Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/tIoiJqn_Zw4bkifEyWUceFVpDXE.roa
File:                     tIoiJqn_Zw4bkifEyWUceFVpDXE.roa (raw, json)
Hash identifier:          +3bSV4N3AQ7/Wh4s2xd9vZBKmvEVCXYmroX/aifAP+8=
Subject key identifier:   B4:8A:22:26:A9:FF:67:0E:1B:92:27:C4:C9:65:1C:78:55:69:0D:71
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       0194EF9CD56A459F5C582DE855A3E61EF128
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/tIoiJqn_Zw4bkifEyWUceFVpDXE.roa
Signing time:             Mon 10 Feb 2025 11:27:00 +0000
ROA not before:           Mon 10 Feb 2025 11:27:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198651
IP address blocks:        86.38.112.0/24 maxlen: 24
                          86.38.113.0/24 maxlen: 24
                          86.38.114.0/24 maxlen: 24
                          86.38.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ef:9c:d5:6a:45:9f:5c:58:2d:e8:55:a3:e6:1e:f1:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Feb 10 11:27:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b48a2226a9ff670e1b9227c4c9651c7855690d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:71:da:dd:36:e8:75:07:87:75:1d:e8:bc:
                    5e:d8:f6:f3:a7:37:59:80:8e:30:d5:d0:21:a6:3c:
                    85:a2:dd:21:e2:f9:c3:63:d4:6c:ae:59:a0:81:31:
                    c7:44:aa:8c:56:11:cd:67:78:ff:18:7e:a8:12:4c:
                    19:29:c8:a7:f4:8b:2b:be:d4:b8:31:1a:8e:e2:f6:
                    71:e4:0c:38:6b:70:aa:08:45:71:36:17:27:25:83:
                    b1:af:35:68:0d:b0:fd:d3:de:9c:66:f4:74:5a:e1:
                    7e:73:09:cd:fd:77:e3:ea:3e:df:4b:ce:b2:27:d4:
                    a7:d5:bd:5e:59:7f:b2:16:8e:04:62:87:f0:fc:3a:
                    6b:0c:5d:26:3a:2b:13:4f:54:6f:8f:f7:7a:89:52:
                    c2:c8:30:cf:4b:02:61:55:7e:b7:78:3f:29:ce:d1:
                    ba:25:a9:95:20:a8:af:7b:1a:4c:25:e8:06:70:fc:
                    35:3d:54:f7:e9:8f:88:3f:6e:1c:28:89:37:59:f8:
                    79:3b:d1:9e:10:41:9f:37:55:63:9d:51:12:0c:89:
                    d5:9d:74:5f:97:57:70:b8:cc:71:7d:7b:b0:6a:df:
                    24:b9:81:17:8a:31:5c:bf:88:c9:04:5e:ac:e6:57:
                    ee:44:1c:bc:ed:dd:bc:98:89:c9:93:7e:e4:f5:e8:
                    3e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8A:22:26:A9:FF:67:0E:1B:92:27:C4:C9:65:1C:78:55:69:0D:71
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/tIoiJqn_Zw4bkifEyWUceFVpDXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:63:29:d0:dd:b5:81:89:54:8c:52:60:5e:d5:13:26:f9:f3:
         70:a6:99:ca:c0:da:16:e0:7d:87:eb:6b:6f:16:f1:3c:de:47:
         fb:80:7c:c2:a9:65:35:b4:81:96:18:99:7e:3e:30:9d:cf:99:
         69:d9:76:23:ea:52:ed:be:6c:47:76:0a:fe:f2:ae:bc:0c:af:
         68:fa:4a:cb:73:8c:62:c6:af:04:33:8d:e7:64:b0:5c:70:c3:
         63:61:ed:7d:5d:72:d1:a6:a8:46:50:bb:b3:9c:ed:71:a0:7b:
         38:78:77:94:be:28:8a:97:31:cc:d9:8c:e7:c5:96:2c:54:1c:
         b0:a6:b0:5e:4a:03:6c:b9:80:51:c2:5a:2a:e2:da:56:b1:22:
         1d:d9:8d:f5:f9:94:09:fb:01:ae:58:42:c1:4a:26:d3:71:85:
         3e:26:65:ee:90:74:97:a9:ab:a9:16:1e:3e:51:01:2e:2d:39:
         5d:d6:d3:3b:b2:f7:73:cf:cc:d7:56:dc:cc:3e:38:b6:30:5c:
         13:46:00:27:4f:ab:af:b8:27:46:64:cd:a0:46:77:4b:a1:8f:
         a2:66:a3:a5:59:d2:c5:32:f7:49:bc:b9:ec:67:47:d2:91:94:
         37:a7:a7:b5:49:cd:8f:96:20:f4:c9:cb:19:22:fb:03:db:97:
         0b:e6:e0:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTvnNVqRZ9cWC3oVaPmHvEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMjEwMTEyNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhhMjIyNmE5ZmY2NzBlMWI5MjI3YzRjOTY1MWM3ODU1NjkwZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy5x2t026HUHh3Ud6Lxe2PbzpzdZ
gI4w1dAhpjyFot0h4vnDY9RsrlmggTHHRKqMVhHNZ3j/GH6oEkwZKcin9IsrvtS4
MRqO4vZx5Aw4a3CqCEVxNhcnJYOxrzVoDbD9096cZvR0WuF+cwnN/Xfj6j7fS86y
J9Sn1b1eWX+yFo4EYofw/DprDF0mOisTT1Rvj/d6iVLCyDDPSwJhVX63eD8pztG6
JamVIKivexpMJegGcPw1PVT36Y+IP24cKIk3Wfh5O9GeEEGfN1VjnVESDInVnXRf
l1dwuMxxfXuwat8kuYEXijFcv4jJBF6s5lfuRBy87d28mInJk37k9eg+xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSKIiap/2cOG5InxMllHHhVaQ1xMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvdElvaUpxbl9adzRia2lmRXlXVWNlRlZwRFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCViZwMA0G
CSqGSIb3DQEBCwUAA4IBAQArYynQ3bWBiVSMUmBe1RMm+fNwppnKwNoW4H2H62tv
FvE83kf7gHzCqWU1tIGWGJl+PjCdz5lp2XYj6lLtvmxHdgr+8q68DK9o+krLc4xi
xq8EM43nZLBccMNjYe19XXLRpqhGULuznO1xoHs4eHeUviiKlzHM2YznxZYsVByw
prBeSgNsuYBRwloq4tpWsSId2Y31+ZQJ+wGuWELBSibTcYU+JmXukHSXqaupFh4+
UQEuLTld1tM7svdzz8zXVtzMPji2MFwTRgAnT6uvuCdGZM2gRndLoY+iZqOlWdLF
MvdJvLnsZ0fSkZQ3p6e1Sc2PliD0ycsZIvsD25cL5uBR
-----END CERTIFICATE-----