Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/rJRxxRneTTHrBiouHAwe-Vj2hOM.roa
File:                     rJRxxRneTTHrBiouHAwe-Vj2hOM.roa (raw, json)
Hash identifier:          pnxg6ZPXerYJRTKN22NAobx2yMJvSslv4M+/PffiHGo=
Subject key identifier:   AC:94:71:C5:19:DE:4D:31:EB:06:2A:2E:1C:0C:1E:F9:58:F6:84:E3
Certificate issuer:       /CN=64a7a6cd583814d393bee2635b545574cc75620c
Certificate serial:       019427484060E70E657BDC1E629457A9D778
Authority key identifier: 64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/rJRxxRneTTHrBiouHAwe-Vj2hOM.roa
Signing time:             Thu 02 Jan 2025 13:50:33 +0000
ROA not before:           Thu 02 Jan 2025 13:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51554
IP address blocks:        185.157.8.0/22 maxlen: 22
                          185.157.8.0/23 maxlen: 23
                          185.157.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:40:60:e7:0e:65:7b:dc:1e:62:94:57:a9:d7:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a7a6cd583814d393bee2635b545574cc75620c
        Validity
            Not Before: Jan  2 13:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac9471c519de4d31eb062a2e1c0c1ef958f684e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e4:37:4a:3c:39:02:e2:67:f1:b4:d6:f4:b6:
                    ff:2e:f3:37:b3:d7:0b:83:39:2d:1b:fc:f0:bb:8e:
                    08:67:fd:22:51:d3:6f:4e:1f:1a:89:a8:ef:f2:e4:
                    8d:a3:ce:8a:bc:3d:fc:42:c8:8d:12:39:81:8f:e0:
                    f0:13:22:06:98:97:99:31:b3:cf:fe:31:e6:50:13:
                    c8:b7:4d:d9:1b:5b:04:c9:ab:89:63:52:3e:b9:8a:
                    0c:4b:11:b2:ae:98:bd:d3:c6:02:2f:7f:f1:ef:d5:
                    46:51:2d:6f:73:00:85:25:01:13:6e:74:36:61:34:
                    35:ea:50:01:8d:93:77:20:e7:63:d9:73:1e:de:41:
                    df:6d:c6:7a:1c:4a:db:6e:43:e3:06:e0:42:b2:ca:
                    42:bc:6d:49:55:2c:66:20:db:7b:cf:41:e5:30:dc:
                    a1:42:f5:ca:c0:7b:59:64:f8:ef:f6:08:e1:31:f4:
                    bf:2f:8f:a0:f3:20:1e:2d:cf:0b:83:c6:ce:14:68:
                    27:d6:36:e8:3f:2e:d6:58:4a:77:4e:c1:fe:fb:26:
                    ba:17:7b:bb:e8:d8:64:c6:fc:49:f7:aa:93:4b:35:
                    05:25:03:03:87:94:05:39:dd:8f:c1:e8:7e:6b:66:
                    8d:ff:96:75:f4:68:cb:13:fa:29:c3:78:e8:51:78:
                    e1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:94:71:C5:19:DE:4D:31:EB:06:2A:2E:1C:0C:1E:F9:58:F6:84:E3
            X509v3 Authority Key Identifier:
                keyid:64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/rJRxxRneTTHrBiouHAwe-Vj2hOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:55:7d:01:f1:7a:82:b8:59:bd:99:15:59:8f:94:8a:7d:e7:
         ef:e8:ce:6c:8e:bc:48:81:f0:13:6b:7e:d9:c7:b7:13:cf:b7:
         cc:55:68:b1:35:83:c6:2a:6f:e3:a8:58:ed:3e:24:ec:a5:cc:
         81:43:d8:4c:d6:d3:f3:15:84:90:79:fe:76:9c:35:f7:85:aa:
         c0:a8:f3:77:4b:b7:09:9e:2e:d4:29:19:80:5b:35:ef:65:85:
         52:5a:ef:25:45:90:e6:38:e1:a1:3c:7a:1a:48:dc:e4:c5:17:
         b2:6e:26:6f:00:36:f9:43:60:5c:fd:fd:00:76:64:77:b9:df:
         12:dc:c2:7c:70:ab:a1:af:3a:a5:59:b9:aa:57:11:76:d6:41:
         69:96:36:4e:d7:0d:fe:69:a2:fa:b1:71:22:d9:03:2a:45:a4:
         b1:2c:19:4b:6c:0b:13:5c:26:b4:f6:1d:17:36:2d:93:1e:87:
         53:92:7d:21:e8:5c:01:a2:b2:55:d6:2a:78:3d:97:5f:85:d6:
         17:ba:37:54:bf:c2:b0:d4:c1:11:03:8e:9b:35:f8:f7:1b:40:
         3c:62:9c:6f:d5:87:06:8e:c0:56:fd:9d:8b:2b:96:3b:11:0d:
         4a:bf:63:88:d7:0f:24:12:74:90:4f:3e:bb:37:26:ea:a4:43:
         1e:b0:2c:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEBg5w5le9weYpRXqdd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTdhNmNkNTgzODE0ZDM5M2JlZTI2MzViNTQ1NTc0Y2M3
NTYyMGMwHhcNMjUwMTAyMTM1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk0NzFjNTE5ZGU0ZDMxZWIwNjJhMmUxYzBjMWVmOTU4ZjY4NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOQ3Sjw5AuJn8bTW9Lb/LvM3s9cL
gzktG/zwu44IZ/0iUdNvTh8aiajv8uSNo86KvD38QsiNEjmBj+DwEyIGmJeZMbPP
/jHmUBPIt03ZG1sEyauJY1I+uYoMSxGyrpi908YCL3/x79VGUS1vcwCFJQETbnQ2
YTQ16lABjZN3IOdj2XMe3kHfbcZ6HErbbkPjBuBCsspCvG1JVSxmINt7z0HlMNyh
QvXKwHtZZPjv9gjhMfS/L4+g8yAeLc8Lg8bOFGgn1jboPy7WWEp3TsH++ya6F3u7
6NhkxvxJ96qTSzUFJQMDh5QFOd2Pweh+a2aN/5Z19GjLE/opw3joUXjhUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyUccUZ3k0x6wYqLhwMHvlY9oTjMB8GA1UdIwQY
MBaAFGSnps1YOBTTk77iY1tUVXTMdWIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktlbXpWZzRGTk9UdnVKalcxUlZkTXgxWWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84ZDZmMWEtZDMzNC00MThmLWI3MjYt
NmY1ZDhhNzRhMGU0LzEvckpSeHhSbmVUVEhyQmlvdUhBd2UtVmoyaE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84ZDZmMWEtZDMzNC00MThmLWI3MjYtNmY1ZDhhNzRhMGU0
LzEvWktlbXpWZzRGTk9UdnVKalcxUlZkTXgxWWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ0IMA0G
CSqGSIb3DQEBCwUAA4IBAQBkVX0B8XqCuFm9mRVZj5SKfefv6M5sjrxIgfATa37Z
x7cTz7fMVWixNYPGKm/jqFjtPiTspcyBQ9hM1tPzFYSQef52nDX3harAqPN3S7cJ
ni7UKRmAWzXvZYVSWu8lRZDmOOGhPHoaSNzkxReybiZvADb5Q2Bc/f0AdmR3ud8S
3MJ8cKuhrzqlWbmqVxF21kFpljZO1w3+aaL6sXEi2QMqRaSxLBlLbAsTXCa09h0X
Ni2THodTkn0h6FwBorJV1ip4PZdfhdYXujdUv8Kw1MERA46bNfj3G0A8Ypxv1YcG
jsBW/Z2LK5Y7EQ1Kv2OI1w8kEnSQTz67NybqpEMesCwJ
-----END CERTIFICATE-----