Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/0UHdcMJlJhG3oZKabqSdR28w2GU.roa
File:                     0UHdcMJlJhG3oZKabqSdR28w2GU.roa (raw, json)
Hash identifier:          c4S1i8VzMNkAak+YpBSVo9bfa8POuJI9pEw8vgNIjtg=
Subject key identifier:   D1:41:DD:70:C2:65:26:11:B7:A1:92:9A:6E:A4:9D:47:6F:30:D8:65
Certificate issuer:       /CN=8d4437f05cde6b0041149f61c473c8ed18db4b44
Certificate serial:       0194258F54F70B104BA45FC61606D575E494
Authority key identifier: 8D:44:37:F0:5C:DE:6B:00:41:14:9F:61:C4:73:C8:ED:18:DB:4B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/0UHdcMJlJhG3oZKabqSdR28w2GU.roa
Signing time:             Thu 02 Jan 2025 05:48:57 +0000
ROA not before:           Thu 02 Jan 2025 05:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201116
IP address blocks:        193.34.236.0/22 maxlen: 22
                          193.34.236.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:54:f7:0b:10:4b:a4:5f:c6:16:06:d5:75:e4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4437f05cde6b0041149f61c473c8ed18db4b44
        Validity
            Not Before: Jan  2 05:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d141dd70c2652611b7a1929a6ea49d476f30d865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:59:a3:5f:33:14:66:77:2d:3c:18:21:9b:3e:
                    1a:18:89:c5:46:8e:48:c2:74:24:53:29:45:a4:c6:
                    86:5c:fa:8a:0a:ec:bd:4e:88:fc:8a:f4:00:a6:b5:
                    a3:d5:97:ad:69:66:15:b6:e3:89:02:c2:3c:d8:4d:
                    25:1b:7e:04:d9:d8:05:17:b7:93:93:83:70:87:29:
                    c7:07:24:eb:43:70:d5:46:4a:a7:2f:e0:fa:29:5d:
                    11:79:98:1b:24:c0:a9:55:a3:8a:87:be:d8:20:28:
                    5b:79:d5:01:d2:7c:3d:37:79:55:ab:c2:37:33:dc:
                    d5:61:0d:76:60:ef:12:b4:e3:9d:50:f0:89:2f:b4:
                    de:14:7b:e1:33:de:9e:8a:ba:d4:7f:ae:b4:cc:b9:
                    0b:cb:d6:b5:8b:3a:f1:08:4d:86:4a:3a:e2:3c:16:
                    4a:0f:19:13:2f:53:e4:fd:a8:39:68:1d:36:6a:1c:
                    5f:23:e0:54:d3:54:6b:b4:ad:3d:d0:cc:d3:89:28:
                    cf:17:83:ba:5e:2c:c6:42:29:69:8d:87:fa:e3:1f:
                    ff:2f:ce:54:33:4c:26:61:45:6e:d1:08:2e:17:64:
                    86:63:a5:5f:7c:1a:82:18:b6:86:9b:3e:f4:13:62:
                    cd:6f:4f:c3:12:43:98:19:9c:24:64:5a:5b:b2:4c:
                    b9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:41:DD:70:C2:65:26:11:B7:A1:92:9A:6E:A4:9D:47:6F:30:D8:65
            X509v3 Authority Key Identifier:
                keyid:8D:44:37:F0:5C:DE:6B:00:41:14:9F:61:C4:73:C8:ED:18:DB:4B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/0UHdcMJlJhG3oZKabqSdR28w2GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/6239a0-f61b-4d44-99fd-71b9091edab0/1/jUQ38FzeawBBFJ9hxHPI7RjbS0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:da:c6:41:84:dc:89:b8:b4:05:e7:ae:53:1d:6f:45:bc:ab:
         82:34:db:c8:b1:27:90:69:82:15:8d:03:29:d1:5f:45:d0:43:
         62:ae:7b:9d:e2:dc:61:68:72:7a:32:cd:75:91:93:1f:b1:af:
         95:f5:80:c9:95:a2:0f:df:18:d2:45:5f:91:c7:2c:e6:f2:4a:
         46:c2:8d:87:00:15:0c:25:7a:cc:26:f7:f5:a2:f6:75:05:54:
         dd:ec:02:ce:57:19:c7:14:39:26:3c:dd:30:42:96:24:0b:cf:
         38:b1:c4:37:a1:a3:76:dd:5c:4d:95:79:63:d9:98:3e:ca:7e:
         ac:29:eb:3a:77:89:bf:35:6f:22:2b:1e:92:7e:e6:39:b7:82:
         20:a1:41:7e:51:bc:ce:fa:5d:fd:aa:5f:56:07:5a:b3:64:d7:
         95:ac:0b:87:25:f7:e4:98:7f:dd:7b:bc:a7:95:ce:2c:a4:75:
         33:09:3f:05:5a:07:45:33:9d:08:7e:bb:4f:ca:6c:ef:ed:61:
         c6:bb:d4:ef:3f:d4:e0:5a:c6:63:42:c1:35:56:d1:96:4c:b3:
         f9:39:92:65:05:16:5b:5a:32:b2:eb:d5:09:2b:7b:2b:cd:5b:
         aa:a1:d6:bc:50:b0:97:7a:55:2f:d6:08:8b:16:ff:60:fb:a0:
         3d:78:74:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1T3CxBLpF/GFgbVdeSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNDQzN2YwNWNkZTZiMDA0MTE0OWY2MWM0NzNjOGVkMThk
YjRiNDQwHhcNMjUwMTAyMDU0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQxZGQ3MGMyNjUyNjExYjdhMTkyOWE2ZWE0OWQ0NzZmMzBkODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1mjXzMUZnctPBghmz4aGInFRo5I
wnQkUylFpMaGXPqKCuy9Toj8ivQAprWj1ZetaWYVtuOJAsI82E0lG34E2dgFF7eT
k4NwhynHByTrQ3DVRkqnL+D6KV0ReZgbJMCpVaOKh77YIChbedUB0nw9N3lVq8I3
M9zVYQ12YO8StOOdUPCJL7TeFHvhM96eirrUf660zLkLy9a1izrxCE2GSjriPBZK
DxkTL1Pk/ag5aB02ahxfI+BU01RrtK090MzTiSjPF4O6XizGQilpjYf64x//L85U
M0wmYUVu0QguF2SGY6VffBqCGLaGmz70E2LNb0/DEkOYGZwkZFpbsky5lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFB3XDCZSYRt6GSmm6knUdvMNhlMB8GA1UdIwQY
MBaAFI1EN/Bc3msAQRSfYcRzyO0Y20tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalVRMzhGemVhd0JCRko5aHhIUEk3UmpiUzBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82MjM5YTAtZjYxYi00ZDQ0LTk5ZmQt
NzFiOTA5MWVkYWIwLzEvMFVIZGNNSmxKaEczb1pLYWJxU2RSMjh3MkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82MjM5YTAtZjYxYi00ZDQ0LTk5ZmQtNzFiOTA5MWVkYWIw
LzEvalVRMzhGemVhd0JCRko5aHhIUEk3UmpiUzBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSLsMA0G
CSqGSIb3DQEBCwUAA4IBAQCG2sZBhNyJuLQF565THW9FvKuCNNvIsSeQaYIVjQMp
0V9F0ENirnud4txhaHJ6Ms11kZMfsa+V9YDJlaIP3xjSRV+Rxyzm8kpGwo2HABUM
JXrMJvf1ovZ1BVTd7ALOVxnHFDkmPN0wQpYkC884scQ3oaN23VxNlXlj2Zg+yn6s
Kes6d4m/NW8iKx6SfuY5t4IgoUF+UbzO+l39ql9WB1qzZNeVrAuHJffkmH/de7yn
lc4spHUzCT8FWgdFM50IfrtPymzv7WHGu9TvP9TgWsZjQsE1VtGWTLP5OZJlBRZb
WjKy69UJK3srzVuqoda8ULCXelUv1giLFv9g+6A9eHT6
-----END CERTIFICATE-----