Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/8dRpFL3Tx6_eHYDV0GF9jVjNRKU.roa
File:                     8dRpFL3Tx6_eHYDV0GF9jVjNRKU.roa (raw, json)
Hash identifier:          CYL1YeCCG8xFxfjQulVKl6xa2WJtFP2ORTHbcUggMA4=
Subject key identifier:   F1:D4:69:14:BD:D3:C7:AF:DE:1D:80:D5:D0:61:7D:8D:58:CD:44:A5
Certificate issuer:       /CN=4a7f7876d4c5554b772a57e7f1c4ced37fb5e19e
Certificate serial:       019425216AC49C8C542B49AB2BAB36CFD4AE
Authority key identifier: 4A:7F:78:76:D4:C5:55:4B:77:2A:57:E7:F1:C4:CE:D3:7F:B5:E1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/8dRpFL3Tx6_eHYDV0GF9jVjNRKU.roa
Signing time:             Thu 02 Jan 2025 03:48:54 +0000
ROA not before:           Thu 02 Jan 2025 03:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200346
IP address blocks:        193.22.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6a:c4:9c:8c:54:2b:49:ab:2b:ab:36:cf:d4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a7f7876d4c5554b772a57e7f1c4ced37fb5e19e
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1d46914bdd3c7afde1d80d5d0617d8d58cd44a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5a:97:a6:c5:9b:8b:36:40:0f:6f:f6:89:1e:
                    d3:71:e0:8b:ff:a4:d2:67:91:7b:fc:94:44:4a:8f:
                    50:d5:6e:70:a6:69:fe:04:d2:77:58:66:38:2b:25:
                    b5:2a:ca:9b:7d:a7:96:c8:53:a0:3a:df:de:9b:1f:
                    c6:30:2d:43:ad:6a:48:e7:c5:1f:c3:51:d7:f5:0c:
                    4f:5b:01:82:8f:ad:a6:82:a9:d0:13:5b:df:7d:79:
                    1d:02:be:eb:42:17:35:e4:d5:1b:4b:a1:12:70:62:
                    5a:ff:42:f1:b7:66:3c:15:e9:99:f3:7a:40:39:15:
                    73:15:88:3e:fd:68:2d:fb:68:87:9a:27:57:e3:4a:
                    2b:b6:5c:b3:3c:48:4e:c5:5d:dd:3e:e5:18:e9:31:
                    5c:7d:55:bf:e5:37:41:3e:5f:29:a0:ca:34:53:8a:
                    15:7e:46:60:4e:04:f6:9a:df:c8:1e:0f:aa:81:a9:
                    d6:21:5c:06:5d:80:37:e9:b7:22:07:93:13:b3:6e:
                    95:b5:eb:e5:e9:20:8d:7f:05:4c:73:30:ca:5a:dc:
                    e8:b0:b8:8c:e5:0e:08:88:cc:c9:bc:25:0e:fa:f7:
                    18:c2:8c:0d:84:1d:d0:5f:dc:9c:72:6c:65:2a:ce:
                    83:91:18:e0:59:b6:7c:b6:39:3e:04:12:8d:05:c0:
                    af:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D4:69:14:BD:D3:C7:AF:DE:1D:80:D5:D0:61:7D:8D:58:CD:44:A5
            X509v3 Authority Key Identifier:
                keyid:4A:7F:78:76:D4:C5:55:4B:77:2A:57:E7:F1:C4:CE:D3:7F:B5:E1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/8dRpFL3Tx6_eHYDV0GF9jVjNRKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:d3:14:c3:40:f1:83:7c:63:cd:dc:b7:c7:c1:91:50:67:b2:
         a2:2d:1c:bf:25:a3:51:c5:94:e1:ee:ae:5e:9e:d5:fe:13:42:
         fa:8c:32:54:e9:ab:5f:35:f4:62:ae:3f:e7:03:61:9c:3c:8d:
         e6:18:3e:60:de:a3:2b:27:37:02:a1:9c:22:40:d5:1a:c2:ff:
         57:c8:56:09:2a:4a:4f:ef:de:59:a3:87:a1:c6:f5:c9:8c:96:
         51:60:63:97:65:e4:46:b1:7c:f9:77:2c:ac:b7:29:90:16:39:
         52:5e:08:a0:cc:c7:49:e5:f2:17:d0:60:28:84:a9:91:ba:89:
         70:0b:ae:b9:b3:d6:3c:24:af:c2:0c:2e:e3:b5:fc:52:28:d0:
         03:e7:6d:4a:8d:fb:5f:3e:c7:fb:8e:18:52:ed:3c:5a:7f:a2:
         73:34:ed:67:5d:e7:09:27:41:86:89:a4:6d:34:52:b8:c8:27:
         e6:6e:49:49:08:29:24:8a:d5:33:7b:8a:df:9c:e9:79:df:a9:
         f1:2f:ba:93:ce:8b:da:1d:6c:82:1d:ff:b9:5b:6b:66:4a:e6:
         43:5c:8f:ff:60:5a:96:48:0b:b6:89:e3:df:67:8a:95:44:2f:
         0c:41:c7:30:ea:66:81:a6:cb:9b:69:87:ed:45:47:04:dc:98:
         0e:d0:8f:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWrEnIxUK0mrK6s2z9SuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhN2Y3ODc2ZDRjNTU1NGI3NzJhNTdlN2YxYzRjZWQzN2Zi
NWUxOWUwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ0NjkxNGJkZDNjN2FmZGUxZDgwZDVkMDYxN2Q4ZDU4Y2Q0NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1qXpsWbizZAD2/2iR7TceCL/6TS
Z5F7/JRESo9Q1W5wpmn+BNJ3WGY4KyW1KsqbfaeWyFOgOt/emx/GMC1DrWpI58Uf
w1HX9QxPWwGCj62mgqnQE1vffXkdAr7rQhc15NUbS6EScGJa/0Lxt2Y8FemZ83pA
ORVzFYg+/Wgt+2iHmidX40ortlyzPEhOxV3dPuUY6TFcfVW/5TdBPl8poMo0U4oV
fkZgTgT2mt/IHg+qganWIVwGXYA36bciB5MTs26Vtevl6SCNfwVMczDKWtzosLiM
5Q4IiMzJvCUO+vcYwowNhB3QX9yccmxlKs6DkRjgWbZ8tjk+BBKNBcCvuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHUaRS908ev3h2A1dBhfY1YzUSlMB8GA1UdIwQY
MBaAFEp/eHbUxVVLdypX5/HEztN/teGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU245NGR0VEZWVXQzS2xmbjhjVE8wMy0xNFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82YzdkYWItM2MxYi00ZDUwLTlmZmQt
YWIxZWE0MzUzYjdmLzEvOGRScEZMM1R4Nl9lSFlEVjBHRjlqVmpOUktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82YzdkYWItM2MxYi00ZDUwLTlmZmQtYWIxZWE0MzUzYjdm
LzEvU245NGR0VEZWVXQzS2xmbjhjVE8wMy0xNFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRb+MA0G
CSqGSIb3DQEBCwUAA4IBAQDK0xTDQPGDfGPN3LfHwZFQZ7KiLRy/JaNRxZTh7q5e
ntX+E0L6jDJU6atfNfRirj/nA2GcPI3mGD5g3qMrJzcCoZwiQNUawv9XyFYJKkpP
795Zo4ehxvXJjJZRYGOXZeRGsXz5dyystymQFjlSXgigzMdJ5fIX0GAohKmRuolw
C665s9Y8JK/CDC7jtfxSKNAD521KjftfPsf7jhhS7Txaf6JzNO1nXecJJ0GGiaRt
NFK4yCfmbklJCCkkitUze4rfnOl536nxL7qTzovaHWyCHf+5W2tmSuZDXI//YFqW
SAu2iePfZ4qVRC8MQccw6maBpsubaYftRUcE3JgO0I8N
-----END CERTIFICATE-----