Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b8GdGoEsPhjL1ClFjQl9IJ4loVM.roa
File:                     b8GdGoEsPhjL1ClFjQl9IJ4loVM.roa (raw, json)
Hash identifier:          +ip6exfVgOCMMt7OycM6KskvGDu9jUmGBZ+erdf+gb0=
Subject key identifier:   6F:C1:9D:1A:81:2C:3E:18:CB:D4:29:45:8D:09:7D:20:9E:25:A1:53
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282756B8B9CECD2EFFBCB6109C93F93F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b8GdGoEsPhjL1ClFjQl9IJ4loVM.roa
Signing time:             Thu 02 Jan 2025 17:54:14 +0000
ROA not before:           Thu 02 Jan 2025 17:54:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30823
IP address blocks:        94.177.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:56:b8:b9:ce:cd:2e:ff:bc:b6:10:9c:93:f9:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fc19d1a812c3e18cbd429458d097d209e25a153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:31:02:3f:db:6a:05:28:5c:4f:7e:9a:9c:9b:
                    b3:1f:59:f3:03:7b:13:48:c5:77:93:78:f5:24:63:
                    77:a5:fe:ef:5f:53:c5:ec:de:ca:36:88:6f:55:f5:
                    74:f0:d0:54:9c:e5:a3:4c:e1:b0:5b:28:51:bf:39:
                    87:ef:b7:ea:fd:f5:5f:49:9d:47:1c:cc:ee:4e:8a:
                    0f:95:17:95:60:c4:bb:9c:7e:1c:cc:50:d9:27:2c:
                    e3:f2:08:22:ab:d5:be:7e:f2:f7:d0:85:5a:32:81:
                    ec:e6:72:ef:d7:92:9d:54:5c:b6:a7:e6:87:79:df:
                    f5:e9:25:f7:7c:6d:70:60:60:56:3a:30:34:22:2e:
                    7c:56:0c:70:a2:90:e5:7f:29:9c:47:b3:eb:6b:fa:
                    3f:0e:b7:49:62:9c:d7:cc:d9:38:a4:a1:f6:78:ac:
                    60:84:e0:de:9c:15:93:19:f0:bc:b6:eb:3a:5d:c2:
                    9a:ef:b2:b5:ef:97:76:9a:7c:d7:f2:52:c3:56:0d:
                    e1:2a:ec:c0:c0:34:a4:16:b4:a4:6e:76:f0:d7:c4:
                    8b:d1:a1:04:5a:07:c4:17:b7:ef:f2:a9:06:32:0b:
                    5f:8e:7e:e3:41:d9:7f:97:68:d0:62:97:f5:86:0e:
                    4b:b4:cf:30:a5:9e:46:28:23:97:02:1d:f6:fc:ce:
                    a1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C1:9D:1A:81:2C:3E:18:CB:D4:29:45:8D:09:7D:20:9E:25:A1:53
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b8GdGoEsPhjL1ClFjQl9IJ4loVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d5:67:03:73:40:d9:e7:1c:4f:7a:0b:27:cc:2f:9a:6d:b6:
         24:13:7d:d3:02:3d:74:32:8e:82:4a:c6:49:ae:a8:d0:85:85:
         3a:2b:9e:8a:7e:f4:e4:39:48:04:89:20:00:76:5f:e1:18:33:
         5a:6e:b3:38:62:a0:7f:4c:67:dd:37:f8:20:77:49:2e:e5:55:
         b2:e1:85:cd:de:f3:ab:ce:01:74:cd:30:5c:9e:6d:81:a2:dc:
         6d:18:da:56:25:b8:1e:2e:37:61:91:7a:13:4b:4e:61:4e:36:
         4f:00:fd:83:71:63:46:b6:67:c9:d8:97:3e:4c:53:b2:bd:49:
         c6:fd:1a:0e:23:12:c8:7e:da:0b:42:4e:bc:5b:21:89:fe:d1:
         c3:6e:9d:6a:0c:65:10:27:77:f5:f5:b7:88:11:37:a9:b0:ad:
         48:d0:4c:52:aa:8d:5e:86:41:0a:05:63:57:38:da:0c:83:84:
         5c:d2:5f:11:a6:2a:9a:7a:eb:38:35:57:7f:2b:f6:ee:28:4a:
         51:2f:8c:84:38:e7:6f:5d:7a:17:42:9a:9b:5d:41:b9:a2:e6:
         de:e6:15:b5:60:6b:1f:b7:05:38:b6:8c:6f:e2:33:d3:ca:78:
         2c:e0:82:38:b4:88:78:61:d1:12:86:7f:54:4b:f9:5e:07:15:
         fa:44:42:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ1a4uc7NLv+8thCck/k/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMxOWQxYTgxMmMzZTE4Y2JkNDI5NDU4ZDA5N2QyMDllMjVhMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzECP9tqBShcT36anJuzH1nzA3sT
SMV3k3j1JGN3pf7vX1PF7N7KNohvVfV08NBUnOWjTOGwWyhRvzmH77fq/fVfSZ1H
HMzuTooPlReVYMS7nH4czFDZJyzj8ggiq9W+fvL30IVaMoHs5nLv15KdVFy2p+aH
ed/16SX3fG1wYGBWOjA0Ii58VgxwopDlfymcR7Pra/o/DrdJYpzXzNk4pKH2eKxg
hODenBWTGfC8tus6XcKa77K175d2mnzX8lLDVg3hKuzAwDSkFrSkbnbw18SL0aEE
WgfEF7fv8qkGMgtfjn7jQdl/l2jQYpf1hg5LtM8wpZ5GKCOXAh32/M6hEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/BnRqBLD4Yy9QpRY0JfSCeJaFTMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvYjhHZEdvRXNQaGpMMUNsRmpRbDlJSjRsb1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrENMA0G
CSqGSIb3DQEBCwUAA4IBAQA/1WcDc0DZ5xxPegsnzC+abbYkE33TAj10Mo6CSsZJ
rqjQhYU6K56KfvTkOUgEiSAAdl/hGDNabrM4YqB/TGfdN/ggd0ku5VWy4YXN3vOr
zgF0zTBcnm2BotxtGNpWJbgeLjdhkXoTS05hTjZPAP2DcWNGtmfJ2Jc+TFOyvUnG
/RoOIxLIftoLQk68WyGJ/tHDbp1qDGUQJ3f19beIETepsK1I0ExSqo1ehkEKBWNX
ONoMg4Rc0l8Rpiqaeus4NVd/K/buKEpRL4yEOOdvXXoXQpqbXUG5oube5hW1YGsf
twU4toxv4jPTyngs4II4tIh4YdEShn9US/leBxX6RELk
-----END CERTIFICATE-----