Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/8nH40Ws6UgAXsj-AscCAGeXfsY0.roa
File:                     8nH40Ws6UgAXsj-AscCAGeXfsY0.roa (raw, json)
Hash identifier:          SZQ65oAQ7y7SxW4QuLW3cjFLSp56lPOBI4/4sXpHiWs=
Subject key identifier:   F2:71:F8:D1:6B:3A:52:00:17:B2:3F:80:B1:C0:80:19:E5:DF:B1:8D
Certificate issuer:       /CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
Certificate serial:       018CC8DF3BBB685EFC40D6FE0FDF07FBC010
Authority key identifier: 8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/8nH40Ws6UgAXsj-AscCAGeXfsY0.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199121
IP address blocks:        91.244.180.0/24 maxlen: 24
                          2001:67c:7a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3b:bb:68:5e:fc:40:d6:fe:0f:df:07:fb:c0:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f271f8d16b3a520017b23f80b1c08019e5dfb18d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:63:9d:28:60:50:1d:b6:8b:ac:82:57:d6:4d:
                    91:fd:f7:ea:77:1c:82:1b:7a:7a:ad:61:4b:d2:52:
                    cb:7a:54:b6:dc:29:2a:8a:cc:f2:e7:13:fe:62:36:
                    74:0f:8b:62:6f:83:89:50:38:f8:65:8c:c8:12:e4:
                    f8:43:28:2a:fa:a1:1b:11:1d:a5:a3:2a:f1:99:10:
                    d3:eb:7e:06:85:f9:99:99:e0:44:9e:24:b9:55:90:
                    a9:f0:2f:99:6e:9f:e1:d0:04:94:f9:fb:1d:b1:6d:
                    a7:f5:93:42:d2:eb:3e:04:f7:4e:16:69:1a:9e:85:
                    14:b2:df:d1:6b:e0:04:29:a0:0c:98:e3:5e:68:b7:
                    90:b5:36:dc:92:10:ed:a2:d8:5c:01:21:5b:b7:96:
                    9a:1d:85:e9:37:c9:eb:30:fc:d1:76:64:4d:2b:76:
                    df:bc:bb:74:0b:0d:8c:39:ee:2e:6e:95:ab:d8:d6:
                    0c:30:97:53:b3:9f:ae:72:cb:f5:60:2e:80:74:5e:
                    25:31:76:25:8f:f9:4b:91:69:4f:04:29:b9:8a:94:
                    ae:9d:f3:e0:3e:19:f3:d1:0e:2f:9f:ab:bb:3c:01:
                    be:69:a2:02:ae:7e:6d:05:86:87:5f:e4:99:0e:c8:
                    99:28:6a:5c:41:71:02:10:66:e6:77:ca:4a:7e:90:
                    84:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:71:F8:D1:6B:3A:52:00:17:B2:3F:80:B1:C0:80:19:E5:DF:B1:8D
            X509v3 Authority Key Identifier:
                keyid:8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/8nH40Ws6UgAXsj-AscCAGeXfsY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.180.0/24
                IPv6:
                  2001:67c:7a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:73:62:2f:e4:ac:f6:00:c0:f3:1f:15:e8:ad:85:23:25:df:
         5e:57:dd:97:04:a7:92:ea:cf:23:0d:fd:c7:20:bb:d4:3e:42:
         0a:14:fc:71:aa:4c:a7:94:9c:6b:15:0b:de:d9:72:ab:93:fe:
         26:95:07:ed:87:86:22:87:78:9b:15:b2:49:ff:e5:ac:b6:dc:
         e3:06:3b:1f:f6:ea:54:f7:c4:44:d1:6c:0c:16:1b:62:07:6b:
         cd:9f:08:64:b9:f9:06:55:91:c7:fd:33:02:7c:d3:d2:a8:44:
         22:db:5f:df:19:cf:2c:d4:bd:b2:86:a5:c6:cc:a8:5b:ae:73:
         1b:86:22:bd:7b:6c:e6:90:12:8b:f9:cb:c8:28:c8:0b:7a:95:
         51:83:cf:16:28:e0:b8:43:ee:02:db:c7:19:a8:aa:c1:df:70:
         70:4d:2b:5e:81:f0:9e:be:42:54:7e:aa:c0:c6:8c:64:b2:22:
         19:35:99:8e:33:03:a1:74:75:3d:10:86:e5:68:dc:31:47:0d:
         2f:47:7c:53:6d:bf:08:59:73:ab:04:8c:15:03:65:77:0c:a6:
         1e:01:06:5e:15:4a:07:95:44:92:ec:98:9d:0f:e4:d1:67:51:
         54:18:fa:8c:78:21:82:b9:18:6a:9a:b0:60:fe:29:95:87:f8:
         4f:49:21:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3zu7aF78QNb+D98H+8AQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyZjRkZWQ5MjI1N2U2N2JhNzRmMTc2MmM4YmM5MTRl
YmQ2MWMwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjcxZjhkMTZiM2E1MjAwMTdiMjNmODBiMWMwODAxOWU1ZGZiMThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmOdKGBQHbaLrIJX1k2R/ffqdxyC
G3p6rWFL0lLLelS23Ckqiszy5xP+YjZ0D4tib4OJUDj4ZYzIEuT4Qygq+qEbER2l
oyrxmRDT634GhfmZmeBEniS5VZCp8C+Zbp/h0ASU+fsdsW2n9ZNC0us+BPdOFmka
noUUst/Ra+AEKaAMmONeaLeQtTbckhDtothcASFbt5aaHYXpN8nrMPzRdmRNK3bf
vLt0Cw2MOe4ubpWr2NYMMJdTs5+ucsv1YC6AdF4lMXYlj/lLkWlPBCm5ipSunfPg
Phnz0Q4vn6u7PAG+aaICrn5tBYaHX+SZDsiZKGpcQXECEGbmd8pKfpCEhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJx+NFrOlIAF7I/gLHAgBnl37GNMB8GA1UdIwQY
MBaAFI2JL03tkiV+Z7p08XYsi8kU69YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMt
MGJkOWRkZjM5NzBlLzEvOG5INDBXczZVZ0FYc2otQXNjQ0FHZVhmc1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMtMGJkOWRkZjM5NzBl
LzEvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/S0MA8E
AgACMAkDBwAgAQZ8B6QwDQYJKoZIhvcNAQELBQADggEBAA1zYi/krPYAwPMfFeit
hSMl315X3ZcEp5LqzyMN/ccgu9Q+QgoU/HGqTKeUnGsVC97ZcquT/iaVB+2HhiKH
eJsVskn/5ay23OMGOx/26lT3xETRbAwWG2IHa82fCGS5+QZVkcf9MwJ809KoRCLb
X98ZzyzUvbKGpcbMqFuucxuGIr17bOaQEov5y8goyAt6lVGDzxYo4LhD7gLbxxmo
qsHfcHBNK16B8J6+QlR+qsDGjGSyIhk1mY4zA6F0dT0QhuVo3DFHDS9HfFNtvwhZ
c6sEjBUDZXcMph4BBl4VSgeVRJLsmJ0P5NFnUVQY+ox4IYK5GGqasGD+KZWH+E9J
IWY=
-----END CERTIFICATE-----