Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/8criSeClq2Eu3zzop6X6ae-0yfY.roa
File:                     8criSeClq2Eu3zzop6X6ae-0yfY.roa (raw, json)
Hash identifier:          nOinS53G7GkxN9bqxtcws3EdTvx5t+9T2IsaBWfXBg8=
Subject key identifier:   F1:CA:E2:49:E0:A5:AB:61:2E:DF:3C:E8:A7:A5:FA:69:EF:B4:C9:F6
Certificate issuer:       /CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
Certificate serial:       0194214434814A16AB30FD479DE26035F07B
Authority key identifier: 69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/8criSeClq2Eu3zzop6X6ae-0yfY.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203836
IP address blocks:        194.34.200.0/24 maxlen: 24
                          194.34.201.0/24 maxlen: 24
                          194.34.202.0/24 maxlen: 24
                          194.34.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:34:81:4a:16:ab:30:fd:47:9d:e2:60:35:f0:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1cae249e0a5ab612edf3ce8a7a5fa69efb4c9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9c:25:a1:c4:12:ae:fd:3a:ad:ec:3e:3e:3b:
                    9e:dc:34:2f:df:39:fc:54:e4:64:b8:57:34:bd:c4:
                    23:51:1a:81:76:6b:b7:16:23:56:43:a2:35:13:1b:
                    e8:8e:13:8c:e0:59:70:78:46:95:44:35:e7:32:3a:
                    74:dd:88:e4:b5:07:7d:30:1a:37:60:3c:99:7e:25:
                    34:cc:b3:d1:af:f9:f5:1b:3d:6b:e7:d6:92:06:11:
                    f0:60:21:7b:b6:ad:79:69:0f:b4:8f:05:46:44:5d:
                    89:05:f8:ad:93:c8:c2:78:d5:a3:68:ae:67:de:4e:
                    57:96:3d:ef:7e:d5:0d:c0:72:ce:5d:bd:fb:e5:fc:
                    1d:84:96:5f:a9:ec:ec:19:7b:b6:fe:e6:21:43:50:
                    18:80:15:21:56:16:24:43:71:df:ee:ba:d8:82:3a:
                    9d:74:59:52:f3:0c:f8:97:71:0e:ac:e6:98:7f:0c:
                    38:4c:b9:e0:52:37:98:c2:c6:e2:4c:89:68:cb:4d:
                    0a:07:d6:49:2e:e8:17:53:2e:d4:f6:24:66:8a:2e:
                    b9:f7:a5:6a:12:1f:9e:3f:25:b1:ff:a6:2f:eb:e8:
                    66:2a:8d:05:9d:fe:90:b3:a6:bb:fa:d8:0d:cf:0b:
                    96:92:49:ae:09:a7:63:ee:1d:32:6a:c1:3e:35:01:
                    f8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CA:E2:49:E0:A5:AB:61:2E:DF:3C:E8:A7:A5:FA:69:EF:B4:C9:F6
            X509v3 Authority Key Identifier:
                keyid:69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/8criSeClq2Eu3zzop6X6ae-0yfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:80:fd:2b:b6:d7:b4:67:8e:3f:5e:20:65:00:45:5f:be:06:
         a4:88:56:39:be:50:f0:5b:42:87:bc:31:80:f9:4c:fa:c7:8c:
         98:87:70:96:f4:26:34:80:3d:ca:8e:0c:16:2a:40:e6:4c:6b:
         86:f5:84:fc:d6:a3:18:ad:7d:8e:01:09:96:ac:61:97:3e:2d:
         89:43:8d:d9:fc:ef:a4:fb:a6:42:27:14:bf:bd:eb:a8:ea:0f:
         77:e4:6c:9a:4b:54:eb:87:82:88:e1:11:2f:b0:6d:93:dc:02:
         f9:ca:9d:4e:9e:d1:1a:11:8e:2c:04:c1:5d:04:51:dc:16:43:
         9d:c5:71:45:ce:60:a7:4f:82:40:7e:a7:1b:ae:9d:ed:c6:85:
         2e:1c:78:9c:58:c9:95:08:39:ba:5b:0c:4b:bc:ce:ef:cc:eb:
         fe:7e:58:ef:26:f3:41:b9:48:51:0b:1a:37:92:fc:df:86:32:
         13:f3:14:eb:dd:f4:1c:48:0e:74:76:60:8a:42:f9:ce:11:da:
         14:38:77:54:52:57:0a:d8:a1:6a:eb:32:98:86:f8:01:85:a8:
         fe:c1:c4:d7:3a:31:5a:57:07:43:5f:58:17:e8:46:7b:56:d8:
         3b:6a:47:36:e5:f4:34:68:65:08:3a:17:19:0e:92:20:fd:ad:
         73:f0:2d:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDSBSharMP1HneJgNfB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODU0YTU3YWIwZDhhM2M5MjJjOGY2YTc5YWE4ZmU4YTZh
MmMwOWUwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNhZTI0OWUwYTVhYjYxMmVkZjNjZThhN2E1ZmE2OWVmYjRjOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpwlocQSrv06rew+Pjue3DQv3zn8
VORkuFc0vcQjURqBdmu3FiNWQ6I1ExvojhOM4FlweEaVRDXnMjp03YjktQd9MBo3
YDyZfiU0zLPRr/n1Gz1r59aSBhHwYCF7tq15aQ+0jwVGRF2JBfitk8jCeNWjaK5n
3k5Xlj3vftUNwHLOXb375fwdhJZfqezsGXu2/uYhQ1AYgBUhVhYkQ3Hf7rrYgjqd
dFlS8wz4l3EOrOaYfww4TLngUjeYwsbiTIloy00KB9ZJLugXUy7U9iRmii6596Vq
Eh+ePyWx/6Yv6+hmKo0Fnf6Qs6a7+tgNzwuWkkmuCadj7h0yasE+NQH4uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHK4kngpathLt886Kel+mnvtMn2MB8GA1UdIwQY
MBaAFGmFSlerDYo8kiyPanmqj+imosCeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQt
NTIzOGIwMzU0NWNhLzEvOGNyaVNlQ2xxMkV1M3p6b3A2WDZhZS0weWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQtNTIzOGIwMzU0NWNh
LzEvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiLIMA0G
CSqGSIb3DQEBCwUAA4IBAQC9gP0rtte0Z44/XiBlAEVfvgakiFY5vlDwW0KHvDGA
+Uz6x4yYh3CW9CY0gD3KjgwWKkDmTGuG9YT81qMYrX2OAQmWrGGXPi2JQ43Z/O+k
+6ZCJxS/veuo6g935GyaS1Trh4KI4REvsG2T3AL5yp1OntEaEY4sBMFdBFHcFkOd
xXFFzmCnT4JAfqcbrp3txoUuHHicWMmVCDm6WwxLvM7vzOv+fljvJvNBuUhRCxo3
kvzfhjIT8xTr3fQcSA50dmCKQvnOEdoUOHdUUlcK2KFq6zKYhvgBhaj+wcTXOjFa
VwdDX1gX6EZ7Vtg7akc25fQ0aGUIOhcZDpIg/a1z8C2U
-----END CERTIFICATE-----