Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/8vBgPIPGmSaFUWOlpF2CMGdNQQc.roa
File:                     8vBgPIPGmSaFUWOlpF2CMGdNQQc.roa (raw, json)
Hash identifier:          /PWcEdJnMn2bKRLWHgFiLBb1+zXw/blECB/hDNGzIwY=
Subject key identifier:   F2:F0:60:3C:83:C6:99:26:85:51:63:A5:A4:5D:82:30:67:4D:41:07
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       0196CE04E95707DCDA482E8593C1D094129E
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/8vBgPIPGmSaFUWOlpF2CMGdNQQc.roa
Signing time:             Wed 14 May 2025 08:59:10 +0000
ROA not before:           Wed 14 May 2025 08:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51335
IP address blocks:        194.213.124.0/23 maxlen: 23
                          2001:67c:10f0::/48 maxlen: 48
                          2a02:68c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:04:e9:57:07:dc:da:48:2e:85:93:c1:d0:94:12:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: May 14 08:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2f0603c83c69926855163a5a45d8230674d4107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:e3:99:2a:36:d3:e2:70:e4:ab:f3:58:5b:
                    4c:05:d6:74:29:66:4a:f2:33:12:b0:a9:83:5b:b6:
                    d3:ec:94:9a:6d:9e:44:ed:e1:41:0e:58:cb:e2:4e:
                    8b:b4:1c:00:6c:b3:28:75:0c:bc:9f:dc:5b:87:0d:
                    e1:18:6a:75:96:bb:08:f5:e7:1d:b6:a8:b4:9e:de:
                    df:2b:ce:78:35:3a:15:60:f7:91:4c:00:c1:8a:51:
                    5b:64:7c:ed:a5:2d:26:3d:8a:f9:3a:c9:0c:ff:35:
                    45:12:3f:0a:9a:3b:4d:ad:6c:70:c1:12:d8:80:bc:
                    38:89:05:be:fe:a9:c7:93:52:1f:69:d2:f2:9c:ec:
                    23:2e:eb:98:02:ff:86:e3:07:9c:94:a6:c9:0a:b2:
                    01:db:96:2d:1c:b5:02:a6:b1:87:82:6d:90:48:d7:
                    00:20:f9:a3:91:2b:49:6d:de:d5:37:1f:4d:13:2f:
                    4f:90:73:10:de:ef:52:8b:4b:18:2c:b0:24:a8:74:
                    40:6e:9b:7a:08:b6:a8:01:86:06:73:6e:6d:4d:4f:
                    c4:8a:ac:03:d4:09:52:b1:19:80:47:72:bd:81:02:
                    ef:f6:e0:b6:2d:eb:e8:69:7b:2b:f5:38:c6:b2:44:
                    12:26:5b:72:92:e9:13:1e:ce:41:99:3a:b8:40:ce:
                    ac:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F0:60:3C:83:C6:99:26:85:51:63:A5:A4:5D:82:30:67:4D:41:07
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/8vBgPIPGmSaFUWOlpF2CMGdNQQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.124.0/23
                IPv6:
                  2001:67c:10f0::/48
                  2a02:68c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:ce:c8:8d:32:bf:a2:ec:74:5d:d8:51:ee:e3:34:68:1f:e4:
         c8:2f:ef:0f:79:2d:c4:58:d6:10:27:9a:6d:9a:72:7c:11:e5:
         2c:34:2c:ea:a7:a4:7d:78:34:f2:45:10:0e:5c:62:b7:a9:97:
         bc:98:15:33:23:48:4b:13:9f:ba:10:30:02:94:a6:b4:25:4a:
         84:ce:d2:2b:a5:50:16:89:e4:1d:15:7e:06:98:09:9d:95:16:
         90:02:09:b9:af:b1:ba:34:b8:ff:11:fe:a4:6d:2d:d6:0f:f0:
         17:c4:29:63:c1:4a:4b:12:fe:4b:8b:17:7b:22:91:0c:30:4c:
         ed:ec:0a:35:d9:a0:12:43:4f:5e:e6:fc:0b:86:e9:02:9e:6d:
         91:12:4e:7b:dc:73:7a:1a:be:13:04:26:8a:0f:24:66:ff:48:
         cf:f5:68:16:0b:b3:1d:7a:84:f7:58:d3:f4:5c:d5:fa:28:ab:
         07:48:14:2a:91:98:00:69:76:6e:d0:88:95:df:30:18:4b:e2:
         4a:1f:58:9b:ce:b3:fd:6a:4f:ed:74:92:31:0d:d2:32:60:4b:
         59:05:e7:2d:66:1a:a7:1d:67:46:32:d3:51:77:fb:e3:c3:bb:
         c0:e4:ae:db:c9:fd:0a:fe:c6:67:c3:ba:a4:de:37:62:d6:f6:
         f8:50:f8:52
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZbOBOlXB9zaSC6Fk8HQlBKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjUwNTE0MDg1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmYwNjAzYzgzYzY5OTI2ODU1MTYzYTVhNDVkODIzMDY3NGQ0MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDjjmSo20+Jw5KvzWFtMBdZ0KWZK
8jMSsKmDW7bT7JSabZ5E7eFBDljL4k6LtBwAbLModQy8n9xbhw3hGGp1lrsI9ecd
tqi0nt7fK854NToVYPeRTADBilFbZHztpS0mPYr5OskM/zVFEj8KmjtNrWxwwRLY
gLw4iQW+/qnHk1IfadLynOwjLuuYAv+G4weclKbJCrIB25YtHLUCprGHgm2QSNcA
IPmjkStJbd7VNx9NEy9PkHMQ3u9Si0sYLLAkqHRAbpt6CLaoAYYGc25tTU/EiqwD
1AlSsRmAR3K9gQLv9uC2LevoaXsr9TjGskQSJltykukTHs5BmTq4QM6sDwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPLwYDyDxpkmhVFjpaRdgjBnTUEHMB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEvOHZCZ1BJUEdtU2FGVVdPbHBGMkNNR2ROUVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQBwtV8MBYE
AgACMBADBwAgAQZ8EPADBQAqAmjAMA0GCSqGSIb3DQEBCwUAA4IBAQCUzsiNMr+i
7HRd2FHu4zRoH+TIL+8PeS3EWNYQJ5ptmnJ8EeUsNCzqp6R9eDTyRRAOXGK3qZe8
mBUzI0hLE5+6EDAClKa0JUqEztIrpVAWieQdFX4GmAmdlRaQAgm5r7G6NLj/Ef6k
bS3WD/AXxCljwUpLEv5Lixd7IpEMMEzt7Ao12aASQ09e5vwLhukCnm2REk573HN6
Gr4TBCaKDyRm/0jP9WgWC7MdeoT3WNP0XNX6KKsHSBQqkZgAaXZu0IiV3zAYS+JK
H1ibzrP9ak/tdJIxDdIyYEtZBectZhqnHWdGMtNRd/vjw7vA5K7byf0K/sZnw7qk
3jdi1vb4UPhS
-----END CERTIFICATE-----