Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/bm8bVIPNaA-bltdEZPHxvRw4XQU.roa
File:                     bm8bVIPNaA-bltdEZPHxvRw4XQU.roa (raw, json)
Hash identifier:          DdBeXwj6zhT54fs1VrM1Iq2GimR5mvINmSrgTPAY9tY=
Subject key identifier:   6E:6F:1B:54:83:CD:68:0F:9B:96:D7:44:64:F1:F1:BD:1C:38:5D:05
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       01942669E93CACC83F77167B2FF6D0F6598C
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/bm8bVIPNaA-bltdEZPHxvRw4XQU.roa
Signing time:             Thu 02 Jan 2025 09:47:42 +0000
ROA not before:           Thu 02 Jan 2025 09:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        193.8.236.0/23 maxlen: 23
                          193.8.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:e9:3c:ac:c8:3f:77:16:7b:2f:f6:d0:f6:59:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Jan  2 09:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e6f1b5483cd680f9b96d74464f1f1bd1c385d05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:09:69:99:2a:49:29:02:83:28:d8:2f:05:ab:
                    13:29:c6:26:99:41:22:69:34:c7:85:5b:71:9e:df:
                    dc:7c:5f:a4:24:8d:c4:ce:4b:b8:b2:74:61:f5:bf:
                    de:f8:b8:8d:e7:20:ee:a1:46:23:29:0b:f1:c2:69:
                    37:d0:9a:d6:bb:b7:7c:f2:a4:1e:cd:f4:c8:8d:0c:
                    ec:9b:7c:ac:cc:aa:5d:02:9a:35:db:82:3b:07:fd:
                    9a:43:c5:32:f2:66:ad:6c:14:71:bd:23:10:34:00:
                    1f:8c:2f:ef:ec:84:e9:8e:38:eb:7b:df:fe:cc:f3:
                    2d:15:11:97:c2:19:c6:39:14:6c:66:9b:f2:25:8d:
                    56:30:1c:20:80:07:b3:bb:60:6e:11:2c:f8:ea:91:
                    b7:e4:49:cd:57:97:42:04:df:26:b6:8c:66:35:65:
                    d0:02:d9:27:0a:68:ae:f7:30:d7:07:5c:20:f5:f3:
                    df:88:24:b0:f3:29:a6:fb:6c:9c:29:b9:18:56:54:
                    54:39:d9:18:4b:09:38:cb:b9:95:b3:dd:b9:3b:9b:
                    d9:6f:03:0c:45:be:96:04:bf:f3:5b:23:73:20:2e:
                    03:31:53:0e:bf:4c:5b:69:87:9b:a6:45:72:f1:db:
                    8e:b9:c2:e5:52:0c:04:a3:e0:0f:81:bb:92:45:d3:
                    2c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6F:1B:54:83:CD:68:0F:9B:96:D7:44:64:F1:F1:BD:1C:38:5D:05
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/bm8bVIPNaA-bltdEZPHxvRw4XQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:d9:12:fc:c4:0a:fe:d9:60:3a:a4:21:b3:63:ba:88:1f:78:
         2c:ff:2b:15:b2:e9:c6:71:e5:0f:94:18:08:7a:e4:67:1d:b5:
         4f:05:02:af:5b:f5:73:6c:35:f0:0f:f0:06:44:a1:7c:6b:2b:
         70:37:4d:7c:ac:b9:eb:98:cf:ca:14:2c:49:70:08:d8:cc:5e:
         14:ca:dd:04:9c:c6:d9:41:44:bc:fc:26:11:a1:7d:65:ec:9f:
         dd:74:e3:25:2f:2a:5b:36:a5:99:65:8a:b3:b6:31:2c:48:f4:
         13:93:1e:8c:2f:36:41:d2:60:d3:2d:0d:e4:eb:cf:d1:38:3b:
         70:f1:9d:91:8b:12:5f:b5:6d:26:d1:b2:58:17:45:62:58:a2:
         60:db:9b:03:eb:fc:82:1c:67:49:65:fc:c7:b5:3d:1a:9e:5c:
         8c:92:eb:5d:21:b9:f3:a5:76:27:ca:78:86:f9:45:e7:b3:10:
         83:d6:1e:07:9b:48:ea:68:66:b6:1e:f4:74:df:7d:9a:6e:6e:
         d0:d3:29:96:5e:aa:3c:37:35:4a:ef:46:d7:eb:a4:d7:a7:6f:
         b7:f9:39:2f:80:3c:6d:6c:ed:04:1e:db:17:e7:83:be:37:07:
         f8:a2:2a:3b:ea:08:29:24:29:25:05:bc:08:e2:7a:80:51:9d:
         9b:ae:65:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaek8rMg/dxZ7L/bQ9lmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjUwMTAyMDk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZmMWI1NDgzY2Q2ODBmOWI5NmQ3NDQ2NGYxZjFiZDFjMzg1ZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAlpmSpJKQKDKNgvBasTKcYmmUEi
aTTHhVtxnt/cfF+kJI3Ezku4snRh9b/e+LiN5yDuoUYjKQvxwmk30JrWu7d88qQe
zfTIjQzsm3yszKpdApo124I7B/2aQ8Uy8matbBRxvSMQNAAfjC/v7ITpjjjre9/+
zPMtFRGXwhnGORRsZpvyJY1WMBwggAezu2BuESz46pG35EnNV5dCBN8mtoxmNWXQ
AtknCmiu9zDXB1wg9fPfiCSw8ymm+2ycKbkYVlRUOdkYSwk4y7mVs925O5vZbwMM
Rb6WBL/zWyNzIC4DMVMOv0xbaYebpkVy8duOucLlUgwEo+APgbuSRdMs9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5vG1SDzWgPm5bXRGTx8b0cOF0FMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvYm04YlZJUE5hQS1ibHRkRVpQSHh2Unc0WFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQjsMA0G
CSqGSIb3DQEBCwUAA4IBAQA+2RL8xAr+2WA6pCGzY7qIH3gs/ysVsunGceUPlBgI
euRnHbVPBQKvW/VzbDXwD/AGRKF8aytwN018rLnrmM/KFCxJcAjYzF4Uyt0EnMbZ
QUS8/CYRoX1l7J/ddOMlLypbNqWZZYqztjEsSPQTkx6MLzZB0mDTLQ3k68/RODtw
8Z2RixJftW0m0bJYF0ViWKJg25sD6/yCHGdJZfzHtT0anlyMkutdIbnzpXYnyniG
+UXnsxCD1h4Hm0jqaGa2HvR0332abm7Q0ymWXqo8NzVK70bX66TXp2+3+TkvgDxt
bO0EHtsX54O+Nwf4oio76ggpJCklBbwI4nqAUZ2brmXy
-----END CERTIFICATE-----