Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/8AY6X4XCRyiZxzFlt6tsbjR30jM.roa
File:                     8AY6X4XCRyiZxzFlt6tsbjR30jM.roa (raw, json)
Hash identifier:          5ZRaImHY2F/S3wQVqNNqg0MgU/7l0llwd1UlTTznV7w=
Subject key identifier:   F0:06:3A:5F:85:C2:47:28:99:C7:31:65:B7:AB:6C:6E:34:77:D2:33
Certificate issuer:       /CN=64dfe26d403141be9059ab2144325b402d4cab7d
Certificate serial:       019423D6E45B66AF291FCA1AF3E3DA0D16EA
Authority key identifier: 64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/8AY6X4XCRyiZxzFlt6tsbjR30jM.roa
Signing time:             Wed 01 Jan 2025 21:47:52 +0000
ROA not before:           Wed 01 Jan 2025 21:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57000
IP address blocks:        176.241.84.0/24 maxlen: 24
                          176.241.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e4:5b:66:af:29:1f:ca:1a:f3:e3:da:0d:16:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64dfe26d403141be9059ab2144325b402d4cab7d
        Validity
            Not Before: Jan  1 21:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0063a5f85c2472899c73165b7ab6c6e3477d233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:91:54:a1:36:9d:e0:b8:7e:56:56:77:38:a1:
                    1e:a0:fb:ec:02:8d:c4:58:8c:c4:fc:02:60:62:79:
                    5d:ae:5f:4b:2d:d4:b6:84:9b:cf:1d:6a:9a:8d:08:
                    d9:f0:de:fd:40:9f:fd:2a:cc:cf:b6:f8:3f:c0:23:
                    df:9f:0d:24:a9:1d:c0:4c:64:e9:4d:95:ec:0e:d0:
                    b1:b9:ab:3a:4d:dc:34:8e:c3:c0:57:b5:b4:35:a5:
                    e0:da:c9:a6:37:32:ce:31:34:c5:5b:a1:2a:e6:73:
                    37:9e:dc:58:7a:28:9a:87:4f:cc:c0:46:2c:8d:c7:
                    c3:6b:35:3a:50:cb:53:0c:ec:f8:26:cd:e0:70:5e:
                    1f:cc:9d:cd:ca:be:90:19:2e:37:d0:5a:a8:cf:bd:
                    b8:39:67:fc:ef:58:6b:c6:14:84:6b:41:40:68:60:
                    d6:72:74:5e:e9:8c:13:89:53:7e:31:29:1d:84:a3:
                    66:3c:23:9c:81:c1:24:65:d8:d4:ef:d6:e5:cc:2d:
                    01:55:ae:69:1e:99:5d:77:7d:9f:c5:b6:a2:7b:a9:
                    47:c2:5e:22:28:d8:57:06:fc:a3:0b:15:4e:d3:90:
                    62:07:d5:a4:56:31:70:86:25:65:0b:a9:58:06:4b:
                    d2:7a:b1:2a:81:55:be:99:32:71:da:07:0d:4a:47:
                    c1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:06:3A:5F:85:C2:47:28:99:C7:31:65:B7:AB:6C:6E:34:77:D2:33
            X509v3 Authority Key Identifier:
                keyid:64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/8AY6X4XCRyiZxzFlt6tsbjR30jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.241.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:b8:27:59:7d:8c:ff:cc:76:1e:1b:29:2a:6a:3e:bf:20:e5:
         9c:88:d2:19:ab:a1:b1:d8:3e:ab:69:aa:b1:4f:59:22:2b:81:
         e3:3b:44:04:43:97:2e:50:d6:7c:03:1d:0b:01:bc:30:c4:88:
         08:aa:b5:9f:2c:88:cf:48:a4:c6:b2:3c:33:33:48:31:08:11:
         57:6e:dc:0a:7c:40:64:8c:aa:96:3a:5b:55:b0:51:ef:53:08:
         65:5f:69:17:3f:03:74:09:94:19:ab:6b:83:fd:09:f9:5a:e2:
         3f:7a:81:96:85:c8:da:bc:a3:df:96:68:5f:67:02:ed:e3:6a:
         c6:a8:28:5a:a5:d9:70:42:ae:e3:02:bc:23:d2:52:0e:f6:ac:
         9c:65:8e:fb:d6:d2:44:d2:c8:55:64:2d:08:b8:4b:ce:97:68:
         6d:7c:0d:dc:2d:1a:12:24:14:d7:0b:33:23:fb:ce:90:57:da:
         78:4c:20:55:53:3d:a7:7b:1e:87:98:8e:a7:a9:62:71:94:c3:
         64:56:e2:a6:73:91:b1:31:54:9c:24:ae:92:05:ae:98:7a:35:
         ea:0e:56:9e:a7:28:be:05:49:ab:5f:89:5a:e5:52:df:f1:e7:
         6f:50:42:5c:70:33:03:ea:48:84:27:6c:fa:dd:6d:63:cf:d6:
         96:fa:f1:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1uRbZq8pH8oa8+PaDRbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGZlMjZkNDAzMTQxYmU5MDU5YWIyMTQ0MzI1YjQwMmQ0
Y2FiN2QwHhcNMjUwMTAxMjE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA2M2E1Zjg1YzI0NzI4OTljNzMxNjViN2FiNmM2ZTM0NzdkMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupFUoTad4Lh+VlZ3OKEeoPvsAo3E
WIzE/AJgYnldrl9LLdS2hJvPHWqajQjZ8N79QJ/9KszPtvg/wCPfnw0kqR3ATGTp
TZXsDtCxuas6Tdw0jsPAV7W0NaXg2smmNzLOMTTFW6Eq5nM3ntxYeiiah0/MwEYs
jcfDazU6UMtTDOz4Js3gcF4fzJ3Nyr6QGS430Fqoz724OWf871hrxhSEa0FAaGDW
cnRe6YwTiVN+MSkdhKNmPCOcgcEkZdjU79blzC0BVa5pHpldd32fxbaie6lHwl4i
KNhXBvyjCxVO05BiB9WkVjFwhiVlC6lYBkvSerEqgVW+mTJx2gcNSkfBowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAGOl+FwkcomccxZberbG40d9IzMB8GA1UdIwQY
MBaAFGTf4m1AMUG+kFmrIUQyW0AtTKt9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDct
ZjY1NzUxOWQwMjMzLzEvOEFZNlg0WENSeWlaeHpGbHQ2dHNialIzMGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDctZjY1NzUxOWQwMjMz
LzEvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsPFUMA0G
CSqGSIb3DQEBCwUAA4IBAQBxuCdZfYz/zHYeGykqaj6/IOWciNIZq6Gx2D6raaqx
T1kiK4HjO0QEQ5cuUNZ8Ax0LAbwwxIgIqrWfLIjPSKTGsjwzM0gxCBFXbtwKfEBk
jKqWOltVsFHvUwhlX2kXPwN0CZQZq2uD/Qn5WuI/eoGWhcjavKPflmhfZwLt42rG
qChapdlwQq7jArwj0lIO9qycZY771tJE0shVZC0IuEvOl2htfA3cLRoSJBTXCzMj
+86QV9p4TCBVUz2nex6HmI6nqWJxlMNkVuKmc5GxMVScJK6SBa6YejXqDlaepyi+
BUmrX4la5VLf8edvUEJccDMD6kiEJ2z63W1jz9aW+vFP
-----END CERTIFICATE-----