:ee:14:ca:b2:
         ef:69:68:ad:b8:e2:e9:3c:11:2c:43:f9:7d:1c:1c:ac:dd:9f:
         80:ef:ba:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJuzzzwp6Fo0l8Rgu9JPwiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWVkOWE5ZDFiNmI1MzgzZWJmOTQ2ZDVmYzU0OTgwNjEy
NTYzZWEwHhcNMjQwMTAyMTAzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTg0NWFkM2Y5NGY3YTdkYjZkNDhmMTZjMmFlM2Q1MmQ1Mzk2ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi//MJVxfP1Sd+BVWOxveQ6Ci7FlH
zPv14FDjkuXGFjVXpbDpUVC9F+i4XhRm4jzosQvSCjFu4+HrVRUz043G3fe1sFe0
1T/ES74oIJepCcv3LNVUSm1iR3zOylnNH9gmt6atUV3ZEk/+gY+unJVKiN4tAq8W
nBfRIsSP6P8gTDnB/GxlGmHN6ULbbhNXPLm2N+QFftF/noJrwvkReR8yrtO7DLbP
OQwVzcNhvUQsCY4RTABf2AVf/54x0ED46n9RhYrVGBFnpzq8iMkj8PiUe7nU3soE
drEP4L6yKzfI8jaWTg00dMp+t3ea+anr7ob3nszLismlIV3lH8RS6pE68wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPGEWtP5T3p9ttSPFsKuPVLVOW9UMB8GA1UdIwQY
MBaAFOKe2anRtrU4Pr+UbV/FSYBhJWPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHA3WnFkRzJ0VGctdjVSdFg4VkpnR0VsWS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8zOGVjNWItMzM2ZC00YTFjLWE4NGEt
ZjZjNjg1OWIzMGYwLzEvOFlSYTBfbFBlbjIyMUk4V3dxNDlVdFU1YjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8zOGVjNWItMzM2ZC00YTFjLWE4NGEtZjZjNjg1OWIzMGYw
LzEvNHA3WnFkRzJ0VGctdjVSdFg4VkpnR0VsWS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQIAMA0E
AgACMAcDBQMqAJDAMA0GCSqGSIb3DQEBCwUAA4IBAQA5k7WQ7NAj1RbswGmUDIGg
xuqmigTm4L0d/eVD5QU9betIGoZ5MaUbu8BZ2T3jEIm+AfKFgAU/sqDYPdAygAoO
qTPQlBUvmoGdLveLtwOoITKfUesQB7j4cjb4U3v/TJWd2Eb+bB5fcppyxliEcs9+
VHAFP9NkckN64EDXcmNglhpzfILrB0o1rpQGQs/maZAZIC2ORg+ZXrEU3gu3fytT
x3YonL1q2n/DzrM8HsBC/bYapWQDA8ABupvZA0ViZhJHmUJ0Fig8gTqn1PtH2roM
01n/dK4Rm38uWA6J/Xr/wlBlD53la+4UyrLvaWituOLpPBEsQ/l9HBys3Z+A77q/
-----END CERTIFICATE-----