Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/8hRBXjeqaNVqsRXwD3teVm2IptQ.roa
File:                     8hRBXjeqaNVqsRXwD3teVm2IptQ.roa (raw, json)
Hash identifier:          7trj/DN0w0nR+thBLV8DeXduqLYmWtu9yjYZdu4vyJw=
Subject key identifier:   F2:14:41:5E:37:AA:68:D5:6A:B1:15:F0:0F:7B:5E:56:6D:88:A6:D4
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019422FC436833C231C723FDB9F20D87EDFD
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/8hRBXjeqaNVqsRXwD3teVm2IptQ.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48753
IP address blocks:        193.84.71.0/24 maxlen: 24
                          195.20.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 08:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:43:68:33:c2:31:c7:23:fd:b9:f2:0d:87:ed:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f214415e37aa68d56ab115f00f7b5e566d88a6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ca:39:c2:2f:c3:86:c3:cf:7c:d4:bf:ad:c6:
                    8e:99:2f:49:82:7d:1a:69:c7:dc:31:40:97:5b:0a:
                    44:69:b5:d3:5b:16:f1:98:c6:a4:4c:7d:3d:03:69:
                    96:16:28:d4:92:cb:72:80:eb:49:bd:63:8a:3c:8a:
                    dc:2d:3f:b9:9a:50:b0:47:b6:d8:4f:7f:1c:1b:01:
                    72:1b:5e:0c:0e:f2:c6:23:3d:37:ac:46:1e:b8:c3:
                    68:ac:24:76:f5:6c:e4:ac:8e:44:fd:53:fe:68:35:
                    2f:65:0d:56:b0:3d:12:82:56:02:46:da:43:eb:5e:
                    21:03:7d:ed:8f:ad:f4:c4:a9:ef:ab:82:34:17:9b:
                    57:68:98:d9:1d:31:0c:9c:cb:0f:37:c7:64:11:4f:
                    66:c0:46:41:23:db:f4:60:d6:0e:43:84:d7:cb:66:
                    54:4c:3b:47:91:5c:60:b5:63:75:00:ca:b5:82:82:
                    ce:b8:9f:63:9f:24:c7:cf:b9:c4:06:85:65:81:5d:
                    94:53:81:1f:6a:e6:77:78:ef:4c:fb:bc:50:5c:a2:
                    35:bb:b1:f5:37:52:7a:b7:c7:fd:96:33:c5:8f:9e:
                    8c:e4:96:16:80:a3:c3:3c:2b:8d:d7:14:7f:15:8e:
                    f1:5e:c7:58:db:31:20:f1:51:01:fd:39:3c:a9:45:
                    6b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:14:41:5E:37:AA:68:D5:6A:B1:15:F0:0F:7B:5E:56:6D:88:A6:D4
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/8hRBXjeqaNVqsRXwD3teVm2IptQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.71.0/24
                  195.20.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:f7:f6:5c:b9:97:2e:e8:e2:6e:4b:27:af:5b:d7:2f:33:25:
         16:59:58:2c:ba:c8:dc:b5:da:ca:28:10:68:37:be:ae:d2:fd:
         72:f1:1d:35:70:85:9b:75:1d:d6:87:17:97:6d:9f:67:2f:78:
         7c:1e:48:7b:5f:82:24:be:b7:08:5d:36:dd:17:45:e4:6a:aa:
         c4:03:00:5a:0a:ee:50:f8:fd:58:ff:b2:fe:05:22:c4:bf:3a:
         ca:57:c6:aa:2b:6c:7c:89:35:a9:2a:9d:59:2e:30:cb:3e:94:
         a1:87:2f:1f:fe:dc:24:31:a5:94:f2:ab:a7:27:58:7d:6f:f7:
         b3:29:b7:c7:ab:6a:93:84:d8:78:c6:a3:df:c1:81:9b:1a:cc:
         b2:eb:db:46:02:8e:e1:da:38:89:84:d8:40:67:47:f4:fb:ff:
         8c:4b:c8:4b:2e:57:3c:8b:65:30:4c:5b:04:41:2b:e7:99:10:
         86:99:70:93:9e:19:4c:26:94:32:1b:80:a6:2c:06:9e:f0:7d:
         d1:f4:9a:fc:96:75:6b:c5:e1:7a:1f:4b:83:74:e7:73:bf:0c:
         61:ef:fb:80:ae:60:30:a3:2d:81:de:bf:a5:f5:16:09:0b:c7:
         69:59:cf:42:d4:26:ae:85:57:76:78:16:6b:86:d1:95:e0:84:
         7f:80:88:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/ENoM8IxxyP9ufINh+39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjE0NDE1ZTM3YWE2OGQ1NmFiMTE1ZjAwZjdiNWU1NjZkODhhNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8o5wi/DhsPPfNS/rcaOmS9Jgn0a
acfcMUCXWwpEabXTWxbxmMakTH09A2mWFijUkstygOtJvWOKPIrcLT+5mlCwR7bY
T38cGwFyG14MDvLGIz03rEYeuMNorCR29WzkrI5E/VP+aDUvZQ1WsD0SglYCRtpD
614hA33tj630xKnvq4I0F5tXaJjZHTEMnMsPN8dkEU9mwEZBI9v0YNYOQ4TXy2ZU
TDtHkVxgtWN1AMq1goLOuJ9jnyTHz7nEBoVlgV2UU4EfauZ3eO9M+7xQXKI1u7H1
N1J6t8f9ljPFj56M5JYWgKPDPCuN1xR/FY7xXsdY2zEg8VEB/Tk8qUVrAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPIUQV43qmjVarEV8A97XlZtiKbUMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvOGhSQlhqZXFhTlZxc1JYd0QzdGVWbTJJcHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwVRHAwQA
wxQSMA0GCSqGSIb3DQEBCwUAA4IBAQB59/ZcuZcu6OJuSyevW9cvMyUWWVgsusjc
tdrKKBBoN76u0v1y8R01cIWbdR3WhxeXbZ9nL3h8Hkh7X4IkvrcIXTbdF0XkaqrE
AwBaCu5Q+P1Y/7L+BSLEvzrKV8aqK2x8iTWpKp1ZLjDLPpShhy8f/twkMaWU8qun
J1h9b/ezKbfHq2qThNh4xqPfwYGbGsyy69tGAo7h2jiJhNhAZ0f0+/+MS8hLLlc8
i2UwTFsEQSvnmRCGmXCTnhlMJpQyG4CmLAae8H3R9Jr8lnVrxeF6H0uDdOdzvwxh
7/uArmAwoy2B3r+l9RYJC8dpWc9C1CauhVd2eBZrhtGV4IR/gIid
-----END CERTIFICATE-----