Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/8fqDzNuVU-2nPsDVf8OPnZ8iiyo.roa
File:                     8fqDzNuVU-2nPsDVf8OPnZ8iiyo.roa (raw, json)
Hash identifier:          i43+gpjdNw/GtUUpjUQtu9drxmfwVwsH5s6kwpF0bLc=
Subject key identifier:   F1:FA:83:CC:DB:95:53:ED:A7:3E:C0:D5:7F:C3:8F:9D:9F:22:8B:2A
Certificate issuer:       /CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
Certificate serial:       018CC26D41A43BA459C76D1197EA2F8C1617
Authority key identifier: 2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/8fqDzNuVU-2nPsDVf8OPnZ8iiyo.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207934
IP address blocks:        185.156.96.0/22 maxlen: 32
                          2a03:300::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:a4:3b:a4:59:c7:6d:11:97:ea:2f:8c:16:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1fa83ccdb9553eda73ec0d57fc38f9d9f228b2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:fc:5f:6d:c5:96:c7:6a:90:e0:86:36:12:
                    1f:87:95:8d:48:7f:54:55:92:96:74:94:1a:d9:2e:
                    ca:4a:5d:e5:f0:80:be:63:3e:d2:09:8c:c6:2d:fc:
                    cc:44:de:5d:1e:10:f7:fe:e9:a9:0f:d8:97:85:d6:
                    8a:80:97:74:e7:9e:3a:4d:de:1b:ae:26:40:e7:8a:
                    31:e6:9d:60:41:b2:d7:8c:1f:c0:12:20:f4:06:d8:
                    51:2a:a0:33:eb:55:26:6f:54:89:0e:24:db:7e:db:
                    fb:0a:f9:aa:b3:04:02:db:e8:d1:cb:78:6d:b4:21:
                    1d:dc:07:15:f5:a1:ec:0f:31:bb:0c:67:66:65:87:
                    6c:9b:f4:fb:b9:03:68:69:61:58:e8:b7:e5:21:6f:
                    33:a4:71:a0:2a:6b:05:57:79:aa:c0:57:77:97:ea:
                    de:4b:5f:a4:3e:e6:21:52:ad:08:cf:06:0c:32:e2:
                    88:13:e6:6f:4b:f3:28:e6:f9:e6:a8:80:48:b0:7d:
                    e5:42:ea:31:eb:9a:f3:ed:7d:ca:fd:58:6d:64:98:
                    d2:98:7a:65:fc:85:cb:bb:92:a0:65:96:bc:f9:9f:
                    81:09:96:a9:ac:1a:ca:4f:c7:18:6e:7e:c6:37:cd:
                    75:e0:35:33:72:c7:5a:d4:6c:f9:66:dd:ec:ea:78:
                    0c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FA:83:CC:DB:95:53:ED:A7:3E:C0:D5:7F:C3:8F:9D:9F:22:8B:2A
            X509v3 Authority Key Identifier:
                keyid:2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/8fqDzNuVU-2nPsDVf8OPnZ8iiyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.96.0/22
                IPv6:
                  2a03:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:3a:96:63:a3:7a:f6:3e:4e:77:3f:e5:0f:3c:4b:10:28:5b:
         04:f1:8a:d1:87:91:28:59:df:32:0f:8d:88:13:37:ff:f9:f2:
         ca:d0:a7:a1:d1:bc:df:a5:d6:5d:44:24:76:39:1c:86:f3:cb:
         bb:26:ac:6a:5c:3e:a9:f4:d6:8e:b7:3c:99:c2:4f:38:f5:fd:
         b5:48:57:67:47:11:7c:83:67:00:c1:e8:e7:5e:a0:99:ab:19:
         16:b3:f9:3e:d9:c7:60:33:7c:b9:19:5b:22:ab:d4:67:ee:41:
         df:43:46:ff:8b:ea:e4:4a:18:10:d2:22:84:ec:ed:a1:5f:04:
         54:a9:43:58:8e:fc:b7:9c:34:25:5c:87:d5:d5:a3:3e:5a:8c:
         59:21:34:3b:36:f2:a6:af:e5:08:1a:e5:42:00:f8:56:03:62:
         f0:c1:5f:2f:9f:15:30:e2:4c:50:83:05:ca:2e:37:86:5b:2b:
         01:47:3a:dd:47:38:93:26:87:d5:c5:ce:4e:f6:31:e7:31:92:
         90:4a:24:5c:f0:b5:6d:b3:b8:00:0e:00:9d:1c:b9:f4:f1:01:
         41:4d:13:87:90:3c:d0:c1:2f:98:04:0a:ea:d8:8f:62:1e:7c:
         96:a2:73:b5:1f:18:f6:5d:1f:a0:28:b1:a6:d0:59:89:51:07:
         0d:a3:5e:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbUGkO6RZx20Rl+ovjBYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMWU2NWY4MDgzYzg1OWJjZDBkMmM1MmExZTA2MWViNTEz
MWY1ZjEwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZhODNjY2RiOTU1M2VkYTczZWMwZDU3ZmMzOGY5ZDlmMjI4YjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXr8X23FlsdqkOCGNhIfh5WNSH9U
VZKWdJQa2S7KSl3l8IC+Yz7SCYzGLfzMRN5dHhD3/umpD9iXhdaKgJd05546Td4b
riZA54ox5p1gQbLXjB/AEiD0BthRKqAz61Umb1SJDiTbftv7CvmqswQC2+jRy3ht
tCEd3AcV9aHsDzG7DGdmZYdsm/T7uQNoaWFY6LflIW8zpHGgKmsFV3mqwFd3l+re
S1+kPuYhUq0IzwYMMuKIE+ZvS/Mo5vnmqIBIsH3lQuox65rz7X3K/VhtZJjSmHpl
/IXLu5KgZZa8+Z+BCZaprBrKT8cYbn7GN8114DUzcsda1Gz5Zt3s6ngMqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPH6g8zblVPtpz7A1X/Dj52fIosqMB8GA1UdIwQY
MBaAFCoeZfgIPIWbzQ0sUqHgYetRMfXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTIt
Y2ZiOGRhNTQ5MDY3LzEvOGZxRHpOdVZVLTJuUHNEVmY4T1BuWjhpaXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTItY2ZiOGRhNTQ5MDY3
LzEvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZxgMA0E
AgACMAcDBQMqAwMAMA0GCSqGSIb3DQEBCwUAA4IBAQBVOpZjo3r2Pk53P+UPPEsQ
KFsE8YrRh5EoWd8yD42IEzf/+fLK0Keh0bzfpdZdRCR2ORyG88u7JqxqXD6p9NaO
tzyZwk849f21SFdnRxF8g2cAwejnXqCZqxkWs/k+2cdgM3y5GVsiq9Rn7kHfQ0b/
i+rkShgQ0iKE7O2hXwRUqUNYjvy3nDQlXIfV1aM+WoxZITQ7NvKmr+UIGuVCAPhW
A2LwwV8vnxUw4kxQgwXKLjeGWysBRzrdRziTJofVxc5O9jHnMZKQSiRc8LVts7gA
DgCdHLn08QFBTROHkDzQwS+YBArq2I9iHnyWonO1Hxj2XR+gKLGm0FmJUQcNo14Q
-----END CERTIFICATE-----