Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/8jp9A2yp5Ctl0aMaJZj7S5h9uCE.roa
File:                     8jp9A2yp5Ctl0aMaJZj7S5h9uCE.roa (raw, json)
Hash identifier:          WHkL8yvON59diJqVD7F/Lsgn1viIvZplizI2VcPWz8c=
Subject key identifier:   F2:3A:7D:03:6C:A9:E4:2B:65:D1:A3:1A:25:98:FB:4B:98:7D:B8:21
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       019427480E1DD1315FE2166C359F61EE75D9
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/8jp9A2yp5Ctl0aMaJZj7S5h9uCE.roa
Signing time:             Thu 02 Jan 2025 13:50:21 +0000
ROA not before:           Thu 02 Jan 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198885
IP address blocks:        5.61.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0e:1d:d1:31:5f:e2:16:6c:35:9f:61:ee:75:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: Jan  2 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f23a7d036ca9e42b65d1a31a2598fb4b987db821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:b8:c3:d1:51:21:0b:02:58:aa:14:b5:42:
                    1d:cc:e8:22:19:5d:83:dc:d7:2f:c0:59:af:6a:40:
                    b0:d0:1c:92:e3:b3:19:40:39:fc:56:02:70:b9:30:
                    88:60:c8:f5:6f:db:9d:97:27:e5:ad:9f:94:b2:0a:
                    e6:f9:7d:7f:7e:08:a0:59:41:35:38:cf:e4:3d:13:
                    20:92:01:9f:87:80:b1:b3:af:91:44:a7:54:25:ff:
                    9c:36:88:54:e5:1b:06:6e:f6:a3:18:99:8f:4d:52:
                    01:34:87:d9:82:a0:fc:41:34:45:ee:b4:f1:4c:f5:
                    0e:c1:85:24:a1:0f:7a:a8:c1:94:e7:39:b6:e7:80:
                    e9:b7:0e:38:76:49:15:7f:05:bf:34:0a:6a:6c:1a:
                    dc:7b:f4:a6:c9:93:24:ae:3b:0f:da:6b:00:0f:73:
                    0b:92:e3:19:12:cb:0a:26:0b:3c:60:3a:f3:a7:e4:
                    b9:91:bb:47:bd:68:66:88:d2:01:0a:2d:98:ef:07:
                    cf:ae:b2:a6:e6:04:06:85:31:02:ec:c9:74:c6:eb:
                    a5:44:84:7c:61:a8:8e:21:21:e3:1f:1a:2e:54:89:
                    3d:83:8d:c5:50:77:e7:ef:7e:65:e1:28:05:5a:df:
                    97:8f:d0:ca:dd:de:79:d3:53:85:cd:4e:ae:f7:f1:
                    79:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3A:7D:03:6C:A9:E4:2B:65:D1:A3:1A:25:98:FB:4B:98:7D:B8:21
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/8jp9A2yp5Ctl0aMaJZj7S5h9uCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:d5:aa:42:8a:3f:08:94:e8:3a:3b:4f:d0:6d:90:f0:68:79:
         8a:c2:22:7c:27:7b:40:6c:d0:80:de:a9:07:22:bf:a9:71:a9:
         33:7d:8e:96:43:aa:94:25:1a:ea:aa:be:95:13:85:6b:85:c7:
         17:06:33:68:8e:9e:f5:dd:33:9b:03:de:62:5c:c4:20:5c:7c:
         3a:02:eb:ed:15:24:96:59:71:bc:71:85:86:cb:d9:db:71:c0:
         50:81:e8:73:7d:27:02:15:4b:d9:29:69:21:27:a2:0d:4a:fd:
         c9:30:8c:49:07:12:31:4f:65:e6:57:c1:96:41:c6:07:01:ef:
         ee:20:cc:e8:c7:c0:8c:5b:69:b1:de:90:5a:a3:97:c9:be:8a:
         d2:f3:67:f0:fd:5b:34:29:13:77:80:51:24:44:43:b8:4e:74:
         74:db:a9:04:46:e4:ed:fc:83:ff:1d:d1:94:38:a5:eb:f1:b1:
         e4:0c:29:e7:65:c1:77:94:f2:4f:fd:66:25:82:ea:70:2a:5a:
         dc:b4:50:25:39:7c:36:62:4e:09:ca:26:35:0a:c7:db:8a:3b:
         ef:8d:5f:ab:50:22:25:51:3f:ff:d6:2e:46:0c:8a:7c:b3:e5:
         80:fc:bb:75:c1:02:9f:47:ee:78:62:7b:e9:22:fa:ef:f9:d3:
         20:cb:37:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSA4d0TFf4hZsNZ9h7nXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjUwMTAyMTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjNhN2QwMzZjYTllNDJiNjVkMWEzMWEyNTk4ZmI0Yjk4N2RiODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx324w9FRIQsCWKoUtUIdzOgiGV2D
3NcvwFmvakCw0ByS47MZQDn8VgJwuTCIYMj1b9udlyflrZ+Usgrm+X1/fgigWUE1
OM/kPRMgkgGfh4Cxs6+RRKdUJf+cNohU5RsGbvajGJmPTVIBNIfZgqD8QTRF7rTx
TPUOwYUkoQ96qMGU5zm254Dptw44dkkVfwW/NApqbBrce/SmyZMkrjsP2msAD3ML
kuMZEssKJgs8YDrzp+S5kbtHvWhmiNIBCi2Y7wfPrrKm5gQGhTEC7Ml0xuulRIR8
YaiOISHjHxouVIk9g43FUHfn735l4SgFWt+Xj9DK3d5501OFzU6u9/F5lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI6fQNsqeQrZdGjGiWY+0uYfbghMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvOGpwOUEyeXA1Q3RsMGFNYUpaajdTNWg5dUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT3LMA0G
CSqGSIb3DQEBCwUAA4IBAQCb1apCij8IlOg6O0/QbZDwaHmKwiJ8J3tAbNCA3qkH
Ir+pcakzfY6WQ6qUJRrqqr6VE4VrhccXBjNojp713TObA95iXMQgXHw6AuvtFSSW
WXG8cYWGy9nbccBQgehzfScCFUvZKWkhJ6INSv3JMIxJBxIxT2XmV8GWQcYHAe/u
IMzox8CMW2mx3pBao5fJvorS82fw/Vs0KRN3gFEkREO4TnR026kERuTt/IP/HdGU
OKXr8bHkDCnnZcF3lPJP/WYlgupwKlrctFAlOXw2Yk4JyiY1CsfbijvvjV+rUCIl
UT//1i5GDIp8s+WA/Lt1wQKfR+54YnvpIvrv+dMgyze/
-----END CERTIFICATE-----