Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/8JSYopOYK_F2EAwbEHTTIfb3X7g.roa
File:                     8JSYopOYK_F2EAwbEHTTIfb3X7g.roa (raw, json)
Hash identifier:          uVls0pAbUFiyWMJ6/xGNC+Trm3GQdicPBlcLZAV9j0I=
Subject key identifier:   F0:94:98:A2:93:98:2B:F1:76:10:0C:1B:10:74:D3:21:F6:F7:5F:B8
Certificate issuer:       /CN=a61a8f667a3dddbd4a352318d8f0606c46e9f063
Certificate serial:       018CC3B6A23537BC0B905C1BBD3A3C79D582
Authority key identifier: A6:1A:8F:66:7A:3D:DD:BD:4A:35:23:18:D8:F0:60:6C:46:E9:F0:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/8JSYopOYK_F2EAwbEHTTIfb3X7g.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34373
IP address blocks:        185.64.120.0/22 maxlen: 24
                          2a03:1460::/32 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a2:35:37:bc:0b:90:5c:1b:bd:3a:3c:79:d5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a61a8f667a3dddbd4a352318d8f0606c46e9f063
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f09498a293982bf176100c1b1074d321f6f75fb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:77:6b:17:eb:2d:44:32:10:0d:e2:ad:0d:80:
                    f9:ab:7d:19:90:79:b2:db:08:e4:47:bd:23:79:5c:
                    ac:f7:39:a6:51:81:ee:36:97:d8:02:3f:07:1b:bb:
                    f6:25:60:2a:b3:67:33:c5:b3:c5:72:ba:4f:fc:4e:
                    36:71:8b:cb:e7:82:09:1a:f8:f3:2b:77:92:15:98:
                    e2:49:b8:33:5a:7b:3a:cf:c4:14:f9:0b:60:03:5f:
                    d5:f6:cc:df:9b:18:a1:3a:0e:0b:04:b6:ca:0d:33:
                    35:f7:aa:5c:77:61:49:44:93:d5:82:46:f9:4f:a9:
                    74:10:76:67:5d:fc:cd:3e:38:d7:87:27:ab:f5:25:
                    ba:05:56:22:3e:32:a4:e6:e0:7a:21:8c:ba:9d:d8:
                    c7:01:25:83:d1:5e:de:af:81:8c:b0:90:b6:86:8b:
                    83:e4:bd:29:8e:1f:2b:f7:81:8c:d6:be:9c:0e:93:
                    32:52:49:54:dd:0c:cb:a8:ee:7a:62:b4:9c:fa:f9:
                    22:f0:31:6c:b6:86:fd:36:8a:54:f6:82:c6:eb:67:
                    28:63:9b:91:a3:09:75:98:e7:40:75:ce:2f:92:ca:
                    45:b7:c8:da:e6:27:04:15:4a:a6:82:a7:ff:e1:16:
                    85:0d:7f:ce:1e:f6:a1:0c:38:79:4d:f7:85:c6:9e:
                    1b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:94:98:A2:93:98:2B:F1:76:10:0C:1B:10:74:D3:21:F6:F7:5F:B8
            X509v3 Authority Key Identifier:
                keyid:A6:1A:8F:66:7A:3D:DD:BD:4A:35:23:18:D8:F0:60:6C:46:E9:F0:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/8JSYopOYK_F2EAwbEHTTIfb3X7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.120.0/22
                IPv6:
                  2a03:1460::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:3b:a0:ac:2a:5d:47:05:d2:03:1a:1f:d4:a3:db:30:11:bd:
         74:d7:16:04:6a:68:70:55:98:d1:86:c8:1b:96:c2:4d:a4:6b:
         69:2a:24:aa:df:7b:9f:31:ca:ec:9a:81:b1:92:08:e7:e3:84:
         d7:3d:d5:c2:f6:68:15:31:c3:ad:65:01:4b:36:bc:da:33:84:
         73:b5:74:cc:0c:75:25:69:21:98:3c:b9:5e:c9:32:e7:72:50:
         07:d4:c2:6c:58:c4:df:43:a1:ca:cc:45:c4:9f:f4:cd:82:ca:
         bd:86:49:a6:ba:91:2f:ad:e0:dc:76:af:91:81:30:b0:c5:38:
         c7:f5:1c:06:63:e6:8b:c4:f2:75:0c:3c:39:96:67:1a:a6:00:
         40:7b:ad:46:1d:85:81:a4:62:12:94:ff:39:36:a7:27:bb:4e:
         e5:64:b0:a8:73:f9:81:23:2c:ff:a1:9f:3c:4a:1e:fc:72:00:
         8a:75:d6:0e:c4:a7:fd:81:c8:c2:2c:62:61:5e:5f:65:3a:98:
         c7:90:1d:2c:b4:4b:77:b6:96:a7:36:79:aa:34:21:28:ec:98:
         2f:82:a7:bf:b8:cd:1c:a9:0d:6c:fc:22:a3:b2:a6:74:58:ba:
         0f:84:ea:d7:b4:d6:3b:e7:be:e4:05:b0:b5:35:66:82:84:1b:
         ad:3c:5e:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtqI1N7wLkFwbvTo8edWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MWE4ZjY2N2EzZGRkYmQ0YTM1MjMxOGQ4ZjA2MDZjNDZl
OWYwNjMwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk0OThhMjkzOTgyYmYxNzYxMDBjMWIxMDc0ZDMyMWY2Zjc1ZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3drF+stRDIQDeKtDYD5q30ZkHmy
2wjkR70jeVys9zmmUYHuNpfYAj8HG7v2JWAqs2czxbPFcrpP/E42cYvL54IJGvjz
K3eSFZjiSbgzWns6z8QU+QtgA1/V9szfmxihOg4LBLbKDTM196pcd2FJRJPVgkb5
T6l0EHZnXfzNPjjXhyer9SW6BVYiPjKk5uB6IYy6ndjHASWD0V7er4GMsJC2houD
5L0pjh8r94GM1r6cDpMyUklU3QzLqO56YrSc+vki8DFstob9NopU9oLG62coY5uR
owl1mOdAdc4vkspFt8ja5icEFUqmgqf/4RaFDX/OHvahDDh5TfeFxp4biQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPCUmKKTmCvxdhAMGxB00yH291+4MB8GA1UdIwQY
MBaAFKYaj2Z6Pd29SjUjGNjwYGxG6fBjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhxUFpubzkzYjFLTlNNWTJQQmdiRWJwOEdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jZTg4YTItZWI4Ny00MmE1LTkxNmQt
YjU2YmIwNjQ3ODY4LzEvOEpTWW9wT1lLX0YyRUF3YkVIVFRJZmIzWDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jZTg4YTItZWI4Ny00MmE1LTkxNmQtYjU2YmIwNjQ3ODY4
LzEvcGhxUFpubzkzYjFLTlNNWTJQQmdiRWJwOEdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUB4MA0E
AgACMAcDBQAqAxRgMA0GCSqGSIb3DQEBCwUAA4IBAQCIO6CsKl1HBdIDGh/Uo9sw
Eb101xYEamhwVZjRhsgblsJNpGtpKiSq33ufMcrsmoGxkgjn44TXPdXC9mgVMcOt
ZQFLNrzaM4RztXTMDHUlaSGYPLleyTLnclAH1MJsWMTfQ6HKzEXEn/TNgsq9hkmm
upEvreDcdq+RgTCwxTjH9RwGY+aLxPJ1DDw5lmcapgBAe61GHYWBpGISlP85Nqcn
u07lZLCoc/mBIyz/oZ88Sh78cgCKddYOxKf9gcjCLGJhXl9lOpjHkB0stEt3tpan
NnmqNCEo7Jgvgqe/uM0cqQ1s/CKjsqZ0WLoPhOrXtNY7577kBbC1NWaChButPF76
-----END CERTIFICATE-----