Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/0nY8WimC5lB0bql9f3U9kRi_8I4.roa
File:                     0nY8WimC5lB0bql9f3U9kRi_8I4.roa (raw, json)
Hash identifier:          8StTkkNbb/yW2jlpCIQh00ucmFvEjZPmIDJRuFhboiI=
Subject key identifier:   D2:76:3C:5A:29:82:E6:50:74:6E:A9:7D:7F:75:3D:91:18:BF:F0:8E
Certificate issuer:       /CN=87b9313753bc0931af4393dbda009b0ff45ec7c2
Certificate serial:       01941FFAA4F531B16DC45176AB8C02C3FE6F
Authority key identifier: 87:B9:31:37:53:BC:09:31:AF:43:93:DB:DA:00:9B:0F:F4:5E:C7:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/0nY8WimC5lB0bql9f3U9kRi_8I4.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201395
IP address blocks:        176.105.240.0/22 maxlen: 22
                          2a0d:cec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a4:f5:31:b1:6d:c4:51:76:ab:8c:02:c3:fe:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87b9313753bc0931af4393dbda009b0ff45ec7c2
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2763c5a2982e650746ea97d7f753d9118bff08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:cf:9f:3f:ab:df:a4:c1:6d:ba:37:66:e2:
                    e3:6f:44:aa:38:aa:20:6e:95:0f:b1:c6:d5:91:e2:
                    b4:f1:02:fe:8c:58:f4:21:62:8e:fb:15:62:e2:a7:
                    40:60:76:00:43:b1:3e:71:7b:ab:b5:4d:17:f7:a4:
                    91:5e:8c:46:6e:0b:43:dd:91:bc:18:4a:38:34:b7:
                    f9:2d:c5:ad:dd:2b:6a:21:3a:24:ad:92:5b:b9:70:
                    15:a1:1b:cf:a7:12:cc:f7:8f:61:a3:b2:9d:80:e1:
                    f0:c0:4e:d5:38:c1:01:17:65:83:01:29:45:09:2b:
                    53:21:e2:62:dc:7f:2a:1b:54:4a:15:0e:7d:d1:b9:
                    1d:07:5a:f3:4b:7f:63:52:1c:fe:d6:55:a0:c7:6e:
                    0f:70:17:8b:3d:4c:d2:a6:1b:8d:80:ab:96:23:76:
                    cd:3b:3b:ca:79:68:4f:49:14:27:6a:d2:91:f9:22:
                    62:b6:e6:c8:c7:7b:bc:03:0d:8a:a0:0a:95:1f:7a:
                    aa:f2:f4:67:3a:99:ef:3b:b7:f0:59:e4:13:7c:4d:
                    7d:6f:b2:1e:c0:cb:87:39:44:68:72:cf:97:eb:1e:
                    89:0d:61:3c:6a:af:7e:ca:5a:86:2c:36:19:e8:c3:
                    23:de:96:cc:70:9e:fd:80:1f:60:5a:39:cb:ac:2a:
                    f1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:76:3C:5A:29:82:E6:50:74:6E:A9:7D:7F:75:3D:91:18:BF:F0:8E
            X509v3 Authority Key Identifier:
                keyid:87:B9:31:37:53:BC:09:31:AF:43:93:DB:DA:00:9B:0F:F4:5E:C7:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/0nY8WimC5lB0bql9f3U9kRi_8I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/71cb0c-3be0-4a9e-9b82-7d68366b59b7/1/h7kxN1O8CTGvQ5Pb2gCbD_Rex8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.240.0/22
                IPv6:
                  2a0d:cec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:62:69:7e:05:bf:fa:7d:32:28:66:c8:29:1e:7a:51:55:5d:
         50:2b:88:0f:87:c4:09:1a:56:6c:e7:68:20:0c:7d:d9:54:1b:
         2a:b8:62:03:8d:3e:27:fe:8d:66:2d:75:ff:81:ba:1d:5a:2d:
         8f:1c:57:2b:5a:5b:49:8d:9d:7a:25:8e:a3:6b:dc:28:78:e8:
         23:b1:a9:97:73:0a:d6:5d:73:e7:77:5d:e4:c6:18:f8:2f:75:
         77:4f:8f:ef:9f:63:d2:f5:d5:c8:97:92:d2:42:14:d9:05:e8:
         9b:4f:a8:d8:f1:df:79:0d:1c:f7:53:2f:c0:ed:ed:fb:11:1d:
         06:a0:3a:7f:4c:5c:df:0b:e2:a0:41:24:11:32:3c:7e:af:b0:
         14:db:02:f7:0b:65:90:60:8e:0a:56:a2:ca:c1:c6:01:bc:89:
         93:c7:7e:37:75:e8:a3:ee:17:98:2e:40:2a:c3:cd:4b:ac:e9:
         a2:86:5a:8b:e8:3f:c2:b7:7a:84:70:d3:0d:f1:7a:f1:c0:63:
         39:48:15:5d:05:02:d7:27:56:d6:4e:dc:68:40:4f:37:12:f7:
         ea:43:ef:65:ac:26:aa:80:2c:b5:79:a6:31:71:e7:c3:3a:21:
         af:12:68:1e:13:69:2a:07:a8:da:24:cc:14:bb:b4:6d:5b:22:
         41:35:4e:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+qT1MbFtxFF2q4wCw/5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YjkzMTM3NTNiYzA5MzFhZjQzOTNkYmRhMDA5YjBmZjQ1
ZWM3YzIwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjc2M2M1YTI5ODJlNjUwNzQ2ZWE5N2Q3Zjc1M2Q5MTE4YmZmMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumLPnz+r36TBbbo3ZuLjb0SqOKog
bpUPscbVkeK08QL+jFj0IWKO+xVi4qdAYHYAQ7E+cXurtU0X96SRXoxGbgtD3ZG8
GEo4NLf5LcWt3StqITokrZJbuXAVoRvPpxLM949ho7KdgOHwwE7VOMEBF2WDASlF
CStTIeJi3H8qG1RKFQ590bkdB1rzS39jUhz+1lWgx24PcBeLPUzSphuNgKuWI3bN
OzvKeWhPSRQnatKR+SJitubIx3u8Aw2KoAqVH3qq8vRnOpnvO7fwWeQTfE19b7Ie
wMuHOURocs+X6x6JDWE8aq9+ylqGLDYZ6MMj3pbMcJ79gB9gWjnLrCrxVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNJ2PFopguZQdG6pfX91PZEYv/COMB8GA1UdIwQY
MBaAFIe5MTdTvAkxr0OT29oAmw/0XsfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDdreE4xTzhDVEd2UTVQYjJnQ2JEX1JleDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83MWNiMGMtM2JlMC00YTllLTliODIt
N2Q2ODM2NmI1OWI3LzEvMG5ZOFdpbUM1bEIwYnFsOWYzVTlrUmlfOEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83MWNiMGMtM2JlMC00YTllLTliODItN2Q2ODM2NmI1OWI3
LzEvaDdreE4xTzhDVEd2UTVQYjJnQ2JEX1JleDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCsGnwMA0E
AgACMAcDBQMqDc7AMA0GCSqGSIb3DQEBCwUAA4IBAQAdYml+Bb/6fTIoZsgpHnpR
VV1QK4gPh8QJGlZs52ggDH3ZVBsquGIDjT4n/o1mLXX/gbodWi2PHFcrWltJjZ16
JY6ja9woeOgjsamXcwrWXXPnd13kxhj4L3V3T4/vn2PS9dXIl5LSQhTZBeibT6jY
8d95DRz3Uy/A7e37ER0GoDp/TFzfC+KgQSQRMjx+r7AU2wL3C2WQYI4KVqLKwcYB
vImTx343deij7heYLkAqw81LrOmihlqL6D/Ct3qEcNMN8XrxwGM5SBVdBQLXJ1bW
TtxoQE83EvfqQ+9lrCaqgCy1eaYxcefDOiGvEmgeE2kqB6jaJMwUu7RtWyJBNU5D
-----END CERTIFICATE-----