Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/8ILfYpD01k2SWXPtedrh0QU6ft0.roa
File:                     8ILfYpD01k2SWXPtedrh0QU6ft0.roa (raw, json)
Hash identifier:          +6CO7uoct66zzIzNhMedHPAWpMyvy0KRAuwNdGM/XaQ=
Subject key identifier:   F0:82:DF:62:90:F4:D6:4D:92:59:73:ED:79:DA:E1:D1:05:3A:7E:DD
Certificate issuer:       /CN=e180ebbbca0f890de353891421a83dd5b653d940
Certificate serial:       018CC86F13E7B2396DEF1EFDB48638CB3137
Authority key identifier: E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/8ILfYpD01k2SWXPtedrh0QU6ft0.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35608
IP address blocks:        194.67.70.0/24 maxlen: 24
                          194.67.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:13:e7:b2:39:6d:ef:1e:fd:b4:86:38:cb:31:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e180ebbbca0f890de353891421a83dd5b653d940
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f082df6290f4d64d925973ed79dae1d1053a7edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:39:53:f6:a8:f6:e8:ff:2e:f8:95:2c:56:ca:
                    74:70:80:73:3b:7b:71:26:9c:d9:cb:52:a9:dc:a5:
                    cc:35:36:63:36:7d:26:f0:ba:00:5e:d5:16:b9:96:
                    78:a9:dd:2d:1e:76:88:08:19:dd:29:9f:c1:04:8f:
                    3f:41:c3:83:a6:d0:22:c5:75:dc:fe:d5:9d:bc:2a:
                    67:4c:af:9f:21:88:f4:f5:2d:06:3c:d4:aa:dc:87:
                    f1:e7:6b:f7:08:11:c7:74:a2:ef:d5:15:eb:42:df:
                    23:fa:0c:df:b9:0c:52:e8:0a:8b:b9:c7:3c:5d:7d:
                    cf:b9:65:ed:5b:00:49:5a:f3:7a:82:d7:95:dc:49:
                    ed:43:c8:41:a8:84:c3:68:5a:fd:f1:5c:c4:cf:39:
                    8a:7d:9f:60:2b:df:b9:ef:da:8c:27:7b:5a:b0:f3:
                    5f:06:da:bc:12:cd:bc:0b:33:7d:5f:63:76:95:eb:
                    ce:1b:b4:fe:6c:a0:6f:eb:07:fa:da:7c:ad:dc:79:
                    1e:1b:9c:03:d7:a5:d6:27:78:ac:9d:e7:54:e5:a1:
                    e7:e7:76:09:09:bc:26:44:fa:9f:1b:b1:95:c5:d0:
                    90:e0:7b:19:79:2b:e8:45:96:e6:94:fa:8b:c8:57:
                    05:a7:ce:ac:3a:79:21:d3:76:1a:f8:78:3f:67:61:
                    07:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:82:DF:62:90:F4:D6:4D:92:59:73:ED:79:DA:E1:D1:05:3A:7E:DD
            X509v3 Authority Key Identifier:
                keyid:E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/8ILfYpD01k2SWXPtedrh0QU6ft0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.69.0-194.67.70.255

    Signature Algorithm: sha256WithRSAEncryption
         7b:ea:4f:50:e8:94:7a:1e:eb:83:fd:15:df:5b:d8:0b:2d:71:
         a8:75:d7:fd:7e:f5:6b:e4:e9:24:47:ed:b4:50:15:82:28:34:
         99:fa:66:c2:b1:80:7c:ed:2b:ab:0a:d0:76:c0:33:66:22:32:
         ca:bb:54:7e:6c:fe:51:0e:18:69:b8:37:dd:5d:21:96:1b:f9:
         53:eb:49:6a:8d:58:3b:f2:25:86:dc:53:6c:56:e6:f2:e0:47:
         6f:8a:ba:d8:fc:a9:59:61:b5:6e:28:1d:6a:bd:03:4d:1e:20:
         3d:25:fa:d4:61:7b:10:cd:cf:ed:79:f8:23:65:47:9e:ec:df:
         21:34:e6:d4:69:f1:87:f8:89:66:63:21:77:7d:b2:4b:eb:f5:
         9c:18:52:45:b7:15:af:d6:aa:e9:c1:54:c5:52:d0:cd:05:12:
         34:8c:0b:f6:09:c8:53:de:01:83:ca:6f:ab:10:d3:16:ad:e0:
         9f:f2:7d:0b:e1:c2:ff:a5:76:ec:8c:a7:f8:15:8d:51:cd:b4:
         7f:b0:5a:0e:a0:2c:b6:8f:5b:c0:ab:ca:57:76:c1:71:41:68:
         ad:f9:f0:a6:0c:b3:78:c0:4c:56:85:56:c1:94:50:bb:56:1e:
         91:ad:ab:94:84:32:75:32:0a:9e:37:1a:2a:d2:e8:8b:0c:21:
         49:46:c8:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIbxPnsjlt7x79tIY4yzE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODBlYmJiY2EwZjg5MGRlMzUzODkxNDIxYTgzZGQ1YjY1
M2Q5NDAwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDgyZGY2MjkwZjRkNjRkOTI1OTczZWQ3OWRhZTFkMTA1M2E3ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDlT9qj26P8u+JUsVsp0cIBzO3tx
JpzZy1Kp3KXMNTZjNn0m8LoAXtUWuZZ4qd0tHnaICBndKZ/BBI8/QcODptAixXXc
/tWdvCpnTK+fIYj09S0GPNSq3Ifx52v3CBHHdKLv1RXrQt8j+gzfuQxS6AqLucc8
XX3PuWXtWwBJWvN6gteV3EntQ8hBqITDaFr98VzEzzmKfZ9gK9+579qMJ3tasPNf
Btq8Es28CzN9X2N2levOG7T+bKBv6wf62nyt3HkeG5wD16XWJ3isnedU5aHn53YJ
CbwmRPqfG7GVxdCQ4HsZeSvoRZbmlPqLyFcFp86sOnkh03Ya+Hg/Z2EHWQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPCC32KQ9NZNkllz7Xna4dEFOn7dMB8GA1UdIwQY
MBaAFOGA67vKD4kN41OJFCGoPdW2U9lAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEt
MDU1NTY5NTljNDU1LzEvOElMZllwRDAxazJTV1hQdGVkcmgwUVU2ZnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEtMDU1NTY5NTljNDU1
LzEvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCQ0UD
BADCQ0YwDQYJKoZIhvcNAQELBQADggEBAHvqT1DolHoe64P9Fd9b2Astcah11/1+
9Wvk6SRH7bRQFYIoNJn6ZsKxgHztK6sK0HbAM2YiMsq7VH5s/lEOGGm4N91dIZYb
+VPrSWqNWDvyJYbcU2xW5vLgR2+Kutj8qVlhtW4oHWq9A00eID0l+tRhexDNz+15
+CNlR57s3yE05tRp8Yf4iWZjIXd9skvr9ZwYUkW3Fa/WqunBVMVS0M0FEjSMC/YJ
yFPeAYPKb6sQ0xat4J/yfQvhwv+lduyMp/gVjVHNtH+wWg6gLLaPW8Cryld2wXFB
aK358KYMs3jATFaFVsGUULtWHpGtq5SEMnUyCp43GirS6IsMIUlGyKM=
-----END CERTIFICATE-----