Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i8RiRjHV-Y_ChcFIIIq0KKW530w.roa
File:                     i8RiRjHV-Y_ChcFIIIq0KKW530w.roa (raw, json)
Hash identifier:          hAV1oWOTBW+OUGLQIGdRTtRIB87kDh36hDbz7QZpXLI=
Subject key identifier:   8B:C4:62:46:31:D5:F9:8F:C2:85:C1:48:20:8A:B4:28:A5:B9:DF:4C
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747D9DE167D1696AF45E1BCB4F3AA7E
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i8RiRjHV-Y_ChcFIIIq0KKW530w.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214975
IP address blocks:        109.248.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d9:de:16:7d:16:96:af:45:e1:bc:b4:f3:aa:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bc4624631d5f98fc285c148208ab428a5b9df4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f1:df:67:1e:12:ed:16:3d:42:93:d0:9b:ce:
                    c4:02:32:1a:88:90:b6:c9:f0:95:4f:72:45:75:02:
                    1b:00:b1:eb:9e:43:4d:ec:a7:e1:43:c5:fb:3d:5b:
                    8e:87:a2:4d:12:b9:23:d1:74:ee:52:9b:89:ee:b7:
                    bf:21:5d:39:b9:bc:86:86:0b:35:ca:04:5d:b2:2b:
                    71:d8:cf:1c:40:12:33:58:92:06:7a:0e:5c:b6:ed:
                    89:77:21:07:c5:b0:e6:c1:c7:fe:4b:d6:07:86:7f:
                    38:82:7d:26:77:fa:e4:79:e0:4f:87:94:40:be:89:
                    c1:b4:fd:2a:a7:77:c6:ac:ac:cd:93:6c:3a:ae:7f:
                    70:07:e6:bf:1e:71:01:ad:d9:47:e3:63:a1:35:29:
                    f5:b8:43:d8:89:8f:3f:74:25:a9:09:d1:65:03:52:
                    be:61:70:68:a6:7f:5f:5f:2e:69:13:eb:85:8d:69:
                    08:8c:1f:00:2d:fd:6e:cb:e1:e3:29:7f:1c:a5:e6:
                    25:6d:a2:45:55:46:94:0b:79:14:93:1f:ed:6b:09:
                    58:18:10:0f:ee:f3:56:91:eb:e7:50:5a:37:00:00:
                    73:10:3f:68:6f:0a:15:83:83:eb:67:ac:6c:fc:4a:
                    e2:d9:91:b5:40:1a:ab:7d:a9:fd:97:a0:e3:6c:19:
                    75:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C4:62:46:31:D5:F9:8F:C2:85:C1:48:20:8A:B4:28:A5:B9:DF:4C
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i8RiRjHV-Y_ChcFIIIq0KKW530w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:3a:c7:0d:c5:96:1b:a0:c0:28:6e:6a:85:38:a3:c1:3a:58:
         af:60:75:d2:38:1c:ef:49:f2:ef:2f:a5:d0:fc:15:b8:29:81:
         cd:d1:69:6a:3a:8e:e7:c9:ce:4a:ec:9d:f3:ca:fc:55:9a:f9:
         25:30:1d:9a:a0:b3:39:86:17:8c:74:e4:f0:ef:30:ce:3b:f4:
         21:01:ac:96:d8:e4:01:15:3c:32:cb:5f:fa:23:3b:e6:3e:57:
         29:a2:e1:4a:20:1f:15:19:c5:9a:c8:fa:2c:95:64:0d:f7:30:
         a0:91:56:a0:0b:3b:8f:29:ce:46:a1:a4:a2:4c:7e:81:c8:69:
         8e:fc:f5:ef:a3:52:f6:ca:cb:aa:9e:7b:c3:83:4e:7d:fa:94:
         b1:aa:bb:94:74:3f:a0:64:21:55:94:68:e7:da:af:7d:46:04:
         35:e4:4c:7d:fe:9f:d1:94:63:99:82:58:d1:4d:13:08:ca:69:
         bd:b0:5f:83:b9:4f:14:5d:ba:92:78:9c:e7:09:54:1b:75:19:
         c4:c1:bb:fe:20:6e:d1:39:97:50:df:81:02:ac:09:2c:37:ae:
         c2:5d:cf:a0:db:c4:39:61:cd:7b:9a:16:da:13:05:07:5d:1f:
         a2:df:f1:fb:e2:f4:f1:b6:45:31:62:26:b3:79:ad:43:74:e1:
         ce:de:7d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9neFn0Wlq9F4by086p+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmM0NjI0NjMxZDVmOThmYzI4NWMxNDgyMDhhYjQyOGE1YjlkZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fHfZx4S7RY9QpPQm87EAjIaiJC2
yfCVT3JFdQIbALHrnkNN7KfhQ8X7PVuOh6JNErkj0XTuUpuJ7re/IV05ubyGhgs1
ygRdsitx2M8cQBIzWJIGeg5ctu2JdyEHxbDmwcf+S9YHhn84gn0md/rkeeBPh5RA
vonBtP0qp3fGrKzNk2w6rn9wB+a/HnEBrdlH42OhNSn1uEPYiY8/dCWpCdFlA1K+
YXBopn9fXy5pE+uFjWkIjB8ALf1uy+HjKX8cpeYlbaJFVUaUC3kUkx/tawlYGBAP
7vNWkevnUFo3AABzED9obwoVg4PrZ6xs/Eri2ZG1QBqrfan9l6DjbBl1ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvEYkYx1fmPwoXBSCCKtCilud9MMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvaThSaVJqSFYtWV9DaGNGSUlJcTBLS1c1MzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfgvMA0G
CSqGSIb3DQEBCwUAA4IBAQAXOscNxZYboMAobmqFOKPBOlivYHXSOBzvSfLvL6XQ
/BW4KYHN0WlqOo7nyc5K7J3zyvxVmvklMB2aoLM5hheMdOTw7zDOO/QhAayW2OQB
FTwyy1/6IzvmPlcpouFKIB8VGcWayPoslWQN9zCgkVagCzuPKc5GoaSiTH6ByGmO
/PXvo1L2ysuqnnvDg059+pSxqruUdD+gZCFVlGjn2q99RgQ15Ex9/p/RlGOZgljR
TRMIymm9sF+DuU8UXbqSeJznCVQbdRnEwbv+IG7ROZdQ34ECrAksN67CXc+g28Q5
Yc17mhbaEwUHXR+i3/H74vTxtkUxYiazea1DdOHO3n1y
-----END CERTIFICATE-----