Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/8P_S0IiROCk_5OYQ6mxMJ_E_ykg.roa
File:                     8P_S0IiROCk_5OYQ6mxMJ_E_ykg.roa (raw, json)
Hash identifier:          hKXKA4mluIkjfh1vqK/elg6N0eojlwBUTy51lDcZmFo=
Subject key identifier:   F0:FF:D2:D0:88:91:38:29:3F:E4:E6:10:EA:6C:4C:27:F1:3F:CA:48
Certificate issuer:       /CN=66729f9d0786f68a1ecd5c5a92bc392d8691975e
Certificate serial:       0194214415C6207147019BF000283FF62E9C
Authority key identifier: 66:72:9F:9D:07:86:F6:8A:1E:CD:5C:5A:92:BC:39:2D:86:91:97:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZnKfnQeG9ooezVxakrw5LYaRl14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/8P_S0IiROCk_5OYQ6mxMJ_E_ykg.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205718
IP address blocks:        185.226.168.0/22 maxlen: 22
                          2a09:fbc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/ZnKfnQeG9ooezVxakrw5LYaRl14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/ZnKfnQeG9ooezVxakrw5LYaRl14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZnKfnQeG9ooezVxakrw5LYaRl14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:15:c6:20:71:47:01:9b:f0:00:28:3f:f6:2e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66729f9d0786f68a1ecd5c5a92bc392d8691975e
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0ffd2d0889138293fe4e610ea6c4c27f13fca48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8d:db:4d:6c:78:d0:cb:5b:79:f2:6d:55:82:
                    83:d5:25:51:f6:99:bc:bf:2a:6a:47:16:3b:d4:d9:
                    dc:61:fe:ac:60:2b:48:a7:7f:6d:51:36:08:e6:ea:
                    ec:63:31:8a:bf:31:f9:da:d1:6c:f2:7b:27:2f:af:
                    ce:b5:71:28:b6:2d:47:a1:04:f5:97:dd:66:68:46:
                    c6:6c:b9:e4:26:b0:d3:c7:91:86:49:13:bc:0c:cf:
                    b1:48:d4:f9:4a:46:b1:23:bc:15:3f:ea:d0:ed:89:
                    d8:30:65:6c:4e:71:83:37:c7:8d:b3:23:ce:6f:ef:
                    f4:f0:d3:f0:9b:37:8f:a2:f4:7c:e2:52:25:17:74:
                    12:ab:c2:93:03:78:18:24:a8:67:27:d1:25:8a:0a:
                    1c:5d:3c:c3:e4:67:bc:d9:bb:87:c5:d7:3c:cc:b5:
                    6b:3c:4b:0f:b4:ab:f4:5f:50:a7:e6:7b:0f:7a:e6:
                    3a:5d:cb:28:de:2a:90:43:f0:03:7a:9a:8e:82:2f:
                    44:04:c4:fb:06:c5:52:36:5e:cf:1f:32:d9:d0:25:
                    8d:9b:f4:59:85:e9:5c:e7:43:20:98:63:d7:76:51:
                    ea:64:d6:e0:34:5a:19:87:53:78:d0:cf:1e:54:aa:
                    cb:40:29:dd:8b:f8:fd:84:fb:c7:7c:b0:9e:86:b0:
                    f4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:FF:D2:D0:88:91:38:29:3F:E4:E6:10:EA:6C:4C:27:F1:3F:CA:48
            X509v3 Authority Key Identifier:
                keyid:66:72:9F:9D:07:86:F6:8A:1E:CD:5C:5A:92:BC:39:2D:86:91:97:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZnKfnQeG9ooezVxakrw5LYaRl14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/8P_S0IiROCk_5OYQ6mxMJ_E_ykg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/384d03-f479-4bb2-a8ad-ad510e05da92/1/ZnKfnQeG9ooezVxakrw5LYaRl14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.168.0/22
                IPv6:
                  2a09:fbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:33:c2:34:9e:73:d6:51:4b:38:b7:bb:9d:e5:a8:36:5c:69:
         c4:e9:b5:6e:c4:66:bf:a6:e1:d3:24:87:31:cc:a0:13:dc:1b:
         b1:ad:b6:86:5f:d9:c6:09:65:b6:95:f4:44:0b:c4:68:e8:f7:
         57:ec:e0:af:bd:85:98:9a:a5:30:62:19:21:a2:4c:0a:b4:9d:
         23:32:a7:3a:31:8f:c6:f9:c2:6e:7f:0f:a6:13:d8:4c:b9:bc:
         eb:20:fa:ad:df:e5:47:77:b3:9b:01:6c:e9:5f:7e:76:d1:d8:
         67:f7:b6:62:25:0b:21:29:18:0b:cd:9c:30:3c:d7:eb:fa:9a:
         07:e9:17:dd:db:cc:b1:d4:d3:41:8f:47:80:1e:f1:a6:b3:c7:
         7e:f0:03:dd:b3:ef:ba:7c:76:c8:a2:90:92:06:1d:d1:8f:7a:
         1b:aa:80:ce:1d:71:bc:2c:12:e5:b2:91:b2:1b:4e:f3:e3:c2:
         e2:d5:1f:a4:92:60:60:69:12:57:17:cb:a7:ca:3e:5a:c6:a4:
         aa:81:84:a1:d1:90:a9:cc:ae:33:5e:38:3f:5b:7c:0c:cb:34:
         5c:80:d9:66:5d:20:af:06:9e:54:a2:8e:09:00:b4:7f:4b:50:
         5f:4c:7c:52:d8:bd:4e:1d:68:eb:65:75:d2:fc:e5:0d:ed:b2:
         a2:0a:50:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRBXGIHFHAZvwACg/9i6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NzI5ZjlkMDc4NmY2OGExZWNkNWM1YTkyYmMzOTJkODY5
MTk3NWUwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZmZDJkMDg4OTEzODI5M2ZlNGU2MTBlYTZjNGMyN2YxM2ZjYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho3bTWx40MtbefJtVYKD1SVR9pm8
vypqRxY71NncYf6sYCtIp39tUTYI5ursYzGKvzH52tFs8nsnL6/OtXEoti1HoQT1
l91maEbGbLnkJrDTx5GGSRO8DM+xSNT5SkaxI7wVP+rQ7YnYMGVsTnGDN8eNsyPO
b+/08NPwmzePovR84lIlF3QSq8KTA3gYJKhnJ9EligocXTzD5Ge82buHxdc8zLVr
PEsPtKv0X1Cn5nsPeuY6Xcso3iqQQ/ADepqOgi9EBMT7BsVSNl7PHzLZ0CWNm/RZ
helc50MgmGPXdlHqZNbgNFoZh1N40M8eVKrLQCndi/j9hPvHfLCehrD0lwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPD/0tCIkTgpP+TmEOpsTCfxP8pIMB8GA1UdIwQY
MBaAFGZyn50HhvaKHs1cWpK8OS2GkZdeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5LZm5RZUc5b29lelZ4YWtydzVMWWFSbDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8zODRkMDMtZjQ3OS00YmIyLWE4YWQt
YWQ1MTBlMDVkYTkyLzEvOFBfUzBJaVJPQ2tfNU9ZUTZteE1KX0VfeWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8zODRkMDMtZjQ3OS00YmIyLWE4YWQtYWQ1MTBlMDVkYTky
LzEvWm5LZm5RZUc5b29lelZ4YWtydzVMWWFSbDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueKoMA0E
AgACMAcDBQAqCfvAMA0GCSqGSIb3DQEBCwUAA4IBAQCgM8I0nnPWUUs4t7ud5ag2
XGnE6bVuxGa/puHTJIcxzKAT3BuxrbaGX9nGCWW2lfREC8Ro6PdX7OCvvYWYmqUw
YhkhokwKtJ0jMqc6MY/G+cJufw+mE9hMubzrIPqt3+VHd7ObAWzpX3520dhn97Zi
JQshKRgLzZwwPNfr+poH6Rfd28yx1NNBj0eAHvGms8d+8APds++6fHbIopCSBh3R
j3obqoDOHXG8LBLlspGyG07z48Li1R+kkmBgaRJXF8unyj5axqSqgYSh0ZCpzK4z
Xjg/W3wMyzRcgNlmXSCvBp5Uoo4JALR/S1BfTHxS2L1OHWjrZXXS/OUN7bKiClCU
-----END CERTIFICATE-----