Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/CIh-n620dapiChf7Qz9UJJ0kAYM.roa
File:                     CIh-n620dapiChf7Qz9UJJ0kAYM.roa (raw, json)
Hash identifier:          FBemJczTUCPxIUZPk0jDQbmKS7wDmu5CZBeaJ9h/Hsg=
Subject key identifier:   08:88:7E:9F:AD:B4:75:AA:62:0A:17:FB:43:3F:54:24:9D:24:01:83
Certificate issuer:       /CN=7e2eda6952b03e8ba45997be615d7abee1784f83
Certificate serial:       01941FFA73A0DD666DAB545F8F0F75A66451
Authority key identifier: 7E:2E:DA:69:52:B0:3E:8B:A4:59:97:BE:61:5D:7A:BE:E1:78:4F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fi7aaVKwPoukWZe-YV16vuF4T4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/CIh-n620dapiChf7Qz9UJJ0kAYM.roa
Signing time:             Wed 01 Jan 2025 03:48:14 +0000
ROA not before:           Wed 01 Jan 2025 03:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        87.239.96.0/21 maxlen: 24
                          2a00:c2c1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/fi7aaVKwPoukWZe-YV16vuF4T4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/fi7aaVKwPoukWZe-YV16vuF4T4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fi7aaVKwPoukWZe-YV16vuF4T4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:73:a0:dd:66:6d:ab:54:5f:8f:0f:75:a6:64:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e2eda6952b03e8ba45997be615d7abee1784f83
        Validity
            Not Before: Jan  1 03:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08887e9fadb475aa620a17fb433f54249d240183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:40:47:53:bd:42:1a:29:0d:c8:9c:9e:72:d5:
                    44:5d:d3:09:7b:fa:93:bd:38:98:87:26:db:22:82:
                    f0:b4:04:be:bf:fa:6c:b2:50:5c:27:05:2e:32:94:
                    01:d9:d7:fa:23:d0:32:cc:b1:09:78:71:f0:50:d7:
                    63:c1:01:30:f8:08:bd:44:de:2d:6c:fe:2a:26:4d:
                    66:1d:99:23:4a:2b:ff:b0:5a:12:23:bd:9b:8f:ca:
                    83:80:3f:22:3f:c4:b3:01:60:d3:34:06:f7:d4:c4:
                    0a:13:e7:0e:3e:a6:d9:84:a7:5b:df:23:60:6f:6f:
                    ec:61:4e:37:cf:d3:cd:6a:48:93:36:3d:17:15:2c:
                    b1:e1:56:f7:42:cc:fb:04:c6:74:72:81:07:f0:be:
                    c8:c9:2f:da:7c:7e:b4:00:34:12:f0:ec:b4:cc:6e:
                    34:1c:d7:63:7f:ef:d0:ec:5b:2f:a4:30:14:64:3d:
                    8f:3f:c6:30:f8:f2:50:25:f4:db:6a:52:32:1c:64:
                    ef:ea:06:dd:e7:8a:33:d0:46:29:ae:ef:86:7b:aa:
                    95:df:be:1f:c3:7f:b5:02:9a:28:6a:b9:68:4b:78:
                    9f:66:67:da:1c:76:32:89:f8:f5:55:f7:ed:99:1a:
                    79:c5:35:26:5a:46:58:36:b6:11:48:ca:04:cb:1d:
                    7d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:88:7E:9F:AD:B4:75:AA:62:0A:17:FB:43:3F:54:24:9D:24:01:83
            X509v3 Authority Key Identifier:
                keyid:7E:2E:DA:69:52:B0:3E:8B:A4:59:97:BE:61:5D:7A:BE:E1:78:4F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fi7aaVKwPoukWZe-YV16vuF4T4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/CIh-n620dapiChf7Qz9UJJ0kAYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/380400-dc2e-494a-891a-2f2300b6e3d9/1/fi7aaVKwPoukWZe-YV16vuF4T4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.96.0/21
                IPv6:
                  2a00:c2c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:32:c4:8a:d3:5c:aa:3c:95:62:f9:55:41:98:62:f1:cd:10:
         50:8c:de:30:dc:ed:f0:c6:3f:48:c0:1f:8b:2b:51:80:79:b0:
         9e:e3:53:9b:45:bf:e4:84:1d:88:28:71:ce:3e:4d:b9:50:19:
         a2:87:34:0c:c1:fe:ba:7b:9e:86:d3:55:ac:af:19:59:4a:d6:
         35:66:b3:c3:10:99:9f:2b:60:b4:82:cc:3b:90:3c:47:1a:32:
         7f:ab:12:35:38:39:6f:2b:4f:ba:88:22:63:37:a8:70:16:62:
         a4:5f:62:34:01:52:6d:96:aa:88:33:2e:2f:0f:08:91:38:c0:
         ca:01:a6:be:06:a0:03:c6:33:53:1c:6a:af:86:d7:a7:b8:90:
         40:12:f3:37:cd:de:34:f6:82:71:ad:ab:81:b7:c2:c6:bc:52:
         18:b9:27:91:14:a4:d6:c6:85:d8:9c:2c:e4:5c:41:4d:eb:fe:
         bd:df:99:16:b5:84:ed:6e:98:0e:fb:f1:df:0b:ba:8d:93:58:
         6e:8f:80:54:b9:5d:1e:76:1b:28:60:ff:21:40:da:22:15:de:
         8c:ed:2d:95:da:99:45:61:5c:30:31:2f:ef:08:5f:a5:03:5e:
         0e:30:62:46:5b:db:ca:3c:29:0b:4d:87:17:3b:32:e0:92:16:
         9c:dd:b4:d0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+nOg3WZtq1Rfjw91pmRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmVkYTY5NTJiMDNlOGJhNDU5OTdiZTYxNWQ3YWJlZTE3
ODRmODMwHhcNMjUwMTAxMDM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg4N2U5ZmFkYjQ3NWFhNjIwYTE3ZmI0MzNmNTQyNDlkMjQwMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0BHU71CGikNyJyectVEXdMJe/qT
vTiYhybbIoLwtAS+v/psslBcJwUuMpQB2df6I9AyzLEJeHHwUNdjwQEw+Ai9RN4t
bP4qJk1mHZkjSiv/sFoSI72bj8qDgD8iP8SzAWDTNAb31MQKE+cOPqbZhKdb3yNg
b2/sYU43z9PNakiTNj0XFSyx4Vb3Qsz7BMZ0coEH8L7IyS/afH60ADQS8Oy0zG40
HNdjf+/Q7FsvpDAUZD2PP8Yw+PJQJfTbalIyHGTv6gbd54oz0EYpru+Ge6qV374f
w3+1ApooarloS3ifZmfaHHYyifj1VfftmRp5xTUmWkZYNrYRSMoEyx19cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAiIfp+ttHWqYgoX+0M/VCSdJAGDMB8GA1UdIwQY
MBaAFH4u2mlSsD6LpFmXvmFder7heE+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmk3YWFWS3dQb3VrV1plLVlWMTZ2dUY0VDRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zODA0MDAtZGMyZS00OTRhLTg5MWEt
MmYyMzAwYjZlM2Q5LzEvQ0loLW42MjBkYXBpQ2hmN1F6OVVKSjBrQVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zODA0MDAtZGMyZS00OTRhLTg5MWEtMmYyMzAwYjZlM2Q5
LzEvZmk3YWFWS3dQb3VrV1plLVlWMTZ2dUY0VDRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDV+9gMA0E
AgACMAcDBQAqAMLBMA0GCSqGSIb3DQEBCwUAA4IBAQBkMsSK01yqPJVi+VVBmGLx
zRBQjN4w3O3wxj9IwB+LK1GAebCe41ObRb/khB2IKHHOPk25UBmihzQMwf66e56G
01WsrxlZStY1ZrPDEJmfK2C0gsw7kDxHGjJ/qxI1ODlvK0+6iCJjN6hwFmKkX2I0
AVJtlqqIMy4vDwiROMDKAaa+BqADxjNTHGqvhtenuJBAEvM3zd409oJxrauBt8LG
vFIYuSeRFKTWxoXYnCzkXEFN6/6935kWtYTtbpgO+/HfC7qNk1huj4BUuV0edhso
YP8hQNoiFd6M7S2V2plFYVwwMS/vCF+lA14OMGJGW9vKPCkLTYcXOzLgkhac3bTQ
-----END CERTIFICATE-----