Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/8aRFc9FMZuB39L9ezbDQe4rTWqI.roa
File:                     8aRFc9FMZuB39L9ezbDQe4rTWqI.roa (raw, json)
Hash identifier:          d0kPdTmIfua7sOVHFgh6TKa6BfDr4mbqEziPITcO1vw=
Subject key identifier:   F1:A4:45:73:D1:4C:66:E0:77:F4:BF:5E:CD:B0:D0:7B:8A:D3:5A:A2
Certificate issuer:       /CN=218af26f9a36653f4d996719d4a410fe84af4861
Certificate serial:       0195610DA8AED3ACAEC9BFF0C2EDEC4348B5
Authority key identifier: 21:8A:F2:6F:9A:36:65:3F:4D:99:67:19:D4:A4:10:FE:84:AF:48:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/8aRFc9FMZuB39L9ezbDQe4rTWqI.roa
Signing time:             Tue 04 Mar 2025 12:07:19 +0000
ROA not before:           Tue 04 Mar 2025 12:07:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214932
IP address blocks:        188.95.14.0/23 maxlen: 23
                          2a14:40c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:61:0d:a8:ae:d3:ac:ae:c9:bf:f0:c2:ed:ec:43:48:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218af26f9a36653f4d996719d4a410fe84af4861
        Validity
            Not Before: Mar  4 12:07:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1a44573d14c66e077f4bf5ecdb0d07b8ad35aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1d:4f:37:de:87:ef:28:58:ec:60:85:e2:11:
                    70:9a:0a:7e:43:04:10:0a:ee:6a:dd:72:0c:9f:8c:
                    6f:14:92:a3:01:e9:a6:a3:f7:61:ba:2c:74:85:6a:
                    c3:36:32:31:05:64:10:ab:ad:c2:47:46:e9:4c:d8:
                    cd:6f:51:3e:25:63:a5:1b:8c:97:26:17:01:b7:c9:
                    79:d8:5f:d7:29:00:ce:3e:70:a7:b7:5b:26:95:44:
                    cb:15:04:58:23:83:4a:d2:d4:1d:59:14:d6:4d:97:
                    d8:55:44:8b:81:82:8f:2a:e0:86:3b:74:57:c3:49:
                    66:15:8a:f7:30:f6:25:00:04:98:5b:9b:44:d8:9a:
                    a3:b8:a6:a2:46:04:81:70:1f:b7:74:34:5c:ef:f1:
                    86:8d:cf:5e:be:a8:a0:db:ff:5c:06:76:38:b5:6e:
                    ef:ad:d1:48:e6:35:3e:8b:0d:94:c0:75:71:87:c0:
                    ad:f7:03:38:23:ed:37:0a:33:9d:3e:b8:12:ef:e2:
                    77:c5:64:f6:68:fb:4e:10:11:79:7f:55:fa:65:ab:
                    68:49:17:1a:f8:d0:d2:be:05:2e:69:4b:fa:76:6a:
                    7f:10:29:99:f1:63:74:d9:7d:8e:23:6e:4b:b9:87:
                    44:00:55:c0:ed:14:b9:a3:9a:53:b6:b4:27:7e:e7:
                    86:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A4:45:73:D1:4C:66:E0:77:F4:BF:5E:CD:B0:D0:7B:8A:D3:5A:A2
            X509v3 Authority Key Identifier:
                keyid:21:8A:F2:6F:9A:36:65:3F:4D:99:67:19:D4:A4:10:FE:84:AF:48:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/8aRFc9FMZuB39L9ezbDQe4rTWqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/3e41d5-c7f1-4637-b930-184586602887/1/IYryb5o2ZT9NmWcZ1KQQ_oSvSGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.14.0/23
                IPv6:
                  2a14:40c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:70:97:20:26:b7:c4:cd:60:cc:b6:ba:96:1f:53:65:19:47:
         d0:7d:5c:2f:88:19:e1:16:be:f4:5a:fa:95:d3:bf:ba:42:77:
         18:ca:20:8b:4c:70:7e:f1:1b:5d:e8:11:ff:b4:fe:7b:04:73:
         27:3e:74:a1:c0:39:ea:46:7c:b5:f1:40:91:92:55:3d:0e:b5:
         14:92:f3:62:0d:f3:1c:5b:a0:a9:db:73:db:84:27:7b:eb:11:
         f7:9a:b6:b8:49:16:2f:a9:3c:c2:ab:26:3f:76:9e:6d:9f:c0:
         73:b1:83:12:a7:be:b3:26:4e:db:76:b1:99:61:2d:9e:71:e9:
         04:61:10:d2:91:a0:31:ee:b3:e8:73:8f:34:25:9f:0a:15:c9:
         2b:f8:9b:76:d8:25:11:15:57:8f:39:e7:7c:a7:3d:60:b2:74:
         7f:16:ee:6c:5b:61:a7:1b:d9:0d:18:a7:d0:75:07:30:64:5e:
         93:64:dd:7e:f8:14:29:ba:24:e8:a1:71:8f:aa:d2:e1:ed:58:
         fc:a3:e9:ce:4b:7e:cf:34:40:60:d4:9c:f0:bd:38:cd:40:6b:
         a9:f2:e4:0d:08:c2:d3:99:9c:c6:d3:35:8c:b7:50:bc:84:1f:
         c0:89:b7:aa:2a:ed:a7:ca:33:fc:d2:e9:b5:e4:7e:a6:47:94:
         3b:c9:4e:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVhDaiu06yuyb/wwu3sQ0i1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOGFmMjZmOWEzNjY1M2Y0ZDk5NjcxOWQ0YTQxMGZlODRh
ZjQ4NjEwHhcNMjUwMzA0MTIwNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWE0NDU3M2QxNGM2NmUwNzdmNGJmNWVjZGIwZDA3YjhhZDM1YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB1PN96H7yhY7GCF4hFwmgp+QwQQ
Cu5q3XIMn4xvFJKjAemmo/dhuix0hWrDNjIxBWQQq63CR0bpTNjNb1E+JWOlG4yX
JhcBt8l52F/XKQDOPnCnt1smlUTLFQRYI4NK0tQdWRTWTZfYVUSLgYKPKuCGO3RX
w0lmFYr3MPYlAASYW5tE2JqjuKaiRgSBcB+3dDRc7/GGjc9evqig2/9cBnY4tW7v
rdFI5jU+iw2UwHVxh8Ct9wM4I+03CjOdPrgS7+J3xWT2aPtOEBF5f1X6ZatoSRca
+NDSvgUuaUv6dmp/ECmZ8WN02X2OI25LuYdEAFXA7RS5o5pTtrQnfueGVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPGkRXPRTGbgd/S/Xs2w0HuK01qiMB8GA1UdIwQY
MBaAFCGK8m+aNmU/TZlnGdSkEP6Er0hhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlyeWI1bzJaVDlObVdjWjFLUVFfb1N2U0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zZTQxZDUtYzdmMS00NjM3LWI5MzAt
MTg0NTg2NjAyODg3LzEvOGFSRmM5Rk1adUIzOUw5ZXpiRFFlNHJUV3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zZTQxZDUtYzdmMS00NjM3LWI5MzAtMTg0NTg2NjAyODg3
LzEvSVlyeWI1bzJaVDlObVdjWjFLUVFfb1N2U0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBvF8OMA0E
AgACMAcDBQMqFEDAMA0GCSqGSIb3DQEBCwUAA4IBAQBEcJcgJrfEzWDMtrqWH1Nl
GUfQfVwviBnhFr70WvqV07+6QncYyiCLTHB+8Rtd6BH/tP57BHMnPnShwDnqRny1
8UCRklU9DrUUkvNiDfMcW6Cp23PbhCd76xH3mra4SRYvqTzCqyY/dp5tn8BzsYMS
p76zJk7bdrGZYS2ecekEYRDSkaAx7rPoc480JZ8KFckr+Jt22CURFVePOed8pz1g
snR/Fu5sW2GnG9kNGKfQdQcwZF6TZN1++BQpuiTooXGPqtLh7Vj8o+nOS37PNEBg
1JzwvTjNQGup8uQNCMLTmZzG0zWMt1C8hB/AibeqKu2nyjP80um15H6mR5Q7yU52
-----END CERTIFICATE-----