Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/8d-QnWmEgzJ4Rpdyt7aQY0aM-Bw.roa
File:                     8d-QnWmEgzJ4Rpdyt7aQY0aM-Bw.roa (raw, json)
Hash identifier:          0s45oUU1o2ifddAJ6DTLViE5f0A+VumWP+t1SybvUik=
Subject key identifier:   F1:DF:90:9D:69:84:83:32:78:46:97:72:B7:B6:90:63:46:8C:F8:1C
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019427B692E0F0AA48438D2138FD9811A82A
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/8d-QnWmEgzJ4Rpdyt7aQY0aM-Bw.roa
Signing time:             Thu 02 Jan 2025 15:51:04 +0000
ROA not before:           Thu 02 Jan 2025 15:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6786
IP address blocks:        185.39.48.0/23 maxlen: 23
                          2a04:7a00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:92:e0:f0:aa:48:43:8d:21:38:fd:98:11:a8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 15:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1df909d6984833278469772b7b69063468cf81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7c:51:1b:c0:5f:fc:48:d2:8f:0c:79:02:69:
                    ce:97:d0:48:a8:6e:2d:2c:40:69:e2:70:40:ec:87:
                    42:80:3e:2d:43:72:8d:9d:d6:7e:bb:ef:f3:d2:af:
                    cd:be:93:23:83:05:d2:87:72:69:e5:5f:2f:6c:ec:
                    aa:11:ba:c9:78:b8:09:71:fa:47:56:25:23:c8:05:
                    0c:dc:91:f2:3e:bd:f7:df:b0:bb:ce:2a:75:61:d3:
                    61:5b:dd:4c:ec:79:9d:30:ff:34:08:e6:35:4b:6a:
                    89:2f:80:5e:a2:7c:68:be:00:33:5d:db:d4:61:a2:
                    62:73:33:06:a0:00:52:25:07:26:7d:7c:82:89:f7:
                    7e:d1:ab:b0:87:ec:3b:13:16:5d:8e:63:e5:be:2a:
                    c0:72:6e:fb:7e:e0:39:fa:48:a4:e2:ff:99:85:ee:
                    3d:4b:ad:c4:2d:c3:cc:1c:ff:81:74:f2:13:f3:0e:
                    16:83:fd:f0:58:86:3c:79:d7:5d:4d:02:19:40:20:
                    90:03:2a:c0:d4:49:75:00:a6:b7:fb:55:c9:00:60:
                    0c:0f:d8:57:af:42:29:f0:d4:09:90:24:1f:28:50:
                    37:1d:33:69:20:08:03:64:fb:b4:ac:9f:b2:ef:05:
                    f5:e7:fd:82:d1:a8:90:37:de:35:bb:ba:1d:ec:3d:
                    b8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:DF:90:9D:69:84:83:32:78:46:97:72:B7:B6:90:63:46:8C:F8:1C
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/8d-QnWmEgzJ4Rpdyt7aQY0aM-Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.48.0/23
                IPv6:
                  2a04:7a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:fb:d7:bf:44:89:35:74:49:d5:21:3b:63:20:e7:36:34:1e:
         e3:cb:29:0f:f6:d1:29:92:27:45:b6:8e:47:d3:48:26:55:b9:
         6b:58:8d:8a:53:29:e8:2c:4e:bf:9e:cc:a9:f9:5d:87:36:c5:
         81:ed:57:83:8c:00:b4:04:82:a2:6e:15:f3:2a:8c:87:9a:87:
         4b:a0:8f:47:0d:4e:5f:68:76:12:46:33:86:f5:da:f6:c9:f5:
         95:af:0d:05:40:6c:fa:c3:66:02:cc:20:6f:bb:3d:02:7a:d4:
         5e:7d:85:57:8e:d2:fc:4b:d4:92:6f:10:73:a6:ca:bd:d7:2f:
         8e:2f:a2:19:87:4a:24:ab:b2:61:de:77:89:6e:5b:9b:67:15:
         8f:3c:e4:03:5b:80:24:a6:77:b0:1e:a7:7a:0b:b5:18:e0:1e:
         32:cc:a4:f6:8a:d7:c9:46:85:f1:2a:c6:90:f4:35:04:c2:9e:
         af:f3:52:c4:91:e1:4f:46:78:cc:4b:11:0d:a7:e3:2c:50:e3:
         11:56:f3:27:9a:72:c4:ce:e3:ce:79:d2:a3:b2:c6:80:88:1e:
         8c:ff:fe:ff:15:89:bf:fe:54:a1:6a:6f:d8:c2:e1:f1:7a:fa:
         b3:ea:20:4c:7f:ae:af:e5:92:9e:84:48:6d:cb:8f:e8:8a:b2:
         9d:10:09:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntpLg8KpIQ40hOP2YEagqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwMTAyMTU1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWRmOTA5ZDY5ODQ4MzMyNzg0Njk3NzJiN2I2OTA2MzQ2OGNmODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XxRG8Bf/EjSjwx5AmnOl9BIqG4t
LEBp4nBA7IdCgD4tQ3KNndZ+u+/z0q/NvpMjgwXSh3Jp5V8vbOyqEbrJeLgJcfpH
ViUjyAUM3JHyPr3337C7zip1YdNhW91M7HmdMP80COY1S2qJL4BeonxovgAzXdvU
YaJiczMGoABSJQcmfXyCifd+0auwh+w7ExZdjmPlvirAcm77fuA5+kik4v+Zhe49
S63ELcPMHP+BdPIT8w4Wg/3wWIY8edddTQIZQCCQAyrA1El1AKa3+1XJAGAMD9hX
r0Ip8NQJkCQfKFA3HTNpIAgDZPu0rJ+y7wX15/2C0aiQN941u7od7D243QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPHfkJ1phIMyeEaXcre2kGNGjPgcMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvOGQtUW5XbUVneko0UnBkeXQ3YVFZMGFNLUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuScwMA0E
AgACMAcDBQAqBHoAMA0GCSqGSIb3DQEBCwUAA4IBAQAi+9e/RIk1dEnVITtjIOc2
NB7jyykP9tEpkidFto5H00gmVblrWI2KUynoLE6/nsyp+V2HNsWB7VeDjAC0BIKi
bhXzKoyHmodLoI9HDU5faHYSRjOG9dr2yfWVrw0FQGz6w2YCzCBvuz0CetRefYVX
jtL8S9SSbxBzpsq91y+OL6IZh0okq7Jh3neJblubZxWPPOQDW4AkpnewHqd6C7UY
4B4yzKT2itfJRoXxKsaQ9DUEwp6v81LEkeFPRnjMSxENp+MsUOMRVvMnmnLEzuPO
edKjssaAiB6M//7/FYm//lSham/YwuHxevqz6iBMf66v5ZKehEhty4/oirKdEAn8
-----END CERTIFICATE-----