Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/S8F_BqZIysXEe93wY7E7gYPrrEE.roa
File:                     S8F_BqZIysXEe93wY7E7gYPrrEE.roa (raw, json)
Hash identifier:          yxA+Gb1gegChlT9RImwWVjBq+UzqZu56Rk2vXQ11x70=
Subject key identifier:   4B:C1:7F:06:A6:48:CA:C5:C4:7B:DD:F0:63:B1:3B:81:83:EB:AC:41
Certificate issuer:       /CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
Certificate serial:       0195AF1F2965BD4605617B52E3A0E281536E
Authority key identifier: B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/S8F_BqZIysXEe93wY7E7gYPrrEE.roa
Signing time:             Wed 19 Mar 2025 15:56:49 +0000
ROA not before:           Wed 19 Mar 2025 15:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47216
IP address blocks:        91.216.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:af:1f:29:65:bd:46:05:61:7b:52:e3:a0:e2:81:53:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Validity
            Not Before: Mar 19 15:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bc17f06a648cac5c47bddf063b13b8183ebac41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d2:06:19:9a:c5:28:8b:66:f8:5d:c0:7e:2b:
                    6f:b2:3d:60:ee:c1:75:24:7d:18:6c:65:2a:5e:e8:
                    e0:c7:8e:42:0e:a8:4b:57:d1:56:9a:44:67:11:8f:
                    55:e5:e9:ba:38:ac:66:03:e9:29:cd:3b:fd:58:59:
                    cd:de:67:15:89:11:43:92:80:c7:f3:c6:f7:d7:a5:
                    14:a6:46:0f:40:a9:61:1d:d1:29:2c:5d:46:02:75:
                    d5:d6:38:18:f3:35:dc:6a:6a:18:fc:0f:76:a8:9a:
                    fb:7a:40:97:3c:09:89:fa:2b:6e:24:53:97:c0:2d:
                    44:fc:b1:87:39:e2:90:cd:1f:f3:75:27:36:c7:9d:
                    e9:7c:07:63:db:16:24:7e:20:25:0c:00:f0:c6:2a:
                    2f:e8:cf:cd:69:0c:d6:e8:30:18:46:ed:ff:98:df:
                    5e:ca:a6:c8:60:8e:60:43:61:92:6c:3a:d3:7b:b3:
                    92:97:72:56:73:8e:9f:bb:a0:b0:0c:64:b0:12:35:
                    42:a0:5a:bd:d6:dc:77:df:cf:7c:47:5b:fc:fa:a9:
                    c1:e4:e6:dd:1d:26:0a:67:8f:82:35:5b:23:f9:fa:
                    73:f5:d4:c1:70:3a:01:c0:5c:08:e6:07:fb:89:e0:
                    fd:3b:1e:a0:07:4a:d3:78:2d:ef:4a:7e:8e:9f:41:
                    c8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C1:7F:06:A6:48:CA:C5:C4:7B:DD:F0:63:B1:3B:81:83:EB:AC:41
            X509v3 Authority Key Identifier:
                keyid:B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/S8F_BqZIysXEe93wY7E7gYPrrEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:8d:a9:32:7f:3f:e2:52:79:95:5b:11:31:aa:0f:eb:7a:b9:
         6b:d9:91:21:d0:b3:1f:55:55:08:d7:1d:64:4f:49:0f:7a:77:
         1a:87:b2:bd:8a:c3:ce:cb:4d:1d:99:0e:9c:a8:0e:9d:f2:3e:
         35:8e:59:0a:7a:c5:c0:d3:82:5a:fe:af:aa:63:0b:f5:37:28:
         6d:24:cc:90:dd:d5:4b:6b:dd:33:45:6a:df:fc:38:6c:06:12:
         79:b4:fc:29:48:d1:0c:5d:ba:93:ab:68:ad:89:c6:86:a4:70:
         c6:96:17:ec:4f:f8:31:08:f2:e0:41:38:07:cf:80:a5:c4:e4:
         03:58:53:d4:91:ec:70:89:0b:4e:7a:b6:97:48:15:5d:00:eb:
         35:85:d7:11:02:63:99:f0:bb:a8:30:c7:cd:9c:5c:f1:68:cd:
         5a:e9:3b:5c:37:a7:7e:4b:0e:89:20:2d:2e:66:99:37:60:09:
         ec:79:93:d8:8d:56:de:13:28:19:34:35:39:2c:99:4f:53:a7:
         63:3c:18:6c:93:0d:ba:9b:42:7f:32:ee:28:b6:13:9d:9b:36:
         22:4a:dd:6d:02:00:58:83:40:90:d9:01:6c:82:20:e6:16:54:
         90:24:8b:51:c2:9f:f8:13:d2:ee:f1:c4:6a:61:3b:8b:e4:ed:
         a7:c7:5c:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWvHyllvUYFYXtS46DigVNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWM0Y2U2NjNlMWVjMjQ1ZTc0N2NkODQ2ZjFhNjlkZGI4
MzRiM2IwHhcNMjUwMzE5MTU1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmMxN2YwNmE2NDhjYWM1YzQ3YmRkZjA2M2IxM2I4MTgzZWJhYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNIGGZrFKItm+F3Afitvsj1g7sF1
JH0YbGUqXujgx45CDqhLV9FWmkRnEY9V5em6OKxmA+kpzTv9WFnN3mcViRFDkoDH
88b316UUpkYPQKlhHdEpLF1GAnXV1jgY8zXcamoY/A92qJr7ekCXPAmJ+ituJFOX
wC1E/LGHOeKQzR/zdSc2x53pfAdj2xYkfiAlDADwxiov6M/NaQzW6DAYRu3/mN9e
yqbIYI5gQ2GSbDrTe7OSl3JWc46fu6CwDGSwEjVCoFq91tx33898R1v8+qnB5Obd
HSYKZ4+CNVsj+fpz9dTBcDoBwFwI5gf7ieD9Ox6gB0rTeC3vSn6On0HI3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvBfwamSMrFxHvd8GOxO4GD66xBMB8GA1UdIwQY
MBaAFLMcTOZj4ewkXnR82Ebxpp3bg0s7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMt
NDY1YWRjMjk1OWYyLzEvUzhGX0JxWkl5c1hFZTkzd1k3RTdnWVByckVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMtNDY1YWRjMjk1OWYy
LzEvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hHMA0G
CSqGSIb3DQEBCwUAA4IBAQA/jakyfz/iUnmVWxExqg/rerlr2ZEh0LMfVVUI1x1k
T0kPencah7K9isPOy00dmQ6cqA6d8j41jlkKesXA04Ja/q+qYwv1NyhtJMyQ3dVL
a90zRWrf/DhsBhJ5tPwpSNEMXbqTq2iticaGpHDGlhfsT/gxCPLgQTgHz4ClxOQD
WFPUkexwiQtOeraXSBVdAOs1hdcRAmOZ8LuoMMfNnFzxaM1a6TtcN6d+Sw6JIC0u
Zpk3YAnseZPYjVbeEygZNDU5LJlPU6djPBhskw26m0J/Mu4othOdmzYiSt1tAgBY
g0CQ2QFsgiDmFlSQJItRwp/4E9Lu8cRqYTuL5O2nx1wj
-----END CERTIFICATE-----