Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/847VWHs-caMwvruiasasUJ9i7yk.roa
File:                     847VWHs-caMwvruiasasUJ9i7yk.roa (raw, json)
Hash identifier:          cGKjnew3so38YN3EBXzPrvxanAQQogJHwvbCrW4djb4=
Subject key identifier:   F3:8E:D5:58:7B:3E:71:A3:30:BE:BB:A2:6A:C6:AC:50:9F:62:EF:29
Certificate issuer:       /CN=29edf2a4f20ac08235c40180de74ebc3935cfc22
Certificate serial:       01941F8C7EF2246F6B878A95BBD4260EBB83
Authority key identifier: 29:ED:F2:A4:F2:0A:C0:82:35:C4:01:80:DE:74:EB:C3:93:5C:FC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/847VWHs-caMwvruiasasUJ9i7yk.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        134.226.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7e:f2:24:6f:6b:87:8a:95:bb:d4:26:0e:bb:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29edf2a4f20ac08235c40180de74ebc3935cfc22
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f38ed5587b3e71a330bebba26ac6ac509f62ef29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6e:dd:56:40:10:63:b8:67:d7:b1:a4:58:37:
                    dc:4b:c1:05:17:4e:13:1d:e7:90:a7:b9:19:08:e3:
                    ba:4b:aa:c4:f5:22:6e:6a:73:30:82:eb:e2:bb:e0:
                    22:9b:bd:db:29:f3:2d:e6:1d:36:16:fa:45:9a:e9:
                    e1:bd:93:3a:7e:8d:80:8a:d8:23:be:ea:a3:e2:f1:
                    f9:9c:c9:db:4c:32:eb:19:d9:60:2b:b8:82:e0:41:
                    50:19:89:a0:b8:7c:f6:13:c5:21:ba:fa:e3:9d:57:
                    61:d2:ec:98:9a:26:e8:d8:6e:dc:c2:59:e0:a3:30:
                    d4:39:05:84:9d:43:85:90:48:b8:80:31:87:f6:eb:
                    77:12:e6:ba:12:b9:a8:82:b0:58:2e:b4:d9:33:65:
                    80:e4:fa:c7:1d:cd:cf:3e:64:5d:6b:7f:1c:f3:f2:
                    8f:ae:18:9f:32:e0:03:a9:95:32:3f:f5:8e:c3:d7:
                    0b:44:7c:eb:17:f0:f8:6e:cc:dd:21:13:d0:4a:c9:
                    01:6e:c7:0b:8a:64:bd:a0:70:07:d4:89:36:c4:10:
                    60:ff:b8:c4:ef:0c:25:e2:de:c9:b1:3c:2f:ad:23:
                    2d:e9:98:5c:89:e2:b5:d4:5e:2e:6a:8d:b2:9e:aa:
                    0b:9c:1c:8d:24:93:57:18:02:27:3e:6f:b6:d1:af:
                    f8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8E:D5:58:7B:3E:71:A3:30:BE:BB:A2:6A:C6:AC:50:9F:62:EF:29
            X509v3 Authority Key Identifier:
                keyid:29:ED:F2:A4:F2:0A:C0:82:35:C4:01:80:DE:74:EB:C3:93:5C:FC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/847VWHs-caMwvruiasasUJ9i7yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c0:31:09:e4:44:df:7c:a5:57:e7:7f:6e:95:2d:13:75:dc:b3:
         f9:33:7f:a7:49:18:dc:57:2e:cd:91:76:ab:a4:ed:87:26:26:
         e0:fb:44:35:99:62:31:d0:dc:a1:4d:9c:a6:99:aa:3c:97:3b:
         12:cb:4e:e8:1f:b8:57:75:a7:3b:4c:5c:4c:b9:15:87:c2:8b:
         f7:59:2d:d9:a3:99:9d:c1:be:4c:bf:c4:bd:c2:67:82:84:60:
         fe:73:12:dd:78:80:f1:80:c8:56:e8:b8:3a:b1:49:39:bb:59:
         64:26:92:f9:ba:e1:c1:fe:22:0d:33:86:d6:a9:49:97:d4:8d:
         98:8d:81:e1:96:12:07:78:29:81:62:a6:56:21:56:de:ac:63:
         ea:bc:73:62:4b:9d:98:d7:cb:15:55:cf:0c:bc:1f:db:16:91:
         2f:a1:7f:18:cc:ca:82:1f:4b:e5:67:e9:d7:ef:80:a8:43:68:
         61:80:f5:68:58:88:13:d2:00:e2:5b:67:5d:8b:1d:10:cf:ce:
         17:40:7a:ec:73:36:97:f6:88:d5:a8:66:19:4f:0c:b1:ab:30:
         d3:a3:ba:f4:5b:1b:51:e5:26:48:d3:05:37:26:fc:e1:7f:14:
         32:d2:30:d0:24:03:62:42:ba:f0:74:3e:9b:f7:03:52:3c:95:
         06:46:e4:6a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjH7yJG9rh4qVu9QmDruDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZWRmMmE0ZjIwYWMwODIzNWM0MDE4MGRlNzRlYmMzOTM1
Y2ZjMjIwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhlZDU1ODdiM2U3MWEzMzBiZWJiYTI2YWM2YWM1MDlmNjJlZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4G7dVkAQY7hn17GkWDfcS8EFF04T
HeeQp7kZCOO6S6rE9SJuanMwguviu+Aim73bKfMt5h02FvpFmunhvZM6fo2Aitgj
vuqj4vH5nMnbTDLrGdlgK7iC4EFQGYmguHz2E8UhuvrjnVdh0uyYmibo2G7cwlng
ozDUOQWEnUOFkEi4gDGH9ut3Eua6ErmogrBYLrTZM2WA5PrHHc3PPmRda38c8/KP
rhifMuADqZUyP/WOw9cLRHzrF/D4bszdIRPQSskBbscLimS9oHAH1Ik2xBBg/7jE
7wwl4t7JsTwvrSMt6ZhcieK11F4uao2ynqoLnByNJJNXGAInPm+20a/4MwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPOO1Vh7PnGjML67omrGrFCfYu8pMB8GA1UdIwQY
MBaAFCnt8qTyCsCCNcQBgN5068OTXPwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2UzeXBQSUt3SUkxeEFHQTNuVHJ3NU5jX0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84Y2IxZTYtZTVmOC00ZmEwLTk3ZmUt
OTI0YzI5Y2Y3N2M0LzEvODQ3VldIcy1jYU13dnJ1aWFzYXNVSjlpN3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84Y2IxZTYtZTVmOC00ZmEwLTk3ZmUtOTI0YzI5Y2Y3N2M0
LzEvS2UzeXBQSUt3SUkxeEFHQTNuVHJ3NU5jX0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhuIwDQYJ
KoZIhvcNAQELBQADggEBAMAxCeRE33ylV+d/bpUtE3Xcs/kzf6dJGNxXLs2Rdquk
7YcmJuD7RDWZYjHQ3KFNnKaZqjyXOxLLTugfuFd1pztMXEy5FYfCi/dZLdmjmZ3B
vky/xL3CZ4KEYP5zEt14gPGAyFbouDqxSTm7WWQmkvm64cH+Ig0zhtapSZfUjZiN
geGWEgd4KYFiplYhVt6sY+q8c2JLnZjXyxVVzwy8H9sWkS+hfxjMyoIfS+Vn6dfv
gKhDaGGA9WhYiBPSAOJbZ12LHRDPzhdAeuxzNpf2iNWoZhlPDLGrMNOjuvRbG1Hl
JkjTBTcm/OF/FDLSMNAkA2JCuvB0Ppv3A1I8lQZG5Go=
-----END CERTIFICATE-----