Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/8SNIPJlJXNItZIA2GR0OXYDa_i8.roa
File:                     8SNIPJlJXNItZIA2GR0OXYDa_i8.roa (raw, json)
Hash identifier:          aeM9z7aE9fQDO6RpZPSWesAItm3ODAcugSKxcWZxiRA=
Subject key identifier:   F1:23:48:3C:99:49:5C:D2:2D:64:80:36:19:1D:0E:5D:80:DA:FE:2F
Certificate issuer:       /CN=6a366fdfcaa20e80e8bfc330a4d8b1be7de6a1d0
Certificate serial:       019423D6D7BD59C5DBAA7A2AD73D47758DC1
Authority key identifier: 6A:36:6F:DF:CA:A2:0E:80:E8:BF:C3:30:A4:D8:B1:BE:7D:E6:A1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/8SNIPJlJXNItZIA2GR0OXYDa_i8.roa
Signing time:             Wed 01 Jan 2025 21:47:50 +0000
ROA not before:           Wed 01 Jan 2025 21:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.60.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d7:bd:59:c5:db:aa:7a:2a:d7:3d:47:75:8d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a366fdfcaa20e80e8bfc330a4d8b1be7de6a1d0
        Validity
            Not Before: Jan  1 21:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f123483c99495cd22d648036191d0e5d80dafe2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:01:a3:bd:ca:a6:d4:60:86:ff:d6:df:03:e5:
                    b5:95:c5:27:96:cc:5b:5b:11:17:ac:5f:7d:48:54:
                    ca:e3:3b:2e:02:f9:5f:ac:ff:60:aa:fa:f1:50:8a:
                    7f:d8:3c:ca:e5:1e:fb:71:e5:2f:a1:53:45:80:ac:
                    a3:b5:05:c3:39:6c:52:0e:9a:3a:8b:da:24:80:e2:
                    98:03:75:8e:cd:70:4e:08:86:0c:3d:0a:39:3d:b6:
                    ee:14:2b:62:34:4d:02:c6:75:ef:54:34:ae:5c:3a:
                    36:b0:ed:d6:8a:3b:5d:a6:d4:2f:73:fe:66:6f:ea:
                    36:d2:d9:df:a8:af:39:b9:c3:23:e5:1b:56:cf:4b:
                    ea:c5:37:9b:d6:eb:13:f2:3c:2c:37:78:ca:85:96:
                    74:f7:e7:10:09:b4:b9:aa:9d:e9:17:24:b5:37:3e:
                    ba:52:e9:69:ee:c4:18:9e:0e:dd:64:f1:61:51:cd:
                    92:8b:e5:ad:24:22:be:ec:89:0d:2d:25:9b:35:dd:
                    43:7e:52:8e:d9:6b:6d:53:55:96:4c:c2:ca:e3:83:
                    c2:d3:a7:06:fb:8b:81:12:aa:ae:33:ac:b2:1c:9a:
                    ef:85:28:e0:40:87:d7:18:d6:22:73:89:9f:b0:07:
                    f0:21:10:fe:5f:45:49:ae:35:25:66:27:4d:c7:a5:
                    81:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:23:48:3C:99:49:5C:D2:2D:64:80:36:19:1D:0E:5D:80:DA:FE:2F
            X509v3 Authority Key Identifier:
                keyid:6A:36:6F:DF:CA:A2:0E:80:E8:BF:C3:30:A4:D8:B1:BE:7D:E6:A1:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajZv38qiDoDov8MwpNixvn3modA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/8SNIPJlJXNItZIA2GR0OXYDa_i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8c4ec4-d637-4d3f-9de8-05559c1f5915/1/ajZv38qiDoDov8MwpNixvn3modA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:27:8b:77:49:ba:b9:1e:e1:bd:c5:e3:aa:e1:a0:df:2a:1f:
         2b:f0:5f:3a:ec:7e:26:b4:0e:a2:52:52:6b:70:65:d2:74:01:
         00:f4:02:f5:18:a3:fe:ff:24:a3:27:37:f8:ea:19:55:15:c3:
         e6:79:a7:41:13:ad:4e:ef:d4:e0:0e:60:02:a1:62:b2:7e:c0:
         32:62:e2:00:b8:5b:80:6b:6b:6e:27:34:08:4a:79:68:cf:ae:
         7c:4e:13:5f:a5:4b:fd:bd:b3:5c:54:7d:8d:7b:6a:00:09:24:
         ae:a3:cd:77:b1:2a:49:ff:5d:3f:d3:68:86:f0:8e:a3:2d:4c:
         7e:01:d4:ad:a9:5c:f7:d4:06:fb:12:8b:a8:78:9d:d4:b2:3f:
         29:ef:97:e1:2f:93:79:98:25:6d:ad:a6:11:b9:e3:85:bd:40:
         67:c5:3e:11:d5:08:3f:90:df:d6:9f:f8:7d:1d:47:37:41:23:
         9d:f2:80:83:e0:b0:70:96:3d:e9:52:c0:1f:44:a4:c3:ff:13:
         cd:6c:a5:48:06:e9:27:30:ed:69:9b:56:9d:e2:ff:f1:0d:32:
         f9:7e:ca:97:c3:e0:7f:d5:d5:8c:b4:66:41:12:09:13:62:cf:
         05:7e:1f:dd:63:75:7c:2b:fa:0f:86:99:3f:78:c4:b3:1d:30:
         5d:f1:47:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1te9WcXbqnoq1z1HdY3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMzY2ZmRmY2FhMjBlODBlOGJmYzMzMGE0ZDhiMWJlN2Rl
NmExZDAwHhcNMjUwMTAxMjE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTIzNDgzYzk5NDk1Y2QyMmQ2NDgwMzYxOTFkMGU1ZDgwZGFmZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AGjvcqm1GCG/9bfA+W1lcUnlsxb
WxEXrF99SFTK4zsuAvlfrP9gqvrxUIp/2DzK5R77ceUvoVNFgKyjtQXDOWxSDpo6
i9okgOKYA3WOzXBOCIYMPQo5PbbuFCtiNE0CxnXvVDSuXDo2sO3WijtdptQvc/5m
b+o20tnfqK85ucMj5RtWz0vqxTeb1usT8jwsN3jKhZZ09+cQCbS5qp3pFyS1Nz66
Uulp7sQYng7dZPFhUc2Si+WtJCK+7IkNLSWbNd1DflKO2WttU1WWTMLK44PC06cG
+4uBEqquM6yyHJrvhSjgQIfXGNYic4mfsAfwIRD+X0VJrjUlZidNx6WBmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEjSDyZSVzSLWSANhkdDl2A2v4vMB8GA1UdIwQY
MBaAFGo2b9/Kog6A6L/DMKTYsb595qHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWpadjM4cWlEb0RvdjhNd3BOaXh2bjNtb2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84YzRlYzQtZDYzNy00ZDNmLTlkZTgt
MDU1NTljMWY1OTE1LzEvOFNOSVBKbEpYTkl0WklBMkdSME9YWURhX2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84YzRlYzQtZDYzNy00ZDNmLTlkZTgtMDU1NTljMWY1OTE1
LzEvYWpadjM4cWlEb0RvdjhNd3BOaXh2bjNtb2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjz8MA0G
CSqGSIb3DQEBCwUAA4IBAQBEJ4t3Sbq5HuG9xeOq4aDfKh8r8F867H4mtA6iUlJr
cGXSdAEA9AL1GKP+/ySjJzf46hlVFcPmeadBE61O79TgDmACoWKyfsAyYuIAuFuA
a2tuJzQISnloz658ThNfpUv9vbNcVH2Ne2oACSSuo813sSpJ/10/02iG8I6jLUx+
AdStqVz31Ab7EouoeJ3Usj8p75fhL5N5mCVtraYRueOFvUBnxT4R1Qg/kN/Wn/h9
HUc3QSOd8oCD4LBwlj3pUsAfRKTD/xPNbKVIBuknMO1pm1ad4v/xDTL5fsqXw+B/
1dWMtGZBEgkTYs8Ffh/dY3V8K/oPhpk/eMSzHTBd8UcX
-----END CERTIFICATE-----