Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/p8zRssL-qoCfvvI_dtLWUNgx7c4.roa
File:                     p8zRssL-qoCfvvI_dtLWUNgx7c4.roa (raw, json)
Hash identifier:          zYGisfdidI1eM9pSCirssYszt8G/y6UD9xrE/AACroU=
Subject key identifier:   A7:CC:D1:B2:C2:FE:AA:80:9F:BE:F2:3F:76:D2:D6:50:D8:31:ED:CE
Certificate issuer:       /CN=dc030af8c7538b9c5af852f1c42a175aaf46f7e0
Certificate serial:       0194221FFCD24B54A83AEB7FF87C87E2FBA1
Authority key identifier: DC:03:0A:F8:C7:53:8B:9C:5A:F8:52:F1:C4:2A:17:5A:AF:46:F7:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/p8zRssL-qoCfvvI_dtLWUNgx7c4.roa
Signing time:             Wed 01 Jan 2025 13:48:29 +0000
ROA not before:           Wed 01 Jan 2025 13:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1136
IP address blocks:        194.104.80.0/24 maxlen: 24
                          2a04:9fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:fc:d2:4b:54:a8:3a:eb:7f:f8:7c:87:e2:fb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc030af8c7538b9c5af852f1c42a175aaf46f7e0
        Validity
            Not Before: Jan  1 13:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7ccd1b2c2feaa809fbef23f76d2d650d831edce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c0:18:78:a6:c4:ff:5e:6a:b9:80:45:c9:2f:
                    77:ce:ff:c4:bb:f4:15:fc:81:90:dc:9b:48:7e:8b:
                    ed:79:5c:4f:6c:02:44:97:3c:ee:4e:26:3b:89:f7:
                    89:b7:73:33:5e:a3:8b:06:51:64:1e:01:c4:df:4f:
                    06:c7:f7:3f:cd:f4:bf:44:f3:e7:aa:66:69:81:ee:
                    d7:b8:ee:9f:4d:ec:74:5e:5b:c7:87:4c:87:71:93:
                    59:ae:46:c9:54:79:8a:af:f4:64:a6:64:08:c8:c8:
                    74:ee:b5:6c:fb:18:db:02:4b:e6:db:6e:40:50:cd:
                    db:68:5c:b9:ec:b1:f4:47:4a:93:05:4d:3a:6d:bb:
                    54:28:dd:e3:10:93:62:8b:2c:84:0e:16:4e:45:44:
                    77:ad:24:e8:a1:ba:ef:31:06:f5:1f:83:de:c2:68:
                    fb:19:0b:07:19:5e:ef:a5:10:66:04:f5:f0:ab:03:
                    21:29:f4:77:6f:8e:cf:46:a4:c5:4e:45:34:83:24:
                    21:55:6a:86:a2:cd:4d:4a:b5:68:64:4f:29:51:79:
                    4a:92:86:e5:05:95:a7:9f:78:ee:21:d0:45:f7:f1:
                    9b:d3:47:f7:04:51:74:16:78:e8:bc:4f:25:34:0d:
                    64:09:76:3b:2f:3a:a0:f1:25:d4:c6:8b:b7:6c:14:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CC:D1:B2:C2:FE:AA:80:9F:BE:F2:3F:76:D2:D6:50:D8:31:ED:CE
            X509v3 Authority Key Identifier:
                keyid:DC:03:0A:F8:C7:53:8B:9C:5A:F8:52:F1:C4:2A:17:5A:AF:46:F7:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/p8zRssL-qoCfvvI_dtLWUNgx7c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.80.0/24
                IPv6:
                  2a04:9fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:7d:17:05:11:ce:84:fb:2c:83:74:5a:68:06:0d:0a:f1:9e:
         b5:a3:fa:e0:5f:f9:43:75:80:7a:d7:ff:8e:de:a2:5f:df:46:
         0d:ea:1c:e0:79:e5:e4:cd:d5:b2:d9:8a:79:72:a8:88:80:96:
         76:bb:75:29:5f:2c:1a:49:97:8b:eb:22:dd:47:70:44:e2:6b:
         57:89:8f:2a:b6:88:1c:b2:a1:73:46:bc:3b:2c:1c:2c:6d:6a:
         a1:0b:15:0c:6e:85:d2:2b:8c:ac:90:00:c8:bc:20:41:de:63:
         11:8b:00:a5:2b:5d:58:05:6f:9a:f7:63:17:38:e0:24:95:ac:
         98:a4:ce:0d:b6:5b:19:02:1a:f8:ff:b4:f3:4b:95:ca:2d:cb:
         e2:e6:f5:86:a3:5a:88:aa:a2:a1:25:f3:0f:f1:f2:04:0b:35:
         51:49:11:4b:f6:23:a1:fb:b5:0d:0d:b0:bd:f5:30:e8:c7:f5:
         0c:1a:2b:5c:54:37:88:6b:5a:11:fd:74:8d:30:65:b5:11:4f:
         1f:f4:8a:51:b6:07:b9:19:95:a4:6c:5f:c6:d6:01:7e:4b:b9:
         49:a8:75:8c:be:95:c2:ad:1f:48:7e:4d:02:06:0b:e9:03:a7:
         6c:37:29:f9:56:8e:eb:7f:90:91:6c:08:63:08:f2:19:d2:ae:
         b5:51:45:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH/zSS1SoOut/+HyH4vuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDMwYWY4Yzc1MzhiOWM1YWY4NTJmMWM0MmExNzVhYWY0
NmY3ZTAwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2NjZDFiMmMyZmVhYTgwOWZiZWYyM2Y3NmQyZDY1MGQ4MzFlZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMAYeKbE/15quYBFyS93zv/Eu/QV
/IGQ3JtIfovteVxPbAJElzzuTiY7ifeJt3MzXqOLBlFkHgHE308Gx/c/zfS/RPPn
qmZpge7XuO6fTex0XlvHh0yHcZNZrkbJVHmKr/RkpmQIyMh07rVs+xjbAkvm225A
UM3baFy57LH0R0qTBU06bbtUKN3jEJNiiyyEDhZORUR3rSToobrvMQb1H4Pewmj7
GQsHGV7vpRBmBPXwqwMhKfR3b47PRqTFTkU0gyQhVWqGos1NSrVoZE8pUXlKkobl
BZWnn3juIdBF9/Gb00f3BFF0FnjovE8lNA1kCXY7Lzqg8SXUxou3bBQjsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKfM0bLC/qqAn77yP3bS1lDYMe3OMB8GA1UdIwQY
MBaAFNwDCvjHU4ucWvhS8cQqF1qvRvfgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FNSy1NZFRpNXhhLUZMeHhDb1hXcTlHOS1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84ZjVlNzUtMTMzNC00ZmIwLTlmNmEt
YmRkYzE4YzdhM2YzLzEvcDh6UnNzTC1xb0NmdnZJX2R0TFdVTmd4N2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84ZjVlNzUtMTMzNC00ZmIwLTlmNmEtYmRkYzE4YzdhM2Yz
LzEvM0FNSy1NZFRpNXhhLUZMeHhDb1hXcTlHOS1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmhQMA0E
AgACMAcDBQMqBJ/AMA0GCSqGSIb3DQEBCwUAA4IBAQB6fRcFEc6E+yyDdFpoBg0K
8Z61o/rgX/lDdYB61/+O3qJf30YN6hzgeeXkzdWy2Yp5cqiIgJZ2u3UpXywaSZeL
6yLdR3BE4mtXiY8qtogcsqFzRrw7LBwsbWqhCxUMboXSK4yskADIvCBB3mMRiwCl
K11YBW+a92MXOOAklayYpM4NtlsZAhr4/7TzS5XKLcvi5vWGo1qIqqKhJfMP8fIE
CzVRSRFL9iOh+7UNDbC99TDox/UMGitcVDeIa1oR/XSNMGW1EU8f9IpRtge5GZWk
bF/G1gF+S7lJqHWMvpXCrR9Ifk0CBgvpA6dsNyn5Vo7rf5CRbAhjCPIZ0q61UUVg
-----END CERTIFICATE-----