Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/8KvlfbRq8s2GAiIRzqG7Rk422Gs.roa
File:                     8KvlfbRq8s2GAiIRzqG7Rk422Gs.roa (raw, json)
Hash identifier:          dNyvw6BImK/4I7a0t4iqRMr5gilh+0d+uv1VajB8u9E=
Subject key identifier:   F0:AB:E5:7D:B4:6A:F2:CD:86:02:22:11:CE:A1:BB:46:4E:36:D8:6B
Certificate issuer:       /CN=7d9f6529e3c26ed08c95f74fe63d7b2eeb21f571
Certificate serial:       0194221FFB933232236C66E3F51D444DE5D2
Authority key identifier: 7D:9F:65:29:E3:C2:6E:D0:8C:95:F7:4F:E6:3D:7B:2E:EB:21:F5:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZ9lKePCbtCMlfdP5j17Lush9XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/8KvlfbRq8s2GAiIRzqG7Rk422Gs.roa
Signing time:             Wed 01 Jan 2025 13:48:28 +0000
ROA not before:           Wed 01 Jan 2025 13:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31019
IP address blocks:        5.42.207.0/24 maxlen: 24
                          194.213.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/fZ9lKePCbtCMlfdP5j17Lush9XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/fZ9lKePCbtCMlfdP5j17Lush9XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZ9lKePCbtCMlfdP5j17Lush9XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:fb:93:32:32:23:6c:66:e3:f5:1d:44:4d:e5:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d9f6529e3c26ed08c95f74fe63d7b2eeb21f571
        Validity
            Not Before: Jan  1 13:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0abe57db46af2cd86022211cea1bb464e36d86b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c2:c7:96:4d:47:fc:85:de:0b:b3:e7:2c:ec:
                    89:c6:13:21:7d:a7:4f:4d:35:0d:98:08:57:c4:11:
                    42:b8:ff:b4:e5:7a:6a:62:1e:ac:0c:43:bd:e1:e6:
                    b0:a3:cd:78:d7:78:e1:3b:44:55:3c:8c:90:d9:46:
                    e4:e4:f1:97:b0:7b:31:05:ab:57:8e:96:f6:2e:89:
                    7c:84:60:d5:41:31:7a:d4:b0:e8:4c:c4:9d:ea:20:
                    0b:2f:d2:0b:61:09:46:0d:9d:48:66:f2:c4:07:b6:
                    e7:ce:9b:49:35:7a:cb:f6:d6:cb:51:1f:3a:58:17:
                    fc:7c:65:09:35:9b:01:71:e8:c8:d6:76:14:71:7a:
                    8b:b4:ab:31:ef:1b:66:80:30:3a:27:20:79:ca:d8:
                    e6:75:7f:52:06:54:41:e4:cc:d0:7a:3c:64:66:f2:
                    b5:4d:e0:b9:e4:00:97:b8:a7:9c:dd:a4:9e:b8:8b:
                    40:bd:32:47:11:75:e6:90:d3:a1:13:c5:27:25:a6:
                    34:56:a5:44:ae:df:7b:a4:e7:9e:16:0e:87:c2:94:
                    8f:d2:00:70:cd:03:fa:bb:0e:66:b9:ca:4c:60:01:
                    12:4f:e5:9c:04:af:ad:81:1e:b4:30:7e:b8:33:38:
                    46:35:f6:a3:6c:93:35:a5:72:1e:6e:4c:33:5c:ec:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:AB:E5:7D:B4:6A:F2:CD:86:02:22:11:CE:A1:BB:46:4E:36:D8:6B
            X509v3 Authority Key Identifier:
                keyid:7D:9F:65:29:E3:C2:6E:D0:8C:95:F7:4F:E6:3D:7B:2E:EB:21:F5:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZ9lKePCbtCMlfdP5j17Lush9XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/8KvlfbRq8s2GAiIRzqG7Rk422Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/267b51-9adb-4038-b24c-926240aa5f05/1/fZ9lKePCbtCMlfdP5j17Lush9XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.207.0/24
                  194.213.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:07:02:e8:2b:23:b0:db:2d:ee:9e:8e:98:f8:ce:08:6e:af:
         29:83:a1:6c:eb:6c:54:c0:c4:0f:f7:7f:04:ca:e1:cc:41:57:
         6d:8c:65:de:60:d5:66:92:c9:ac:84:cc:f4:50:97:d6:22:f3:
         54:b7:f8:8c:e6:aa:b9:bc:91:ed:ad:57:49:05:9f:af:b6:13:
         49:18:a7:c3:41:4d:0d:7a:41:6e:35:96:ba:22:61:a3:8a:ee:
         98:59:8f:93:7f:71:eb:29:91:04:5b:e8:3c:96:be:f4:45:99:
         1c:1e:9c:6c:ea:e4:3b:a6:5e:94:ae:05:2b:62:f1:c2:94:16:
         d0:13:f5:f3:f1:d2:53:79:d0:63:e9:21:34:97:85:26:8d:1f:
         29:45:2b:90:a5:ca:d2:98:7e:d1:17:48:ef:20:65:a0:ea:3e:
         18:c3:09:b2:d5:13:62:f3:c2:1f:12:1b:08:9d:c4:2e:11:1c:
         0c:cf:e8:fe:3d:d9:5c:9a:77:5f:b5:c3:f3:8f:c2:eb:71:a0:
         c3:a4:a4:e3:1b:48:a2:01:8b:b5:6c:6e:98:7f:db:fa:47:03:
         b0:e4:51:18:cf:96:ad:48:5f:30:05:18:06:f8:6a:dd:2c:6b:
         23:18:3b:73:52:77:ef:97:85:d9:83:9d:0c:04:18:c8:1e:18:
         84:ca:7d:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH/uTMjIjbGbj9R1ETeXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOWY2NTI5ZTNjMjZlZDA4Yzk1Zjc0ZmU2M2Q3YjJlZWIy
MWY1NzEwHhcNMjUwMTAxMTM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGFiZTU3ZGI0NmFmMmNkODYwMjIyMTFjZWExYmI0NjRlMzZkODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucLHlk1H/IXeC7PnLOyJxhMhfadP
TTUNmAhXxBFCuP+05XpqYh6sDEO94eawo81413jhO0RVPIyQ2Ubk5PGXsHsxBatX
jpb2Lol8hGDVQTF61LDoTMSd6iALL9ILYQlGDZ1IZvLEB7bnzptJNXrL9tbLUR86
WBf8fGUJNZsBcejI1nYUcXqLtKsx7xtmgDA6JyB5ytjmdX9SBlRB5MzQejxkZvK1
TeC55ACXuKec3aSeuItAvTJHEXXmkNOhE8UnJaY0VqVErt97pOeeFg6HwpSP0gBw
zQP6uw5mucpMYAEST+WcBK+tgR60MH64MzhGNfajbJM1pXIebkwzXOyJbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPCr5X20avLNhgIiEc6hu0ZONthrMB8GA1UdIwQY
MBaAFH2fZSnjwm7QjJX3T+Y9ey7rIfVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlo5bEtlUENidENNbGZkUDVqMTdMdXNoOVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yNjdiNTEtOWFkYi00MDM4LWIyNGMt
OTI2MjQwYWE1ZjA1LzEvOEt2bGZiUnE4czJHQWlJUnpxRzdSazQyMkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yNjdiNTEtOWFkYi00MDM4LWIyNGMtOTI2MjQwYWE1ZjA1
LzEvZlo5bEtlUENidENNbGZkUDVqMTdMdXNoOVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABSrPAwQA
wtVsMA0GCSqGSIb3DQEBCwUAA4IBAQAKBwLoKyOw2y3uno6Y+M4Ibq8pg6Fs62xU
wMQP938EyuHMQVdtjGXeYNVmksmshMz0UJfWIvNUt/iM5qq5vJHtrVdJBZ+vthNJ
GKfDQU0NekFuNZa6ImGjiu6YWY+Tf3HrKZEEW+g8lr70RZkcHpxs6uQ7pl6UrgUr
YvHClBbQE/Xz8dJTedBj6SE0l4UmjR8pRSuQpcrSmH7RF0jvIGWg6j4Ywwmy1RNi
88IfEhsIncQuERwMz+j+PdlcmndftcPzj8LrcaDDpKTjG0iiAYu1bG6Yf9v6RwOw
5FEYz5atSF8wBRgG+GrdLGsjGDtzUnfvl4XZg50MBBjIHhiEyn1E
-----END CERTIFICATE-----