Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/8iIYolCxGRxz8TNi8KfyB6eNhzo.roa
File:                     8iIYolCxGRxz8TNi8KfyB6eNhzo.roa (raw, json)
Hash identifier:          qCapP64kycDhbf/1rZ0laRWKXpyjDof/0V3kjvsJoMk=
Subject key identifier:   F2:22:18:A2:50:B1:19:1C:73:F1:33:62:F0:A7:F2:07:A7:8D:87:3A
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428266F31DE800EEE4061A75B991B49B7
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/8iIYolCxGRxz8TNi8KfyB6eNhzo.roa
Signing time:             Thu 02 Jan 2025 17:53:14 +0000
ROA not before:           Thu 02 Jan 2025 17:53:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7203
IP address blocks:        212.42.197.0/24 maxlen: 24
                          212.42.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:6f:31:de:80:0e:ee:40:61:a7:5b:99:1b:49:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f22218a250b1191c73f13362f0a7f207a78d873a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:bb:49:a0:36:dd:88:40:c7:c4:31:03:6e:2f:
                    c0:75:88:98:7d:2d:f4:18:7e:88:51:71:8d:06:d4:
                    7e:a3:92:b4:31:2b:70:74:d1:b4:19:6e:8a:3b:d0:
                    6d:1b:a4:83:55:e8:9c:c5:d1:ee:86:5a:7a:fb:ee:
                    7a:35:54:e7:5a:3f:26:31:d9:90:46:69:e0:c9:80:
                    a8:10:25:98:d4:74:51:ac:12:eb:e8:5e:3c:41:1e:
                    54:37:2c:54:4c:15:25:9f:53:7a:3c:01:a8:2c:4c:
                    9c:ce:81:0c:86:7b:cc:c1:49:30:bc:98:b5:7b:0c:
                    0e:de:d7:2e:13:3f:9c:59:5c:55:41:35:c9:3c:d4:
                    6e:8e:ef:0a:16:e1:aa:0f:e6:0f:eb:e8:3b:a0:32:
                    8c:3e:af:9b:1b:1d:ac:3b:cd:e0:85:f9:1d:a9:e7:
                    d8:86:03:25:25:78:8a:0c:5c:75:68:d3:10:91:db:
                    1f:43:69:06:91:6e:bb:c3:7f:d8:0f:80:b6:43:5d:
                    9f:fa:e3:b4:64:fa:3f:44:82:c7:11:c4:e9:a2:f1:
                    f4:4f:84:47:88:75:08:ec:61:56:c8:b8:4a:75:2f:
                    00:d3:2d:03:7e:11:e8:7a:83:34:aa:0b:af:6a:39:
                    5a:42:e2:01:c8:4b:38:fd:94:9d:b3:e8:cc:e9:b8:
                    ce:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:22:18:A2:50:B1:19:1C:73:F1:33:62:F0:A7:F2:07:A7:8D:87:3A
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/8iIYolCxGRxz8TNi8KfyB6eNhzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.42.197.0/24
                  212.42.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:46:38:e8:35:01:6c:5a:86:08:49:e5:f0:56:2a:5a:20:ed:
         76:73:ae:39:08:13:8d:7c:ab:6b:2a:22:d9:3f:c3:8d:bc:57:
         14:64:a9:90:36:ee:21:88:40:f6:fd:23:f6:a3:c1:9b:02:4e:
         01:4a:c0:27:94:0a:d6:00:58:57:05:2c:70:fe:bc:6b:d2:d5:
         a4:cb:4c:38:12:f3:38:88:2e:3f:40:58:39:bf:45:3d:6a:20:
         2a:17:6c:4e:42:4c:00:69:75:67:5d:e4:63:f2:95:c2:ce:71:
         3b:86:cf:44:fd:97:70:e6:c5:87:01:cd:f4:8e:6e:b0:76:00:
         fb:f4:87:5d:6f:73:d3:3c:54:dd:ed:2c:ca:a7:49:83:2a:ef:
         06:ea:f0:c1:dc:57:b2:4b:c6:94:ee:83:40:5c:c9:2c:c6:a5:
         07:c4:bc:75:83:5a:fb:17:a5:bf:d5:9e:71:c1:70:63:80:cd:
         58:0e:5e:93:d4:67:7d:fc:f1:e5:f2:45:c9:ac:f8:e5:54:7c:
         bd:68:5b:83:be:b7:c4:87:cd:83:33:df:58:ae:cc:bb:aa:ee:
         a3:55:a0:39:72:3c:de:ea:87:b4:ba:24:da:e4:3b:c0:35:ca:
         3e:13:66:03:a1:fe:d7:47:89:5e:62:4f:83:fc:ea:28:08:80:
         5b:a8:1b:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJm8x3oAO7kBhp1uZG0m3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjIyMThhMjUwYjExOTFjNzNmMTMzNjJmMGE3ZjIwN2E3OGQ4NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3btJoDbdiEDHxDEDbi/AdYiYfS30
GH6IUXGNBtR+o5K0MStwdNG0GW6KO9BtG6SDVeicxdHuhlp6++56NVTnWj8mMdmQ
RmngyYCoECWY1HRRrBLr6F48QR5UNyxUTBUln1N6PAGoLEyczoEMhnvMwUkwvJi1
ewwO3tcuEz+cWVxVQTXJPNRuju8KFuGqD+YP6+g7oDKMPq+bGx2sO83ghfkdqefY
hgMlJXiKDFx1aNMQkdsfQ2kGkW67w3/YD4C2Q12f+uO0ZPo/RILHEcTpovH0T4RH
iHUI7GFWyLhKdS8A0y0DfhHoeoM0qguvajlaQuIByEs4/ZSds+jM6bjOlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPIiGKJQsRkcc/EzYvCn8genjYc6MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvOGlJWW9sQ3hHUnh6OFROaThLZnlCNmVOaHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1CrFAwQA
1CrNMA0GCSqGSIb3DQEBCwUAA4IBAQBERjjoNQFsWoYISeXwVipaIO12c645CBON
fKtrKiLZP8ONvFcUZKmQNu4hiED2/SP2o8GbAk4BSsAnlArWAFhXBSxw/rxr0tWk
y0w4EvM4iC4/QFg5v0U9aiAqF2xOQkwAaXVnXeRj8pXCznE7hs9E/Zdw5sWHAc30
jm6wdgD79Iddb3PTPFTd7SzKp0mDKu8G6vDB3FeyS8aU7oNAXMksxqUHxLx1g1r7
F6W/1Z5xwXBjgM1YDl6T1Gd9/PHl8kXJrPjlVHy9aFuDvrfEh82DM99Yrsy7qu6j
VaA5cjze6oe0uiTa5DvANco+E2YDof7XR4leYk+D/OooCIBbqBtb
-----END CERTIFICATE-----