Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/R8ht10VeSoVhydPFwGD77r1yDU0.roa
File:                     R8ht10VeSoVhydPFwGD77r1yDU0.roa (raw, json)
Hash identifier:          ofWmsTQNmoPWiH0DZLija6UpuCRIgTv7LLQ8ZzQiLho=
Subject key identifier:   47:C8:6D:D7:45:5E:4A:85:61:C9:D3:C5:C0:60:FB:EE:BD:72:0D:4D
Certificate issuer:       /CN=a3698b01053911607edb2a76090a6aced95a3ed5
Certificate serial:       01941FFA17A6506F16686082974B0D51D925
Authority key identifier: A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/R8ht10VeSoVhydPFwGD77r1yDU0.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        194.61.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:17:a6:50:6f:16:68:60:82:97:4b:0d:51:d9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3698b01053911607edb2a76090a6aced95a3ed5
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47c86dd7455e4a8561c9d3c5c060fbeebd720d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ea:fe:74:85:0f:68:8a:ed:17:a2:00:f6:20:
                    d3:3d:6c:cc:31:1b:95:e3:44:63:f3:97:4a:e1:39:
                    85:c1:91:a1:ab:8f:fd:c0:e6:ee:b2:86:fa:11:fc:
                    3c:78:a3:8d:fd:e7:6f:e3:7e:d6:53:f4:0e:d2:5f:
                    9f:10:ec:b4:ee:73:c1:0f:98:43:30:70:ff:06:7f:
                    c4:f9:24:cc:f1:26:ba:ff:23:05:3e:a2:15:29:ff:
                    cd:c8:33:01:93:3c:f6:9d:fb:c1:8f:f5:05:74:80:
                    37:b5:9f:ac:1b:72:5c:d2:e5:3e:c0:1b:b0:02:76:
                    a9:b0:6f:5c:43:de:cc:b5:20:6d:b2:bb:e9:ed:60:
                    06:68:6b:79:bd:e0:29:81:19:c8:f3:12:f7:7d:77:
                    30:6d:06:6c:54:d7:21:3d:3e:0b:73:55:3b:8d:8c:
                    40:de:f2:82:03:83:71:ca:b8:41:d4:17:73:07:cb:
                    91:84:83:31:30:4e:72:8f:94:cc:08:d9:0f:c4:0a:
                    e1:36:81:ad:39:64:d3:9a:ba:96:4a:7f:82:92:11:
                    d3:f6:ac:2e:5d:6f:35:83:52:d5:ae:5e:5b:30:36:
                    29:03:3d:45:73:ff:99:d0:c9:31:2b:b3:1f:36:75:
                    7e:ea:64:32:49:b8:e3:a0:bf:00:87:ea:db:67:f2:
                    12:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C8:6D:D7:45:5E:4A:85:61:C9:D3:C5:C0:60:FB:EE:BD:72:0D:4D
            X509v3 Authority Key Identifier:
                keyid:A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/R8ht10VeSoVhydPFwGD77r1yDU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:85:73:b0:7f:18:79:7c:8a:38:3f:d0:0a:19:29:13:e5:26:
         f1:e9:53:29:9c:26:4e:ee:3d:7e:fd:0e:bc:e7:2c:ff:8f:ce:
         2f:40:a6:80:4c:d5:4d:e8:91:6a:c6:cb:34:dc:a3:90:d7:1c:
         44:26:28:0c:eb:26:68:d8:ed:0f:a6:50:1e:30:58:e8:ba:c7:
         a6:90:f5:82:09:e6:75:12:73:09:d8:85:66:d0:8b:4b:46:67:
         d0:5c:00:a9:38:79:ea:a7:57:e6:c3:f4:f6:98:a7:0b:6e:c0:
         1a:03:59:04:8c:9f:93:f5:76:0b:05:f3:07:ba:2c:65:67:e7:
         75:dd:ca:d4:8d:05:e6:9d:7a:33:65:e6:80:d8:c0:b6:b2:e8:
         ce:d4:57:82:40:29:50:c0:60:09:d2:f7:fd:e2:f6:fa:7c:2d:
         95:8d:de:47:d1:f6:6f:3d:b4:b5:d5:ff:5b:7d:e4:85:4e:27:
         c8:16:93:96:89:56:12:16:c0:96:97:d0:8a:6f:7f:00:3e:0a:
         0d:b8:e5:59:1d:d0:f0:cb:b1:3d:49:84:b8:b2:a4:38:f4:69:
         74:73:e2:c9:3b:23:ea:2e:e7:43:b2:5f:19:69:ca:e0:9f:91:
         2b:77:61:ec:98:56:96:87:70:78:c1:18:0f:d8:9a:4d:3c:36:
         eb:66:dd:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hemUG8WaGCCl0sNUdklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjk4YjAxMDUzOTExNjA3ZWRiMmE3NjA5MGE2YWNlZDk1
YTNlZDUwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2M4NmRkNzQ1NWU0YTg1NjFjOWQzYzVjMDYwZmJlZWJkNzIwZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ur+dIUPaIrtF6IA9iDTPWzMMRuV
40Rj85dK4TmFwZGhq4/9wObusob6Efw8eKON/edv437WU/QO0l+fEOy07nPBD5hD
MHD/Bn/E+STM8Sa6/yMFPqIVKf/NyDMBkzz2nfvBj/UFdIA3tZ+sG3Jc0uU+wBuw
AnapsG9cQ97MtSBtsrvp7WAGaGt5veApgRnI8xL3fXcwbQZsVNchPT4Lc1U7jYxA
3vKCA4NxyrhB1BdzB8uRhIMxME5yj5TMCNkPxArhNoGtOWTTmrqWSn+CkhHT9qwu
XW81g1LVrl5bMDYpAz1Fc/+Z0MkxK7MfNnV+6mQySbjjoL8Ah+rbZ/IStQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfIbddFXkqFYcnTxcBg++69cg1NMB8GA1UdIwQY
MBaAFKNpiwEFORFgftsqdgkKas7ZWj7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTIt
YmJkMzExMTg2OTUwLzEvUjhodDEwVmVTb1ZoeWRQRndHRDc3cjF5RFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTItYmJkMzExMTg2OTUw
LzEvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAghXOwfxh5fIo4P9AKGSkT5Sbx6VMpnCZO7j1+/Q68
5yz/j84vQKaATNVN6JFqxss03KOQ1xxEJigM6yZo2O0PplAeMFjousemkPWCCeZ1
EnMJ2IVm0ItLRmfQXACpOHnqp1fmw/T2mKcLbsAaA1kEjJ+T9XYLBfMHuixlZ+d1
3crUjQXmnXozZeaA2MC2sujO1FeCQClQwGAJ0vf94vb6fC2Vjd5H0fZvPbS11f9b
feSFTifIFpOWiVYSFsCWl9CKb38APgoNuOVZHdDwy7E9SYS4sqQ49Gl0c+LJOyPq
LudDsl8Zacrgn5Erd2HsmFaWh3B4wRgP2JpNPDbrZt0u
-----END CERTIFICATE-----