Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/8CDzPF6jtn0v7SaODFvxfdma1Y8.roa
File:                     8CDzPF6jtn0v7SaODFvxfdma1Y8.roa (raw, json)
Hash identifier:          GTieZebXWt7dHvWiCXQTJ48uqFHmsN0x/FCuOyn1b2Q=
Subject key identifier:   F0:20:F3:3C:5E:A3:B6:7D:2F:ED:26:8E:0C:5B:F1:7D:D9:9A:D5:8F
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       018CC94ADE26DADDF8511A8E6A01924B658E
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/8CDzPF6jtn0v7SaODFvxfdma1Y8.roa
Signing time:             Tue 02 Jan 2024 08:29:36 +0000
ROA not before:           Tue 02 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62003
IP address blocks:        144.43.240.0/21 maxlen: 24
                          144.43.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:de:26:da:dd:f8:51:1a:8e:6a:01:92:4b:65:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Jan  2 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f020f33c5ea3b67d2fed268e0c5bf17dd99ad58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:77:68:65:69:1b:3f:c6:41:05:f0:19:93:1a:
                    74:0d:5d:fa:46:04:d0:2c:eb:1c:a8:02:00:f3:8b:
                    81:91:92:ca:15:e4:29:59:37:8a:1e:72:66:de:d3:
                    af:f4:20:a1:ef:ca:fb:e6:1d:e6:dc:10:b1:81:1a:
                    c0:40:d8:9c:80:79:ba:99:b8:ee:1d:41:c5:ad:9a:
                    af:d5:32:44:1d:6e:7f:fa:cc:d8:f3:10:d5:ba:ba:
                    5a:b7:f8:6c:f0:b9:89:67:b8:da:9a:8f:a6:2e:e7:
                    f5:0c:92:58:5b:b3:e0:28:28:c6:7b:31:71:5f:56:
                    75:37:e1:b6:f6:6f:91:64:24:a5:46:b3:4f:73:06:
                    8d:3d:96:a5:e8:10:73:56:9e:20:16:e1:45:61:ac:
                    c4:ba:c0:76:22:cb:4b:5f:21:19:5b:28:51:53:b1:
                    6f:2f:e6:2a:2d:6e:ff:63:66:7a:ed:b4:3c:a3:09:
                    3f:eb:e3:d4:36:78:fa:19:25:70:c7:dd:95:d9:1b:
                    b8:bb:b2:d1:fc:ce:94:6f:29:61:a7:25:11:c7:c8:
                    ad:c3:42:c4:02:d4:14:2c:87:e9:b1:93:42:fb:fc:
                    60:3d:97:0d:e7:e4:e3:a9:94:e4:d1:06:98:17:f8:
                    03:10:81:98:8e:ce:ed:8f:aa:79:61:d5:06:4b:ef:
                    d3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:20:F3:3C:5E:A3:B6:7D:2F:ED:26:8E:0C:5B:F1:7D:D9:9A:D5:8F
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/8CDzPF6jtn0v7SaODFvxfdma1Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.43.240.0/21
                  144.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:11:11:6b:43:a0:17:ef:08:18:28:c7:3f:ad:18:55:5b:cc:
         2e:2e:0c:1e:e2:a5:d9:ca:0e:c9:e5:7a:65:98:40:45:63:07:
         ab:09:a6:28:99:98:33:dd:0a:6e:75:44:d6:a3:e0:5d:7a:5c:
         b1:90:ce:15:49:87:7d:bf:61:99:17:ac:a4:61:38:81:bc:f2:
         4c:ea:2c:38:c8:77:65:fb:a1:00:1f:c2:a1:fe:9e:b2:aa:3b:
         0f:71:41:92:5c:b8:57:fe:9b:95:5e:8f:85:d0:46:23:4d:e0:
         85:ac:39:ea:42:ea:19:7e:d8:63:83:17:9b:4d:5a:16:ab:58:
         6d:48:5a:1c:41:ee:c8:5d:66:24:9a:be:e7:0a:1d:75:e6:61:
         8d:5a:8d:57:9f:87:70:d7:d7:3c:12:30:47:5e:5f:54:a8:ed:
         aa:aa:47:be:c5:0b:5a:14:4f:46:42:4c:88:10:1b:24:ed:0e:
         2b:94:e9:75:90:1a:02:5e:e9:23:2f:52:7a:f6:28:72:62:4a:
         b1:03:60:64:b5:3c:6f:39:8a:21:66:14:7c:90:e8:e9:69:cb:
         7e:51:db:28:10:c7:f7:89:14:61:4a:24:16:54:78:20:f7:15:
         51:58:7e:d5:24:12:51:6a:f6:41:56:01:9b:79:44:35:2f:2a:
         7c:87:ed:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJSt4m2t34URqOagGSS2WOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjQwMTAyMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDIwZjMzYzVlYTNiNjdkMmZlZDI2OGUwYzViZjE3ZGQ5OWFkNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHdoZWkbP8ZBBfAZkxp0DV36RgTQ
LOscqAIA84uBkZLKFeQpWTeKHnJm3tOv9CCh78r75h3m3BCxgRrAQNicgHm6mbju
HUHFrZqv1TJEHW5/+szY8xDVurpat/hs8LmJZ7jamo+mLuf1DJJYW7PgKCjGezFx
X1Z1N+G29m+RZCSlRrNPcwaNPZal6BBzVp4gFuFFYazEusB2IstLXyEZWyhRU7Fv
L+YqLW7/Y2Z67bQ8owk/6+PUNnj6GSVwx92V2Ru4u7LR/M6UbylhpyURx8itw0LE
AtQULIfpsZNC+/xgPZcN5+TjqZTk0QaYF/gDEIGYjs7tj6p5YdUGS+/TQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAg8zxeo7Z9L+0mjgxb8X3ZmtWPMB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvOENEelBGNmp0bjB2N1NhT0RGdnhmZG1hMVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkCvwAwQC
kCv8MA0GCSqGSIb3DQEBCwUAA4IBAQAUERFrQ6AX7wgYKMc/rRhVW8wuLgwe4qXZ
yg7J5XplmEBFYwerCaYomZgz3QpudUTWo+BdelyxkM4VSYd9v2GZF6ykYTiBvPJM
6iw4yHdl+6EAH8Kh/p6yqjsPcUGSXLhX/puVXo+F0EYjTeCFrDnqQuoZfthjgxeb
TVoWq1htSFocQe7IXWYkmr7nCh115mGNWo1Xn4dw19c8EjBHXl9UqO2qqke+xQta
FE9GQkyIEBsk7Q4rlOl1kBoCXukjL1J69ihyYkqxA2BktTxvOYohZhR8kOjpact+
UdsoEMf3iRRhSiQWVHgg9xVRWH7VJBJRavZBVgGbeUQ1Lyp8h+2M
-----END CERTIFICATE-----