Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/8FzhGMtZv2x-9zLN2UYHeQV341o.roa
File:                     8FzhGMtZv2x-9zLN2UYHeQV341o.roa (raw, json)
Hash identifier:          qGnveFjiOnO4NOM7gilbdoFw5wFNnGKNy0BPR46F8X8=
Subject key identifier:   F0:5C:E1:18:CB:59:BF:6C:7E:F7:32:CD:D9:46:07:79:05:77:E3:5A
Certificate issuer:       /CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
Certificate serial:       01942067B9C75FC187523B536011E22BA37B
Authority key identifier: 32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/8FzhGMtZv2x-9zLN2UYHeQV341o.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204331
IP address blocks:        185.253.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:b9:c7:5f:c1:87:52:3b:53:60:11:e2:2b:a3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f05ce118cb59bf6c7ef732cdd94607790577e35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ad:f9:06:55:34:b6:12:c0:6f:da:6a:c9:13:
                    7e:c4:ae:97:d4:9b:a4:bd:e1:f9:f6:0a:61:d6:75:
                    05:08:3b:92:e4:7d:98:3c:8f:3b:59:6b:cf:7b:09:
                    86:f4:0f:f0:4b:d0:b3:e1:b5:c4:b4:5d:22:17:5f:
                    83:10:a1:07:41:9e:73:e2:79:43:3d:44:72:39:6f:
                    9c:9d:08:b9:23:d1:c2:36:4c:3a:e5:2d:ab:31:c1:
                    53:bc:ad:67:9d:c5:1e:de:e3:40:4c:8e:7f:78:89:
                    23:fb:c4:94:14:4a:5f:19:fe:a8:cd:79:cc:66:23:
                    2a:09:57:c5:0c:08:9c:03:f2:e0:58:82:e4:0a:1d:
                    54:c6:58:a4:24:15:93:88:a7:34:69:3a:65:b8:5f:
                    01:8a:fe:c9:a7:de:f6:b0:32:fc:a8:b4:a5:a5:08:
                    1d:00:75:37:5e:de:e7:8b:38:14:79:1e:62:8d:f3:
                    f5:d4:6a:e9:2b:b3:a1:22:b7:b5:90:15:21:fb:7e:
                    5a:37:9b:15:f4:54:e0:98:24:af:6e:7d:4d:78:41:
                    37:49:78:77:64:5f:0a:60:da:f5:ba:32:5f:c2:8f:
                    89:f5:4d:03:e5:51:f8:87:5f:24:68:8d:59:3d:77:
                    39:64:65:3f:32:55:47:72:0e:00:b1:5c:51:40:68:
                    98:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5C:E1:18:CB:59:BF:6C:7E:F7:32:CD:D9:46:07:79:05:77:E3:5A
            X509v3 Authority Key Identifier:
                keyid:32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/8FzhGMtZv2x-9zLN2UYHeQV341o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:08:6d:ef:2d:d1:a5:f7:6f:01:b2:9f:08:dd:a6:40:3c:13:
         26:12:de:e1:cb:c8:c1:6e:ed:b7:87:e4:be:d2:d4:36:32:09:
         f6:5b:78:74:13:88:c6:83:11:43:60:cd:ab:d5:7b:d1:e4:f5:
         e7:82:54:eb:42:03:93:79:90:f8:0d:65:53:3d:c3:41:58:97:
         54:91:cc:df:6f:d1:f1:71:6b:55:0b:19:23:97:13:1b:65:23:
         e1:11:9f:88:cf:fd:5c:e4:ce:f6:8f:1e:42:38:36:a5:69:b8:
         64:28:8d:53:84:f7:44:27:fb:c3:21:93:14:2b:ee:ff:4d:3a:
         6e:1b:97:63:e2:97:ef:5b:e6:68:de:3c:1e:28:4b:5e:bc:70:
         a2:e4:ea:0e:47:57:a0:6f:9e:46:9d:f9:a2:df:7e:cf:98:43:
         64:27:ba:0a:b3:71:a6:b3:f7:82:62:36:58:0c:18:47:12:5f:
         a6:4f:af:9f:4a:d4:95:a5:7c:6e:c5:d1:cb:34:c8:56:e0:b0:
         51:c8:81:54:5c:64:29:6e:7e:0a:1f:56:f3:6d:44:4c:f9:6f:
         86:e8:7f:68:4b:ad:9a:68:d4:75:25:1a:a8:ee:12:41:0d:96:
         a9:4a:08:5e:56:ed:e1:d0:40:fc:c7:44:2d:42:68:fa:be:31:
         55:90:02:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7nHX8GHUjtTYBHiK6N7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMjYzOWIzNWU1ZDlkMGZiMzY5NmZlMmZkNjFjYjZmNGMz
ZmE1MDQwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDVjZTExOGNiNTliZjZjN2VmNzMyY2RkOTQ2MDc3OTA1NzdlMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnq35BlU0thLAb9pqyRN+xK6X1Juk
veH59gph1nUFCDuS5H2YPI87WWvPewmG9A/wS9Cz4bXEtF0iF1+DEKEHQZ5z4nlD
PURyOW+cnQi5I9HCNkw65S2rMcFTvK1nncUe3uNATI5/eIkj+8SUFEpfGf6ozXnM
ZiMqCVfFDAicA/LgWILkCh1UxlikJBWTiKc0aTpluF8Biv7Jp972sDL8qLSlpQgd
AHU3Xt7nizgUeR5ijfP11GrpK7OhIre1kBUh+35aN5sV9FTgmCSvbn1NeEE3SXh3
ZF8KYNr1ujJfwo+J9U0D5VH4h18kaI1ZPXc5ZGU/MlVHcg4AsVxRQGiYCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBc4RjLWb9sfvcyzdlGB3kFd+NaMB8GA1UdIwQY
MBaAFDImObNeXZ0Ps2lv4v1hy29MP6UEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmIt
YjViM2FlYWU5OGVhLzEvOEZ6aEdNdFp2MngtOXpMTjJVWUhlUVYzNDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmItYjViM2FlYWU5OGVh
LzEvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf1MMA0G
CSqGSIb3DQEBCwUAA4IBAQCiCG3vLdGl928Bsp8I3aZAPBMmEt7hy8jBbu23h+S+
0tQ2Mgn2W3h0E4jGgxFDYM2r1XvR5PXnglTrQgOTeZD4DWVTPcNBWJdUkczfb9Hx
cWtVCxkjlxMbZSPhEZ+Iz/1c5M72jx5CODalabhkKI1ThPdEJ/vDIZMUK+7/TTpu
G5dj4pfvW+Zo3jweKEtevHCi5OoOR1egb55Gnfmi337PmENkJ7oKs3Gms/eCYjZY
DBhHEl+mT6+fStSVpXxuxdHLNMhW4LBRyIFUXGQpbn4KH1bzbURM+W+G6H9oS62a
aNR1JRqo7hJBDZapSgheVu3h0ED8x0QtQmj6vjFVkAL0
-----END CERTIFICATE-----