Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/fH6sDXGetVRI3hPF5HUONeCp9Wk.roa
File:                     fH6sDXGetVRI3hPF5HUONeCp9Wk.roa (raw, json)
Hash identifier:          TP0W3HK5IE4cMM3rJUPFtgS4EyWeD7TnO/X/cjEszA8=
Subject key identifier:   7C:7E:AC:0D:71:9E:B5:54:48:DE:13:C5:E4:75:0E:35:E0:A9:F5:69
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DAF861A21EFFE2040275327DEBFA9
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/fH6sDXGetVRI3hPF5HUONeCp9Wk.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208880
IP address blocks:        176.236.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:af:86:1a:21:ef:fe:20:40:27:53:27:de:bf:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c7eac0d719eb55448de13c5e4750e35e0a9f569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cb:00:0d:d8:c6:94:65:f8:cb:9c:e2:81:d9:
                    80:a1:91:d3:84:d6:7b:52:9d:15:a6:3a:a3:f8:8d:
                    00:3d:87:8b:81:9b:7f:02:39:3e:82:59:60:98:6c:
                    da:e9:7e:b0:8a:51:bc:49:49:e6:79:29:60:e1:47:
                    2f:a1:e4:17:53:c2:0b:92:d8:e2:b3:82:b8:3f:c0:
                    fb:b8:84:04:a6:a2:95:b0:93:a3:da:d8:ad:7c:fa:
                    fe:47:ab:50:e4:7a:13:a1:e5:7c:91:52:ec:ef:ec:
                    88:9f:36:c9:43:42:f0:fd:30:a4:ac:d4:2f:9d:5d:
                    3c:95:46:b7:a7:45:51:d2:1e:35:a1:02:62:28:f1:
                    85:c3:d3:fc:d3:6e:0d:b2:23:b4:dc:31:23:b3:69:
                    97:b8:bd:c6:e5:1f:04:9a:c8:25:15:c7:f6:44:8b:
                    55:ec:c8:50:d4:90:40:a4:0b:9f:ca:9c:ac:2d:af:
                    56:4d:7f:d9:72:f9:a4:10:a0:d9:43:27:7d:5c:17:
                    2e:01:5a:a9:cd:b2:72:28:3b:a2:17:4c:42:d9:d1:
                    5c:dd:c6:d3:05:7e:e0:67:c8:8c:fe:a4:8f:40:b9:
                    e6:cd:7e:47:96:16:bc:5e:8b:e8:92:45:82:0e:8c:
                    32:ab:5d:b0:b3:9f:d7:1e:9d:f8:86:9c:41:04:a5:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7E:AC:0D:71:9E:B5:54:48:DE:13:C5:E4:75:0E:35:E0:A9:F5:69
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/fH6sDXGetVRI3hPF5HUONeCp9Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.236.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:5a:25:10:0b:85:f3:0d:67:6b:59:6f:f7:db:2c:11:30:bf:
         84:5a:51:d8:78:84:ce:d1:53:b6:31:e5:54:4a:44:aa:67:90:
         85:31:b1:1e:ec:fc:64:87:61:b6:d7:2c:db:aa:3e:52:ce:50:
         d8:a8:4b:80:f9:2d:e9:83:6c:10:8f:ed:ae:7c:41:de:cc:7c:
         9e:9b:e4:0f:d7:3d:5b:8c:d6:98:e8:29:47:8d:9f:d9:80:b8:
         25:db:25:ed:68:7e:18:b0:3f:2b:62:ba:77:c0:08:cc:32:ac:
         7b:4c:54:21:2c:c8:8b:02:08:89:03:3b:89:2e:5c:c8:bf:51:
         c5:b5:90:89:b8:a5:f1:30:91:3a:dd:38:79:c2:c4:3a:cb:9f:
         19:22:bf:19:60:84:2a:1e:dd:2e:e4:a3:78:74:c3:10:5e:51:
         02:24:89:6f:5c:83:62:eb:f8:86:81:4d:f1:28:e4:28:09:48:
         45:db:aa:8a:c9:7b:80:dc:3e:6b:6e:e1:b6:b6:93:6c:4e:b6:
         83:e2:aa:89:e5:f8:86:1f:cd:53:e0:c7:db:16:bb:9f:36:be:
         69:e8:f7:14:61:69:bc:28:7e:f8:81:e9:e6:91:f2:7c:e2:e7:
         0c:66:f6:70:f6:9b:cf:96:98:14:78:83:57:cb:0d:56:45:6e:
         0a:3a:46:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQija+GGiHv/iBAJ1Mn3r+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdlYWMwZDcxOWViNTU0NDhkZTEzYzVlNDc1MGUzNWUwYTlmNTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMsADdjGlGX4y5zigdmAoZHThNZ7
Up0Vpjqj+I0APYeLgZt/Ajk+gllgmGza6X6wilG8SUnmeSlg4UcvoeQXU8ILktji
s4K4P8D7uIQEpqKVsJOj2titfPr+R6tQ5HoToeV8kVLs7+yInzbJQ0Lw/TCkrNQv
nV08lUa3p0VR0h41oQJiKPGFw9P8024NsiO03DEjs2mXuL3G5R8EmsglFcf2RItV
7MhQ1JBApAufypysLa9WTX/ZcvmkEKDZQyd9XBcuAVqpzbJyKDuiF0xC2dFc3cbT
BX7gZ8iM/qSPQLnmzX5Hlha8XovokkWCDowyq12ws5/XHp34hpxBBKVwyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx+rA1xnrVUSN4TxeR1DjXgqfVpMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvZkg2c0RYR2V0VlJJM2hQRjVIVU9OZUNwOVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOz1MA0G
CSqGSIb3DQEBCwUAA4IBAQB8WiUQC4XzDWdrWW/32ywRML+EWlHYeITO0VO2MeVU
SkSqZ5CFMbEe7Pxkh2G21yzbqj5SzlDYqEuA+S3pg2wQj+2ufEHezHyem+QP1z1b
jNaY6ClHjZ/ZgLgl2yXtaH4YsD8rYrp3wAjMMqx7TFQhLMiLAgiJAzuJLlzIv1HF
tZCJuKXxMJE63Th5wsQ6y58ZIr8ZYIQqHt0u5KN4dMMQXlECJIlvXINi6/iGgU3x
KOQoCUhF26qKyXuA3D5rbuG2tpNsTraD4qqJ5fiGH81T4MfbFrufNr5p6PcUYWm8
KH74genmkfJ84ucMZvZw9pvPlpgUeINXyw1WRW4KOkaj
-----END CERTIFICATE-----