Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/sjMZT67l8DT5c2OCQ0eZwsJvZOs.roa
File:                     sjMZT67l8DT5c2OCQ0eZwsJvZOs.roa (raw, json)
Hash identifier:          eE5iDtLrCkQogodNmuQSyO46uKWAFjSRZ5se0Gx5RvI=
Subject key identifier:   B2:33:19:4F:AE:E5:F0:34:F9:73:63:82:43:47:99:C2:C2:6F:64:EB
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194266B8178DB620B6BAA4BA81E27F5001B
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/sjMZT67l8DT5c2OCQ0eZwsJvZOs.roa
Signing time:             Thu 02 Jan 2025 09:49:27 +0000
ROA not before:           Thu 02 Jan 2025 09:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204130
IP address blocks:        185.47.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:81:78:db:62:0b:6b:aa:4b:a8:1e:27:f5:00:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 09:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b233194faee5f034f9736382434799c2c26f64eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8f:a1:8d:d8:dd:a9:7c:49:ea:79:85:4f:6c:
                    91:37:cb:2f:a0:1a:0a:2f:5a:01:8d:82:10:4d:40:
                    ac:e2:df:87:50:86:4f:be:57:20:31:0e:26:20:cd:
                    6e:9f:9e:e1:c6:ac:7d:aa:4f:43:75:25:12:c0:93:
                    23:1f:9e:b5:50:ac:98:d9:66:ac:3a:46:0c:9c:6e:
                    ae:f0:89:ea:1d:47:42:76:ec:48:f9:f6:bc:42:00:
                    ed:56:b4:0a:83:67:a3:92:ef:bf:a3:62:fb:e4:e5:
                    c2:59:1f:be:35:61:0c:ad:18:5d:fc:8a:c9:96:d0:
                    d4:c4:ae:7b:a3:01:ae:8c:5c:b4:ab:67:77:e6:b6:
                    14:f6:75:e3:18:68:f6:53:e3:24:db:ea:31:f5:12:
                    0e:55:9d:08:10:4c:18:d5:c3:c7:66:e1:43:76:88:
                    31:2f:ef:87:34:8f:0b:d7:4e:f8:a9:77:c6:3d:27:
                    36:5e:ed:31:f6:13:15:9d:2a:63:21:8c:b6:d2:fd:
                    6b:28:2d:ae:30:b1:4c:56:e3:d6:e2:05:a6:e5:5e:
                    c9:2c:30:89:41:d2:59:a1:25:07:22:d4:76:8a:4a:
                    87:25:c9:68:c1:56:c2:f1:a1:54:35:de:1f:0c:2c:
                    78:ca:72:11:b2:e0:e2:28:74:03:f2:8d:16:1b:43:
                    a5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:33:19:4F:AE:E5:F0:34:F9:73:63:82:43:47:99:C2:C2:6F:64:EB
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/sjMZT67l8DT5c2OCQ0eZwsJvZOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:42:b2:be:3e:c6:dd:7f:35:ed:62:4d:5c:5f:e0:40:15:9c:
         c7:fe:2f:c1:5a:f4:c6:42:c7:97:f9:db:45:d3:08:da:4a:a9:
         0e:6d:54:db:70:66:22:09:01:07:d4:57:66:fa:a8:75:1b:ac:
         27:12:6e:7c:bd:89:56:3f:29:e4:83:fd:38:90:a4:e3:f4:2d:
         f0:66:9e:e1:c1:63:6d:db:08:fb:f7:75:5f:04:25:01:9e:3f:
         22:6b:83:9b:a5:62:d1:c6:d1:f7:8e:62:40:c7:6b:ab:d9:37:
         81:2c:60:1d:1f:68:83:5a:e1:59:2e:6c:7a:f3:f2:84:6f:10:
         5f:5c:ce:ce:07:ef:8e:3f:fa:ef:8d:7b:3d:2b:38:f7:94:a6:
         64:2b:a4:bc:26:0f:1a:e1:5f:c8:28:da:1d:e3:c5:80:ac:fb:
         48:d1:2d:b3:f4:91:d7:88:eb:31:91:3c:71:75:22:7b:11:94:
         a6:8c:68:31:9f:37:5a:2d:0a:0b:cb:91:7e:06:79:d4:f6:1a:
         f5:cd:c2:a8:9c:3d:d6:b5:1c:96:3f:0d:7f:d1:b0:b6:70:18:
         95:fd:72:26:4a:00:52:58:16:0e:9c:39:95:f3:c7:cb:26:18:
         ea:be:75:8a:7a:ab:8d:dc:90:c4:d5:29:fb:a9:6d:b1:7b:ab:
         21:13:f9:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4F422ILa6pLqB4n9QAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTAyMDk0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjMzMTk0ZmFlZTVmMDM0Zjk3MzYzODI0MzQ3OTljMmMyNmY2NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI+hjdjdqXxJ6nmFT2yRN8svoBoK
L1oBjYIQTUCs4t+HUIZPvlcgMQ4mIM1un57hxqx9qk9DdSUSwJMjH561UKyY2Was
OkYMnG6u8InqHUdCduxI+fa8QgDtVrQKg2ejku+/o2L75OXCWR++NWEMrRhd/IrJ
ltDUxK57owGujFy0q2d35rYU9nXjGGj2U+Mk2+ox9RIOVZ0IEEwY1cPHZuFDdogx
L++HNI8L1074qXfGPSc2Xu0x9hMVnSpjIYy20v1rKC2uMLFMVuPW4gWm5V7JLDCJ
QdJZoSUHItR2ikqHJclowVbC8aFUNd4fDCx4ynIRsuDiKHQD8o0WG0OlEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIzGU+u5fA0+XNjgkNHmcLCb2TrMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvc2pNWlQ2N2w4RFQ1YzJPQ1EwZVp3c0p2Wk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS8IMA0G
CSqGSIb3DQEBCwUAA4IBAQAdQrK+PsbdfzXtYk1cX+BAFZzH/i/BWvTGQseX+dtF
0wjaSqkObVTbcGYiCQEH1Fdm+qh1G6wnEm58vYlWPynkg/04kKTj9C3wZp7hwWNt
2wj793VfBCUBnj8ia4ObpWLRxtH3jmJAx2ur2TeBLGAdH2iDWuFZLmx68/KEbxBf
XM7OB++OP/rvjXs9Kzj3lKZkK6S8Jg8a4V/IKNod48WArPtI0S2z9JHXiOsxkTxx
dSJ7EZSmjGgxnzdaLQoLy5F+BnnU9hr1zcKonD3WtRyWPw1/0bC2cBiV/XImSgBS
WBYOnDmV88fLJhjqvnWKequN3JDE1Sn7qW2xe6shE/m/
-----END CERTIFICATE-----