Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/jEkIkDjyHf0Y5CHlkh_SAYrLMi8.roa
File:                     jEkIkDjyHf0Y5CHlkh_SAYrLMi8.roa (raw, json)
Hash identifier:          nK+7va5r0DKn11vhjaj1KeeLmtO5MjFetghK5DI3nyo=
Subject key identifier:   8C:49:08:90:38:F2:1D:FD:18:E4:21:E5:92:1F:D2:01:8A:CB:32:2F
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       0194228D3A9B2143EABFB8F36A84ED816DE6
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/jEkIkDjyHf0Y5CHlkh_SAYrLMi8.roa
Signing time:             Wed 01 Jan 2025 15:47:48 +0000
ROA not before:           Wed 01 Jan 2025 15:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35123
IP address blocks:        195.225.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3a:9b:21:43:ea:bf:b8:f3:6a:84:ed:81:6d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 15:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c49089038f21dfd18e421e5921fd2018acb322f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:79:9d:0d:51:db:a9:e0:16:06:1e:2f:99:80:
                    17:58:65:80:59:89:5e:1a:0e:bc:2f:81:1a:03:8d:
                    69:26:20:5d:22:82:8d:55:4e:75:80:5e:1c:ff:6e:
                    88:10:a1:9a:fb:10:a4:16:c3:91:de:07:46:2d:31:
                    22:1c:5c:b7:07:f5:1b:4d:f9:8b:e2:76:07:26:3d:
                    7d:72:4b:41:85:08:cd:ea:f4:63:53:5d:aa:29:9b:
                    b7:57:ab:9d:3b:88:18:94:47:32:d6:20:84:30:45:
                    f6:55:34:41:b1:5a:2d:ad:8a:17:63:c5:9d:3c:ca:
                    29:bb:e7:5f:19:34:28:df:29:54:08:5e:24:6d:62:
                    8f:1e:09:bf:00:f8:ac:55:cf:52:11:b1:ba:4c:2f:
                    50:12:dd:6f:0e:b9:b8:de:df:52:c1:6c:bb:36:ff:
                    fc:78:68:13:c5:9a:9e:ff:b4:f9:8d:1c:83:f5:0f:
                    36:37:d2:96:4d:6c:bd:13:c4:7d:e8:ac:07:f3:80:
                    59:31:bb:25:90:02:06:ba:db:2b:38:e6:7c:34:87:
                    56:1d:57:78:80:3d:e0:53:50:05:3d:6e:6e:17:46:
                    c5:10:d3:f2:6f:15:0c:44:35:ba:81:c7:98:cf:cd:
                    ab:cf:b8:a1:cc:86:2b:de:f2:ea:91:15:d6:9c:80:
                    bb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:49:08:90:38:F2:1D:FD:18:E4:21:E5:92:1F:D2:01:8A:CB:32:2F
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/jEkIkDjyHf0Y5CHlkh_SAYrLMi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:91:df:81:ba:1d:2a:08:f0:0f:12:ac:10:3a:67:81:d8:ee:
         d9:27:68:4c:89:5c:de:cf:6d:fa:15:28:61:77:a6:09:51:4e:
         ff:fd:52:cc:a3:25:c1:ed:c2:ff:e4:61:fa:6b:ec:ae:6f:73:
         29:0b:99:5b:d5:14:f4:17:95:1c:43:22:00:92:af:3f:e3:5c:
         86:d9:9d:ff:2b:0b:df:5b:ba:69:89:92:da:a6:1f:37:b3:bf:
         a4:bf:21:20:9f:4c:46:b1:78:fd:e7:dd:1e:ca:27:95:0a:c7:
         0f:e8:7b:e6:94:0c:c8:67:c3:ec:9c:a4:fa:8d:69:08:ee:84:
         e6:df:ba:e9:fd:7a:c4:4d:e8:f5:3b:b1:5e:4f:10:33:7f:8f:
         d2:f1:b0:57:3b:cb:b9:4d:8f:0f:15:1a:41:3d:5f:e9:2a:0a:
         77:77:88:38:d5:d6:97:98:cf:4a:e5:de:b5:11:43:1b:33:f5:
         70:3b:4c:e4:fb:ff:87:35:20:5e:be:e7:41:01:81:81:d9:d1:
         f8:b1:75:ab:d4:dd:3d:8a:a8:b4:12:e1:12:6f:86:af:13:11:
         cf:a7:c7:9c:69:02:fe:7c:c8:12:69:48:27:63:b8:77:ee:a7:
         57:a9:74:67:d3:de:f2:fa:87:67:13:cc:b1:ad:0f:7c:49:80:
         37:cc:f4:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTqbIUPqv7jzaoTtgW3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjUwMTAxMTU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQ5MDg5MDM4ZjIxZGZkMThlNDIxZTU5MjFmZDIwMThhY2IzMjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3mdDVHbqeAWBh4vmYAXWGWAWYle
Gg68L4EaA41pJiBdIoKNVU51gF4c/26IEKGa+xCkFsOR3gdGLTEiHFy3B/UbTfmL
4nYHJj19cktBhQjN6vRjU12qKZu3V6udO4gYlEcy1iCEMEX2VTRBsVotrYoXY8Wd
PMopu+dfGTQo3ylUCF4kbWKPHgm/APisVc9SEbG6TC9QEt1vDrm43t9SwWy7Nv/8
eGgTxZqe/7T5jRyD9Q82N9KWTWy9E8R96KwH84BZMbslkAIGutsrOOZ8NIdWHVd4
gD3gU1AFPW5uF0bFENPybxUMRDW6gceYz82rz7ihzIYr3vLqkRXWnIC7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxJCJA48h39GOQh5ZIf0gGKyzIvMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvakVrSWtEanlIZjBZNUNIbGtoX1NBWXJMTWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+E0MA0G
CSqGSIb3DQEBCwUAA4IBAQBMkd+Buh0qCPAPEqwQOmeB2O7ZJ2hMiVzez236FShh
d6YJUU7//VLMoyXB7cL/5GH6a+yub3MpC5lb1RT0F5UcQyIAkq8/41yG2Z3/Kwvf
W7ppiZLaph83s7+kvyEgn0xGsXj9590eyieVCscP6HvmlAzIZ8PsnKT6jWkI7oTm
37rp/XrETej1O7FeTxAzf4/S8bBXO8u5TY8PFRpBPV/pKgp3d4g41daXmM9K5d61
EUMbM/VwO0zk+/+HNSBevudBAYGB2dH4sXWr1N09iqi0EuESb4avExHPp8ecaQL+
fMgSaUgnY7h37qdXqXRn097y+odnE8yxrQ98SYA3zPSJ
-----END CERTIFICATE-----