Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/CF8GaEatgxJbaKh474IjZo5fECA.roa
File:                     CF8GaEatgxJbaKh474IjZo5fECA.roa (raw, json)
Hash identifier:          jNeYnMymis49T6EQU4PdS7BLisDarhceBgl5yuJAqIM=
Subject key identifier:   08:5F:06:68:46:AD:83:12:5B:68:A8:78:EF:82:23:66:8E:5F:10:20
Certificate issuer:       /CN=7e566fff407f31c6ae856c3743ef3e5f22f8d35b
Certificate serial:       019423D71A17223E71F0C768E457857B8F50
Authority key identifier: 7E:56:6F:FF:40:7F:31:C6:AE:85:6C:37:43:EF:3E:5F:22:F8:D3:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flZv_0B_McauhWw3Q-8-XyL401s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/CF8GaEatgxJbaKh474IjZo5fECA.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61351
IP address blocks:        185.206.140.0/22 maxlen: 24
                          2a04:a240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/flZv_0B_McauhWw3Q-8-XyL401s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/flZv_0B_McauhWw3Q-8-XyL401s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flZv_0B_McauhWw3Q-8-XyL401s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1a:17:22:3e:71:f0:c7:68:e4:57:85:7b:8f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e566fff407f31c6ae856c3743ef3e5f22f8d35b
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085f066846ad83125b68a878ef8223668e5f1020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:58:b5:ea:18:a0:75:1a:ab:0f:e1:58:f0:
                    53:3d:80:02:96:c4:2a:06:2e:b9:ec:b5:50:3c:7b:
                    13:ce:72:f3:12:7b:f2:90:ba:56:de:12:05:9c:95:
                    59:3a:22:f9:9f:aa:73:9a:20:4f:4a:4b:8f:bd:25:
                    ef:97:e3:fb:39:8c:36:10:2c:72:25:49:64:c4:b3:
                    ae:cd:c7:f9:61:95:bb:94:88:ba:ac:d6:d0:8b:e4:
                    31:f4:85:58:cc:83:71:ed:80:89:bf:31:5f:cd:35:
                    29:97:ee:22:49:12:27:c0:d5:6b:ee:93:58:a1:38:
                    fc:2a:b2:bc:2c:36:cb:bd:da:15:e1:06:c0:f3:a6:
                    e5:cd:07:5d:fa:50:09:ed:67:f0:4c:71:2f:2f:b5:
                    33:d6:67:af:a5:e5:19:7c:49:38:20:89:28:76:1f:
                    99:13:69:32:b4:40:d2:9c:0a:0b:81:ca:86:81:da:
                    5e:f8:f7:44:f3:e4:a8:b2:ad:22:87:e7:49:84:5a:
                    80:81:0e:6f:6f:e2:73:cb:7b:1d:3d:cd:53:48:6d:
                    96:75:8f:b8:b9:b9:78:68:21:90:54:2d:79:c7:7d:
                    14:cf:44:36:90:97:a9:7d:dc:43:40:ef:22:88:d6:
                    c1:ac:0e:bd:b8:cf:4d:85:f9:5a:30:f9:71:6c:07:
                    1a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5F:06:68:46:AD:83:12:5B:68:A8:78:EF:82:23:66:8E:5F:10:20
            X509v3 Authority Key Identifier:
                keyid:7E:56:6F:FF:40:7F:31:C6:AE:85:6C:37:43:EF:3E:5F:22:F8:D3:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flZv_0B_McauhWw3Q-8-XyL401s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/CF8GaEatgxJbaKh474IjZo5fECA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/040564-5952-4223-bcca-f876c055a315/1/flZv_0B_McauhWw3Q-8-XyL401s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.140.0/22
                IPv6:
                  2a04:a240::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:d3:a2:a9:8a:bf:ec:5f:4c:70:71:05:c7:15:b4:89:4d:3d:
         3d:26:dc:14:ec:a1:d6:c4:e2:7a:e2:60:47:b2:89:e6:30:b8:
         d2:71:b4:90:df:0b:f2:5b:72:97:33:a3:44:f0:0c:fb:20:0a:
         78:10:44:2a:74:98:20:b4:a6:e2:7b:2f:80:3d:d8:64:f5:31:
         92:c0:a0:77:33:80:d2:c1:cf:65:9c:80:35:68:fa:c3:0a:80:
         4b:e9:28:ea:f7:8c:1d:ef:c3:1d:b7:c3:78:ac:88:77:2a:9f:
         3a:40:40:23:08:82:30:f7:0f:f6:25:34:3d:42:62:2d:a1:2b:
         36:81:48:d0:12:6b:8a:07:cc:94:7a:55:fd:db:28:e1:d6:77:
         8c:30:cf:a4:a3:2b:5c:f6:8d:32:a3:cc:aa:0c:15:33:c7:8a:
         8b:e0:6a:4e:6f:03:e3:ab:a9:12:df:57:d9:0f:32:0f:2e:89:
         58:d8:b6:27:2d:cd:a4:07:eb:73:7a:47:80:9f:b6:98:5c:3e:
         c1:10:25:a8:ca:a3:97:93:b7:06:03:0c:3f:92:84:2d:36:a9:
         4f:98:ff:86:9d:f1:ec:9f:fa:1d:19:13:1c:e4:e5:60:86:24:
         28:59:84:fa:56:f5:5c:f5:c6:f8:b4:c0:f7:a5:ae:8d:24:77:
         e6:b4:0b:a4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1xoXIj5x8Mdo5FeFe49QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNTY2ZmZmNDA3ZjMxYzZhZTg1NmMzNzQzZWYzZTVmMjJm
OGQzNWIwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVmMDY2ODQ2YWQ4MzEyNWI2OGE4NzhlZjgyMjM2NjhlNWYxMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bJYteoYoHUaqw/hWPBTPYAClsQq
Bi657LVQPHsTznLzEnvykLpW3hIFnJVZOiL5n6pzmiBPSkuPvSXvl+P7OYw2ECxy
JUlkxLOuzcf5YZW7lIi6rNbQi+Qx9IVYzINx7YCJvzFfzTUpl+4iSRInwNVr7pNY
oTj8KrK8LDbLvdoV4QbA86blzQdd+lAJ7WfwTHEvL7Uz1mevpeUZfEk4IIkodh+Z
E2kytEDSnAoLgcqGgdpe+PdE8+Sosq0ih+dJhFqAgQ5vb+Jzy3sdPc1TSG2WdY+4
ubl4aCGQVC15x30Uz0Q2kJepfdxDQO8iiNbBrA69uM9NhflaMPlxbAcaTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhfBmhGrYMSW2ioeO+CI2aOXxAgMB8GA1UdIwQY
MBaAFH5Wb/9AfzHGroVsN0PvPl8i+NNbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxadl8wQl9NY2F1aFd3M1EtOC1YeUw0MDFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8wNDA1NjQtNTk1Mi00MjIzLWJjY2Et
Zjg3NmMwNTVhMzE1LzEvQ0Y4R2FFYXRneEpiYUtoNDc0SWpabzVmRUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8wNDA1NjQtNTk1Mi00MjIzLWJjY2EtZjg3NmMwNTVhMzE1
LzEvZmxadl8wQl9NY2F1aFd3M1EtOC1YeUw0MDFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc6MMA0E
AgACMAcDBQMqBKJAMA0GCSqGSIb3DQEBCwUAA4IBAQAf06Kpir/sX0xwcQXHFbSJ
TT09JtwU7KHWxOJ64mBHsonmMLjScbSQ3wvyW3KXM6NE8Az7IAp4EEQqdJggtKbi
ey+APdhk9TGSwKB3M4DSwc9lnIA1aPrDCoBL6Sjq94wd78Mdt8N4rIh3Kp86QEAj
CIIw9w/2JTQ9QmItoSs2gUjQEmuKB8yUelX92yjh1neMMM+koytc9o0yo8yqDBUz
x4qL4GpObwPjq6kS31fZDzIPLolY2LYnLc2kB+tzekeAn7aYXD7BECWoyqOXk7cG
Aww/koQtNqlPmP+GnfHsn/odGRMc5OVghiQoWYT6VvVc9cb4tMD3pa6NJHfmtAuk
-----END CERTIFICATE-----