Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/i4oHHr7QoLRkX2L5k7_iAuLMT_Q.roa
File:                     i4oHHr7QoLRkX2L5k7_iAuLMT_Q.roa (raw, json)
Hash identifier:          sNqZJYhGCiiJo109TNraRAFi9QHkwq9nqRXPSGFVeas=
Subject key identifier:   8B:8A:07:1E:BE:D0:A0:B4:64:5F:62:F9:93:BF:E2:02:E2:CC:4F:F4
Certificate issuer:       /CN=e86fc9f927947aa48983b027cf3de38475b053d3
Certificate serial:       01941FFA6F0EC03694E495CD9E8863E8246E
Authority key identifier: E8:6F:C9:F9:27:94:7A:A4:89:83:B0:27:CF:3D:E3:84:75:B0:53:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6G_J-SeUeqSJg7Anzz3jhHWwU9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/i4oHHr7QoLRkX2L5k7_iAuLMT_Q.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50123
IP address blocks:        194.247.180.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/6G_J-SeUeqSJg7Anzz3jhHWwU9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/6G_J-SeUeqSJg7Anzz3jhHWwU9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6G_J-SeUeqSJg7Anzz3jhHWwU9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6f:0e:c0:36:94:e4:95:cd:9e:88:63:e8:24:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e86fc9f927947aa48983b027cf3de38475b053d3
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b8a071ebed0a0b4645f62f993bfe202e2cc4ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d8:d7:6e:17:64:08:f7:2b:b5:75:65:aa:a1:
                    76:8f:43:73:04:82:b2:fd:2c:4c:e8:a8:26:89:dd:
                    c6:40:7a:95:db:94:6f:1f:a2:dd:8a:6f:47:03:14:
                    80:c8:9c:4a:73:33:23:27:bf:5c:5b:e1:23:2f:8c:
                    a6:36:7c:29:b6:71:b4:a3:32:a5:6d:d0:5c:d0:06:
                    c8:87:9d:ba:68:0c:e0:e1:69:af:cb:41:fe:65:fd:
                    ab:f4:4e:3f:42:06:b9:74:84:09:7a:e3:66:83:05:
                    e7:d3:25:60:64:00:df:dc:e2:53:fd:ab:6c:1b:e4:
                    7c:0a:b4:b4:bf:34:10:91:c6:77:86:c8:fc:21:45:
                    24:55:4e:b4:e5:e6:1c:d7:d0:65:d8:e6:40:40:89:
                    8d:c0:e8:19:1a:33:5c:4d:0e:2c:15:3f:5e:96:fc:
                    2b:90:4e:8a:b0:b7:d8:d4:54:6b:2c:e8:62:8e:74:
                    d2:89:0d:d0:1f:42:fe:a9:68:f3:cb:2a:59:7d:ae:
                    b2:a2:4d:7d:8c:aa:9f:99:fc:e5:4e:8c:78:71:c1:
                    48:89:15:bf:e5:8c:64:70:a9:8b:4f:16:42:66:7f:
                    bf:bb:0a:e6:05:6e:ee:1c:47:bb:df:91:3f:a9:30:
                    39:e1:29:31:7c:b0:85:5c:5a:76:dc:a4:28:ff:6f:
                    b2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8A:07:1E:BE:D0:A0:B4:64:5F:62:F9:93:BF:E2:02:E2:CC:4F:F4
            X509v3 Authority Key Identifier:
                keyid:E8:6F:C9:F9:27:94:7A:A4:89:83:B0:27:CF:3D:E3:84:75:B0:53:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6G_J-SeUeqSJg7Anzz3jhHWwU9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/i4oHHr7QoLRkX2L5k7_iAuLMT_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/bc9563-8ff9-4e95-8e7e-13b4c0d0aae1/1/6G_J-SeUeqSJg7Anzz3jhHWwU9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:db:a4:b9:27:53:f9:7d:b1:7b:27:d5:78:e7:81:fc:de:c5:
         64:60:a7:64:f3:ad:b6:eb:76:11:45:32:20:c0:73:60:96:80:
         26:ee:92:b2:9a:a5:c6:d1:4f:e6:bb:3e:36:d4:18:b1:3a:e1:
         d9:38:8d:e4:29:34:c0:a5:27:72:8c:fe:95:1b:3b:4e:b5:4f:
         ea:5a:f3:4a:3f:04:96:c2:e0:1d:f6:b3:09:b8:fc:c8:00:94:
         4f:29:10:35:f1:07:a8:32:34:50:07:80:ee:78:64:1b:74:4b:
         71:fa:dd:00:d5:dd:82:53:70:f2:38:ab:b7:3a:28:08:fd:ce:
         f1:5a:a6:02:b0:be:cf:af:ac:b2:b9:6f:f2:fa:c4:ad:d2:c6:
         68:cb:fe:fe:70:a5:25:26:0b:57:fd:69:4a:52:81:c4:9b:c7:
         6b:82:cf:27:bc:19:93:d1:a7:2a:72:53:bf:45:50:d4:74:0b:
         3b:3c:dd:48:cb:9c:97:9a:ae:c5:49:d9:10:e9:ff:5e:26:56:
         3f:ef:c0:83:1d:15:f8:fd:6e:3e:66:7e:be:6d:aa:95:92:d6:
         7c:e5:ea:70:08:b8:8d:d9:e2:9e:b5:54:7f:1b:4b:4f:5a:fe:
         1d:3c:36:01:b8:10:e5:8c:ad:c0:df:75:d5:c4:35:fb:42:4c:
         4f:e5:69:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+m8OwDaU5JXNnohj6CRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NmZjOWY5Mjc5NDdhYTQ4OTgzYjAyN2NmM2RlMzg0NzVi
MDUzZDMwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhhMDcxZWJlZDBhMGI0NjQ1ZjYyZjk5M2JmZTIwMmUyY2M0ZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtjXbhdkCPcrtXVlqqF2j0NzBIKy
/SxM6Kgmid3GQHqV25RvH6Ldim9HAxSAyJxKczMjJ79cW+EjL4ymNnwptnG0ozKl
bdBc0AbIh526aAzg4Wmvy0H+Zf2r9E4/Qga5dIQJeuNmgwXn0yVgZADf3OJT/ats
G+R8CrS0vzQQkcZ3hsj8IUUkVU605eYc19Bl2OZAQImNwOgZGjNcTQ4sFT9elvwr
kE6KsLfY1FRrLOhijnTSiQ3QH0L+qWjzyypZfa6yok19jKqfmfzlTox4ccFIiRW/
5YxkcKmLTxZCZn+/uwrmBW7uHEe735E/qTA54SkxfLCFXFp23KQo/2+yXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuKBx6+0KC0ZF9i+ZO/4gLizE/0MB8GA1UdIwQY
MBaAFOhvyfknlHqkiYOwJ88944R1sFPTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkdfSi1TZVVlcVNKZzdBbnp6M2poSFd3VTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9iYzk1NjMtOGZmOS00ZTk1LThlN2Ut
MTNiNGMwZDBhYWUxLzEvaTRvSEhyN1FvTFJrWDJMNWs3X2lBdUxNVF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9iYzk1NjMtOGZmOS00ZTk1LThlN2UtMTNiNGMwZDBhYWUx
LzEvNkdfSi1TZVVlcVNKZzdBbnp6M2poSFd3VTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwve0MA0G
CSqGSIb3DQEBCwUAA4IBAQA826S5J1P5fbF7J9V454H83sVkYKdk862263YRRTIg
wHNgloAm7pKymqXG0U/muz421BixOuHZOI3kKTTApSdyjP6VGztOtU/qWvNKPwSW
wuAd9rMJuPzIAJRPKRA18QeoMjRQB4DueGQbdEtx+t0A1d2CU3DyOKu3OigI/c7x
WqYCsL7Pr6yyuW/y+sSt0sZoy/7+cKUlJgtX/WlKUoHEm8drgs8nvBmT0acqclO/
RVDUdAs7PN1Iy5yXmq7FSdkQ6f9eJlY/78CDHRX4/W4+Zn6+baqVktZ85epwCLiN
2eKetVR/G0tPWv4dPDYBuBDljK3A33XVxDX7QkxP5Wn1
-----END CERTIFICATE-----