Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/j8S8_OZUpxB9k7LHRFPXRAKfkWU.roa
File:                     j8S8_OZUpxB9k7LHRFPXRAKfkWU.roa (raw, json)
Hash identifier:          k8mQUf/NuQPokL0zcpiZfvFdtMY/J1/bRRQuRB+KB/M=
Subject key identifier:   8F:C4:BC:FC:E6:54:A7:10:7D:93:B2:C7:44:53:D7:44:02:9F:91:65
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       01942748581FA7FAC0552C4916729A2934AE
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/j8S8_OZUpxB9k7LHRFPXRAKfkWU.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47981
IP address blocks:        194.225.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:58:1f:a7:fa:c0:55:2c:49:16:72:9a:29:34:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc4bcfce654a7107d93b2c74453d744029f9165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:61:1c:6a:80:54:7d:8e:39:01:4b:95:2a:d0:
                    21:fe:eb:c1:e6:3e:d1:51:a9:b8:80:26:b3:98:6f:
                    29:5a:09:23:1c:c3:ef:e0:ec:36:96:ec:38:9e:e6:
                    2e:06:65:d2:af:7c:95:c5:77:9e:03:6b:a7:9a:47:
                    75:b1:b8:12:ef:5c:a0:4a:10:a4:3c:af:73:ec:1e:
                    94:b4:b8:72:6a:8c:65:85:90:f5:85:e2:82:f7:38:
                    20:5b:02:12:5b:0d:aa:68:05:40:0b:59:3f:0f:d7:
                    d7:0e:7f:58:1d:4b:21:bb:73:fc:a1:b1:5d:01:1b:
                    cf:bb:e7:2d:3b:48:1f:17:6a:a3:9d:77:fd:79:42:
                    96:5c:5a:27:69:e9:10:17:25:d9:2e:0f:61:fc:ab:
                    2b:ba:02:01:8f:b8:0e:9e:49:a2:bc:f4:b7:5f:9f:
                    10:8c:c8:e2:ca:43:71:2f:e8:bc:08:e8:5d:7d:fc:
                    ad:75:3b:6d:3f:a7:e7:ac:4e:02:04:ba:96:4e:99:
                    fd:43:e1:87:48:35:43:80:2a:94:46:ea:d5:26:83:
                    08:bd:dd:9a:1d:bf:ed:92:fd:f5:d1:36:fe:cd:a8:
                    bc:3d:c0:8f:e1:95:7c:3d:01:5a:1a:fa:14:85:1e:
                    3f:ed:d4:c1:bb:5c:84:69:d7:e3:17:ba:27:77:da:
                    da:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C4:BC:FC:E6:54:A7:10:7D:93:B2:C7:44:53:D7:44:02:9F:91:65
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/j8S8_OZUpxB9k7LHRFPXRAKfkWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:7c:b4:d7:3e:37:38:09:00:25:f0:33:56:3f:0a:f8:0b:7b:
         71:40:72:09:2e:3e:18:5b:50:31:03:7f:4b:45:e3:e8:b1:5a:
         78:69:4f:34:ee:55:c2:b9:16:68:91:ee:60:d9:d7:cb:13:76:
         a9:f7:d1:59:d7:ce:20:f3:d0:21:01:ed:8d:e7:5f:c4:4c:80:
         2d:90:01:66:e8:45:d4:fa:10:2c:7a:a6:b6:16:1b:5a:1d:5b:
         78:1f:a3:69:40:eb:22:a6:98:3b:7a:d9:12:0f:a1:87:a9:3c:
         63:84:9d:84:b9:e8:ca:84:ff:6e:ed:fa:2f:0f:da:7d:b5:5c:
         38:42:de:0e:72:59:23:af:58:72:73:9a:7b:df:5c:30:1e:4f:
         c7:a6:af:77:13:7c:5c:51:d1:48:d7:12:49:ea:31:03:5b:8f:
         17:1d:e1:6e:34:c3:e3:ba:6a:25:74:ae:4c:4f:01:f7:ca:27:
         5e:29:37:1b:fb:4b:3e:16:96:44:c9:80:0f:97:71:26:a4:02:
         20:a3:56:bb:06:c4:21:9e:4d:5e:1d:52:70:62:93:ac:41:72:
         4f:e8:dd:4f:ad:00:08:fc:3a:50:3a:5d:ea:59:ce:6e:a1:fb:
         96:73:33:f6:a6:3d:05:df:8a:51:f2:8a:25:4b:44:15:68:45:
         33:73:bb:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFgfp/rAVSxJFnKaKTSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM0YmNmY2U2NTRhNzEwN2Q5M2IyYzc0NDUzZDc0NDAyOWY5MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmEcaoBUfY45AUuVKtAh/uvB5j7R
Uam4gCazmG8pWgkjHMPv4Ow2luw4nuYuBmXSr3yVxXeeA2unmkd1sbgS71ygShCk
PK9z7B6UtLhyaoxlhZD1heKC9zggWwISWw2qaAVAC1k/D9fXDn9YHUshu3P8obFd
ARvPu+ctO0gfF2qjnXf9eUKWXFonaekQFyXZLg9h/KsrugIBj7gOnkmivPS3X58Q
jMjiykNxL+i8COhdffytdTttP6fnrE4CBLqWTpn9Q+GHSDVDgCqURurVJoMIvd2a
Hb/tkv310Tb+zai8PcCP4ZV8PQFaGvoUhR4/7dTBu1yEadfjF7ond9ra1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/EvPzmVKcQfZOyx0RT10QCn5FlMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvajhTOF9PWlVweEI5azdMSFJGUFhSQUtma1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwuG4MA0G
CSqGSIb3DQEBCwUAA4IBAQCWfLTXPjc4CQAl8DNWPwr4C3txQHIJLj4YW1AxA39L
RePosVp4aU807lXCuRZoke5g2dfLE3ap99FZ184g89AhAe2N51/ETIAtkAFm6EXU
+hAseqa2FhtaHVt4H6NpQOsippg7etkSD6GHqTxjhJ2EuejKhP9u7fovD9p9tVw4
Qt4Oclkjr1hyc5p731wwHk/Hpq93E3xcUdFI1xJJ6jEDW48XHeFuNMPjumoldK5M
TwH3yideKTcb+0s+FpZEyYAPl3EmpAIgo1a7BsQhnk1eHVJwYpOsQXJP6N1PrQAI
/DpQOl3qWc5uofuWczP2pj0F34pR8oolS0QVaEUzc7sq
-----END CERTIFICATE-----