Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/J8DHZy4tMi-CFo8AY9DJvx0HWac.roa
File:                     J8DHZy4tMi-CFo8AY9DJvx0HWac.roa (raw, json)
Hash identifier:          5pNADEij5vtMepG8+Pp6x2k3eZ8RSfQB0arADw8u/hQ=
Subject key identifier:   27:C0:C7:67:2E:2D:32:2F:82:16:8F:00:63:D0:C9:BF:1D:07:59:A7
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       0195234C11BF72FFF63FCEF3056FB9337AFC
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/J8DHZy4tMi-CFo8AY9DJvx0HWac.roa
Signing time:             Thu 20 Feb 2025 12:19:02 +0000
ROA not before:           Thu 20 Feb 2025 12:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        193.8.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:4c:11:bf:72:ff:f6:3f:ce:f3:05:6f:b9:33:7a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Feb 20 12:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27c0c7672e2d322f82168f0063d0c9bf1d0759a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:16:d3:d4:c7:96:24:71:4f:90:b9:45:c9:d2:
                    b2:0e:e8:21:60:c1:4f:fc:ba:96:45:b0:e0:a8:6a:
                    98:28:79:c1:19:24:1c:36:76:66:ac:6b:4c:44:65:
                    2a:72:02:04:84:3f:a7:d9:79:79:9e:a1:fb:45:4b:
                    54:aa:a8:c8:53:4e:0c:cc:6e:7f:ec:08:17:80:24:
                    07:57:65:d0:c4:5e:a2:bb:60:7a:1a:5f:ca:6a:af:
                    9e:09:e9:8b:5a:5d:00:47:21:b0:04:0e:c3:fc:7d:
                    53:c7:ab:ef:a5:2e:4c:08:59:73:47:e6:ed:94:d6:
                    dc:2d:4a:38:61:5b:89:99:ee:13:1f:83:5b:60:8f:
                    c1:f0:58:33:f3:41:f2:cd:81:48:71:11:16:da:2e:
                    73:b4:f3:9f:58:35:cd:51:f7:85:ae:1b:e9:a9:13:
                    a7:fa:32:e1:a0:83:70:38:03:55:f6:79:4a:23:2d:
                    fa:4c:d3:bd:72:9e:ae:00:9a:00:d4:0c:93:37:ee:
                    48:9b:00:01:de:22:a9:85:c6:23:16:7e:81:bd:b2:
                    e6:86:34:ea:ee:40:2f:d0:6a:03:a1:23:cf:04:5e:
                    8d:9f:b3:06:f8:ce:2d:84:df:65:a8:b9:aa:c5:84:
                    43:67:81:9d:53:3e:e2:2d:2f:e7:52:2d:9e:a3:fe:
                    cb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C0:C7:67:2E:2D:32:2F:82:16:8F:00:63:D0:C9:BF:1D:07:59:A7
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/J8DHZy4tMi-CFo8AY9DJvx0HWac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f9:9a:09:8f:17:3e:2e:ba:0e:08:6c:3a:9f:40:51:01:72:
         8f:9e:df:6d:b8:29:68:e5:83:85:1c:26:09:6b:22:ab:92:d1:
         4b:d5:80:f3:08:54:07:ed:bb:76:11:9b:29:df:23:44:c6:41:
         0c:65:d1:1e:f4:af:61:52:3a:38:6b:e7:1a:e8:82:c8:80:a4:
         35:ac:e2:66:fe:d0:2f:22:fe:3c:5e:f8:c3:48:bb:46:89:d3:
         d1:2c:35:6c:ab:6a:27:2f:7c:58:ae:bd:b9:3b:e0:87:e3:8a:
         d5:c5:c5:2a:5a:56:fe:d3:1b:05:cc:83:c3:c4:e3:86:52:75:
         d7:f8:10:a9:cc:57:9a:bc:2c:87:20:9b:b2:ea:6e:d4:75:b1:
         f5:18:a9:3b:2c:12:a2:1f:d2:e6:d3:8b:bd:09:d0:55:d9:72:
         9b:b6:32:55:89:ac:cf:3a:69:e0:67:6f:2e:a6:bf:67:e3:ba:
         99:f4:3d:6f:c2:12:b2:41:19:6d:a8:90:6f:2b:9f:a6:93:df:
         9b:e6:37:dc:06:bf:92:99:3c:26:dc:77:1d:bf:36:98:17:e2:
         5b:1f:c2:7c:3e:01:5b:3e:1c:00:47:2c:89:51:28:c5:bd:5a:
         73:66:04:d9:52:73:3e:e7:b2:bf:ef:1e:c8:ec:9b:a0:2f:c7:
         1e:d8:a0:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUjTBG/cv/2P87zBW+5M3r8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjUwMjIwMTIxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2MwYzc2NzJlMmQzMjJmODIxNjhmMDA2M2QwYzliZjFkMDc1OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxbT1MeWJHFPkLlFydKyDughYMFP
/LqWRbDgqGqYKHnBGSQcNnZmrGtMRGUqcgIEhD+n2Xl5nqH7RUtUqqjIU04MzG5/
7AgXgCQHV2XQxF6iu2B6Gl/Kaq+eCemLWl0ARyGwBA7D/H1Tx6vvpS5MCFlzR+bt
lNbcLUo4YVuJme4TH4NbYI/B8Fgz80HyzYFIcREW2i5ztPOfWDXNUfeFrhvpqROn
+jLhoINwOANV9nlKIy36TNO9cp6uAJoA1AyTN+5ImwAB3iKphcYjFn6BvbLmhjTq
7kAv0GoDoSPPBF6Nn7MG+M4thN9lqLmqxYRDZ4GdUz7iLS/nUi2eo/7LIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfAx2cuLTIvghaPAGPQyb8dB1mnMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvSjhESFp5NHRNaS1DRm84QVk5REp2eDBIV2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQjsMA0G
CSqGSIb3DQEBCwUAA4IBAQAl+ZoJjxc+LroOCGw6n0BRAXKPnt9tuClo5YOFHCYJ
ayKrktFL1YDzCFQH7bt2EZsp3yNExkEMZdEe9K9hUjo4a+ca6ILIgKQ1rOJm/tAv
Iv48XvjDSLtGidPRLDVsq2onL3xYrr25O+CH44rVxcUqWlb+0xsFzIPDxOOGUnXX
+BCpzFeavCyHIJuy6m7UdbH1GKk7LBKiH9Lm04u9CdBV2XKbtjJViazPOmngZ28u
pr9n47qZ9D1vwhKyQRltqJBvK5+mk9+b5jfcBr+SmTwm3HcdvzaYF+JbH8J8PgFb
PhwARyyJUSjFvVpzZgTZUnM+57K/7x7I7JugL8ce2KBU
-----END CERTIFICATE-----