Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/8McigDSjzbaDusYUdfACWlAEraE.roa
File:                     8McigDSjzbaDusYUdfACWlAEraE.roa (raw, json)
Hash identifier:          8SiJAwZ4dMuVXUj8DbNfpd2t9t4+7zlehuNbJBAbbw4=
Subject key identifier:   F0:C7:22:80:34:A3:CD:B6:83:BA:C6:14:75:F0:02:5A:50:04:AD:A1
Certificate issuer:       /CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
Certificate serial:       019422FB545CFDBBACF6C0CAFA3E8C7F6F82
Authority key identifier: 44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/8McigDSjzbaDusYUdfACWlAEraE.roa
Signing time:             Wed 01 Jan 2025 17:48:03 +0000
ROA not before:           Wed 01 Jan 2025 17:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44548
IP address blocks:        91.220.199.0/24 maxlen: 24
                          195.93.156.0/23 maxlen: 23
                          195.93.156.0/24 maxlen: 24
                          195.93.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:54:5c:fd:bb:ac:f6:c0:ca:fa:3e:8c:7f:6f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
        Validity
            Not Before: Jan  1 17:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0c7228034a3cdb683bac61475f0025a5004ada1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fe:29:26:ba:d1:9f:30:31:0a:bf:ff:51:82:
                    a6:60:c3:ff:18:9f:ab:4c:51:3c:c3:ca:57:51:c6:
                    39:3b:2a:f0:c8:69:c7:3a:bf:97:16:55:d0:37:d7:
                    00:0f:aa:56:08:00:13:de:a5:49:ae:24:00:c0:c3:
                    e9:85:3c:bf:52:af:73:bd:28:00:a8:fb:24:a8:2f:
                    27:b3:67:75:71:0c:f4:74:ca:7b:b3:db:3a:97:39:
                    55:93:d7:7b:37:2c:c3:69:98:8d:55:15:d0:bb:44:
                    8f:41:37:dc:06:d3:4b:ac:e5:ed:6d:59:f7:3f:b1:
                    a2:98:0a:9d:d9:9b:5c:f3:c2:a7:64:81:d2:58:6b:
                    5d:7e:99:71:f3:eb:13:39:29:5e:25:0e:5a:4a:97:
                    b7:71:04:ad:c2:d3:44:77:c9:61:f6:b3:e2:4f:5f:
                    24:00:d8:bd:79:1a:df:52:55:ee:98:32:40:ac:b2:
                    3a:c5:3d:1b:a5:ee:89:d9:11:5c:71:63:41:7f:c6:
                    f1:e0:6c:97:c2:93:d8:b5:28:67:e6:9f:80:1b:e5:
                    34:1c:18:f8:1b:12:1e:65:98:ed:56:13:19:6a:13:
                    bd:25:31:66:d7:88:2d:b2:ee:6c:a4:02:a9:57:a5:
                    62:0e:98:39:52:6e:b4:ad:27:eb:1c:e4:0b:42:6f:
                    9c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C7:22:80:34:A3:CD:B6:83:BA:C6:14:75:F0:02:5A:50:04:AD:A1
            X509v3 Authority Key Identifier:
                keyid:44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/8McigDSjzbaDusYUdfACWlAEraE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.199.0/24
                  195.93.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:d5:b2:3d:44:5c:e4:cf:45:d3:6d:14:2d:ef:7c:77:e3:c4:
         72:f4:53:aa:64:75:75:e5:f3:46:a3:7f:70:54:77:1c:a7:73:
         f6:4a:37:c8:9c:19:63:a7:e7:6e:32:ce:ab:14:30:1e:87:c1:
         06:cf:d0:e6:d7:74:43:da:f4:be:c7:af:3c:64:61:4e:68:f2:
         27:3d:23:7a:92:33:f5:f0:c1:b7:f6:2c:62:9c:33:b7:3c:6f:
         93:58:29:99:46:c3:f5:e8:56:1d:8e:31:03:de:29:d0:cd:a4:
         0c:12:6f:ef:7c:74:e6:c8:ca:c5:dd:6d:f1:0b:39:85:48:2d:
         19:2d:e9:ad:f4:31:05:2d:03:ae:99:58:76:de:f4:9c:2a:37:
         43:ed:3a:bd:a7:de:80:e3:a0:4c:a5:32:b7:47:e4:d3:c3:f2:
         6b:bf:bc:04:07:a9:23:18:34:ff:2e:0c:c1:09:2c:51:7d:ca:
         8b:2d:1f:dc:3b:9b:78:1e:65:fa:e3:f9:31:12:f8:33:a7:16:
         94:fe:db:c5:4a:98:f3:de:d1:84:a7:b8:fe:40:be:fd:00:82:
         09:f9:d6:e5:8c:a3:59:80:df:80:af:4c:5c:3c:a9:6c:e0:a9:
         28:0c:c5:62:bf:ac:01:aa:88:fb:ba:84:83:81:19:48:b9:8c:
         da:c7:ef:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+1Rc/bus9sDK+j6Mf2+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Zjg4NTIyMGYxNzE5ZjU4MzdjYjVhMzZmYTYyZjNmNTM3
ZThlM2YwHhcNMjUwMTAxMTc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGM3MjI4MDM0YTNjZGI2ODNiYWM2MTQ3NWYwMDI1YTUwMDRhZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/4pJrrRnzAxCr//UYKmYMP/GJ+r
TFE8w8pXUcY5OyrwyGnHOr+XFlXQN9cAD6pWCAAT3qVJriQAwMPphTy/Uq9zvSgA
qPskqC8ns2d1cQz0dMp7s9s6lzlVk9d7NyzDaZiNVRXQu0SPQTfcBtNLrOXtbVn3
P7GimAqd2Ztc88KnZIHSWGtdfplx8+sTOSleJQ5aSpe3cQStwtNEd8lh9rPiT18k
ANi9eRrfUlXumDJArLI6xT0bpe6J2RFccWNBf8bx4GyXwpPYtShn5p+AG+U0HBj4
GxIeZZjtVhMZahO9JTFm14gtsu5spAKpV6ViDpg5Um60rSfrHOQLQm+c7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPDHIoA0o822g7rGFHXwAlpQBK2hMB8GA1UdIwQY
MBaAFET4hSIPFxn1g3y1o2+mLz9Tfo4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDkt
MzdlZDk5MTQzYWFlLzEvOE1jaWdEU2p6YmFEdXNZVWRmQUNXbEFFcmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDktMzdlZDk5MTQzYWFl
LzEvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9zHAwQB
w12cMA0GCSqGSIb3DQEBCwUAA4IBAQB01bI9RFzkz0XTbRQt73x348Ry9FOqZHV1
5fNGo39wVHccp3P2SjfInBljp+duMs6rFDAeh8EGz9Dm13RD2vS+x688ZGFOaPIn
PSN6kjP18MG39ixinDO3PG+TWCmZRsP16FYdjjED3inQzaQMEm/vfHTmyMrF3W3x
CzmFSC0ZLemt9DEFLQOumVh23vScKjdD7Tq9p96A46BMpTK3R+TTw/Jrv7wEB6kj
GDT/LgzBCSxRfcqLLR/cO5t4HmX64/kxEvgzpxaU/tvFSpjz3tGEp7j+QL79AIIJ
+dbljKNZgN+Ar0xcPKls4KkoDMViv6wBqoj7uoSDgRlIuYzax+8G
-----END CERTIFICATE-----