Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/uI8lFhTxbU7XCjkbphUEU_LgR1s.roa
File:                     uI8lFhTxbU7XCjkbphUEU_LgR1s.roa (raw, json)
Hash identifier:          8FbC9jD7odYRy5r+lSqmVJIE2x1QODwfdsQJ3Toqh1E=
Subject key identifier:   B8:8F:25:16:14:F1:6D:4E:D7:0A:39:1B:A6:15:04:53:F2:E0:47:5B
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       01941FFA69DACA0C0707DB6FA25603C4305E
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/uI8lFhTxbU7XCjkbphUEU_LgR1s.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213198
IP address blocks:        195.64.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:69:da:ca:0c:07:07:db:6f:a2:56:03:c4:30:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b88f251614f16d4ed70a391ba6150453f2e0475b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5a:74:9e:35:c3:06:53:53:7c:04:5d:fa:f3:
                    23:df:8b:72:cc:1e:fa:48:e6:f2:d8:b7:a8:21:fd:
                    de:82:3f:81:c2:46:7a:71:0e:4f:b5:8a:bd:c1:4a:
                    c3:02:7d:89:f9:d3:16:4d:dd:b4:a4:3f:08:cd:26:
                    77:71:07:1d:1f:fa:51:07:82:05:77:71:58:27:09:
                    73:9b:23:5c:04:8f:da:7b:a6:69:bd:e5:30:4f:51:
                    b5:0e:49:65:55:8b:92:73:7e:0a:c6:06:56:5f:b3:
                    22:31:56:ef:1b:b5:bc:33:2d:db:a8:57:7f:0b:3c:
                    df:1f:a5:c0:4e:e4:8e:8e:53:7b:e7:71:55:65:4a:
                    00:7f:36:8e:db:db:0e:fd:03:2a:d2:7b:13:b3:64:
                    37:e0:2f:0c:0d:8c:fc:48:2f:8b:17:cf:c4:6e:8f:
                    ec:0a:62:82:f2:99:aa:df:55:36:12:c0:ff:44:b0:
                    7e:80:f3:f3:df:b3:77:4d:ed:a7:f3:8b:7f:f0:55:
                    8e:6d:e7:0e:cf:76:1a:8a:b6:c2:75:f7:7d:9b:94:
                    de:23:87:b7:7b:73:82:27:0e:12:81:3a:83:5e:5b:
                    1c:85:90:cb:01:bd:3a:e5:66:97:36:f0:9e:e2:8a:
                    c0:88:00:67:83:17:07:93:eb:6f:39:d3:67:6f:a2:
                    4b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8F:25:16:14:F1:6D:4E:D7:0A:39:1B:A6:15:04:53:F2:E0:47:5B
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/uI8lFhTxbU7XCjkbphUEU_LgR1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d6:dd:b8:ab:94:1b:fc:71:27:aa:54:d4:2f:71:ab:e0:3d:
         c9:8d:0a:4b:72:6c:a0:95:bb:76:3d:1c:b8:e6:d1:99:3a:5b:
         b7:08:93:2e:70:60:93:e7:85:ef:f1:34:e9:ab:80:4e:a5:a9:
         36:a0:94:3a:fa:c6:70:97:38:9e:1c:5e:0d:44:09:ea:dd:70:
         7d:46:1a:bb:9b:52:52:75:d5:0e:4a:09:28:fd:d6:45:b6:1e:
         2a:b5:13:06:8c:7c:62:ea:1c:e2:21:83:64:ce:3c:74:f5:a0:
         8f:8e:d0:7e:a1:9f:e9:9f:ad:fb:b2:90:b3:40:c0:88:d0:21:
         ea:5c:97:ac:7a:5e:7a:20:dd:c4:95:55:1c:14:02:24:b7:1e:
         ea:be:4d:09:f4:7b:1c:fe:12:15:70:5d:59:8c:a3:43:2b:92:
         00:16:ac:d3:32:ab:61:0c:a7:af:b2:c2:73:42:7e:e4:4c:a4:
         e1:ef:06:c7:62:13:22:e0:45:dd:3d:2d:00:49:59:66:85:db:
         54:09:86:ad:51:ba:d4:e2:a3:c8:b9:10:be:9e:4b:a1:f4:4b:
         ff:e3:99:a1:b1:b9:a3:b2:5d:4b:86:4b:0a:94:e3:2c:f6:fd:
         5d:23:3d:cf:ef:20:ba:b2:07:5e:e4:ed:e0:d1:51:d9:65:1f:
         32:16:27:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mnaygwHB9tvolYDxDBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhmMjUxNjE0ZjE2ZDRlZDcwYTM5MWJhNjE1MDQ1M2YyZTA0NzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFp0njXDBlNTfARd+vMj34tyzB76
SOby2LeoIf3egj+BwkZ6cQ5PtYq9wUrDAn2J+dMWTd20pD8IzSZ3cQcdH/pRB4IF
d3FYJwlzmyNcBI/ae6ZpveUwT1G1DkllVYuSc34KxgZWX7MiMVbvG7W8My3bqFd/
CzzfH6XATuSOjlN753FVZUoAfzaO29sO/QMq0nsTs2Q34C8MDYz8SC+LF8/Ebo/s
CmKC8pmq31U2EsD/RLB+gPPz37N3Te2n84t/8FWObecOz3YairbCdfd9m5TeI4e3
e3OCJw4SgTqDXlschZDLAb065WaXNvCe4orAiABngxcHk+tvOdNnb6JLSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiPJRYU8W1O1wo5G6YVBFPy4EdbMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvdUk4bEZoVHhiVTdYQ2prYnBoVUVVX0xnUjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0DuMA0G
CSqGSIb3DQEBCwUAA4IBAQBP1t24q5Qb/HEnqlTUL3Gr4D3JjQpLcmyglbt2PRy4
5tGZOlu3CJMucGCT54Xv8TTpq4BOpak2oJQ6+sZwlzieHF4NRAnq3XB9Rhq7m1JS
ddUOSgko/dZFth4qtRMGjHxi6hziIYNkzjx09aCPjtB+oZ/pn637spCzQMCI0CHq
XJesel56IN3ElVUcFAIktx7qvk0J9Hsc/hIVcF1ZjKNDK5IAFqzTMqthDKevssJz
Qn7kTKTh7wbHYhMi4EXdPS0ASVlmhdtUCYatUbrU4qPIuRC+nkuh9Ev/45mhsbmj
sl1LhksKlOMs9v1dIz3P7yC6sgde5O3g0VHZZR8yFicX
-----END CERTIFICATE-----