Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/h9epvE3XZbxuQFOC07DHje9oldc.roa
File:                     h9epvE3XZbxuQFOC07DHje9oldc.roa (raw, json)
Hash identifier:          dmaD3wbg4kagfJA96eYctyQPytlbvLwfUnrstuptdyw=
Subject key identifier:   87:D7:A9:BC:4D:D7:65:BC:6E:40:53:82:D3:B0:C7:8D:EF:68:95:D7
Certificate issuer:       /CN=55d5dc9e220112a27c152bc32389038974ae4572
Certificate serial:       01941FFA13352F63222A6DA7579CC96F3A6A
Authority key identifier: 55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/h9epvE3XZbxuQFOC07DHje9oldc.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12586
IP address blocks:        94.100.130.0/24 maxlen: 32
                          2a01:6780:8::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:13:35:2f:63:22:2a:6d:a7:57:9c:c9:6f:3a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55d5dc9e220112a27c152bc32389038974ae4572
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87d7a9bc4dd765bc6e405382d3b0c78def6895d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:da:54:d4:10:5a:4d:d9:7e:45:fc:f6:80:da:
                    46:30:c2:ae:3a:83:fe:96:7d:3a:b9:2d:3e:b6:43:
                    fd:62:ba:05:c2:8b:b4:3d:61:86:31:70:3e:43:78:
                    e9:66:89:83:73:47:87:d1:c0:8f:33:91:1b:46:e9:
                    15:6a:4f:09:2d:db:41:1f:b2:13:5b:f3:f5:37:01:
                    be:a1:0b:26:f6:18:55:44:35:4c:08:ef:b9:51:e6:
                    80:70:a1:b4:d7:02:2a:16:dc:87:e9:36:2d:15:e8:
                    5e:5e:1e:91:e7:cd:04:e3:4d:ec:7c:b9:0b:43:8c:
                    f4:47:e8:81:95:17:7b:b7:22:58:d9:f4:34:9c:38:
                    47:b5:f9:ab:6e:0c:d6:7c:fe:25:55:f0:1b:b6:94:
                    ae:a9:6c:c1:df:f7:fa:e7:e8:c2:71:f4:6c:1c:d1:
                    3a:1c:f8:c5:4c:56:25:7b:aa:0f:7d:a6:4a:28:0e:
                    d5:fa:9f:02:ce:b1:56:00:47:0c:df:05:30:26:4c:
                    1f:0e:10:6d:75:ec:22:b7:83:06:38:10:b9:fa:72:
                    c9:98:87:93:3a:2d:1e:da:af:bf:9d:55:f3:6f:86:
                    2c:3d:c5:9b:c3:25:ac:84:c0:38:75:9c:6b:0d:37:
                    ab:85:d0:98:4d:39:c3:3f:ad:66:af:f9:c9:38:b6:
                    4b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D7:A9:BC:4D:D7:65:BC:6E:40:53:82:D3:B0:C7:8D:EF:68:95:D7
            X509v3 Authority Key Identifier:
                keyid:55:D5:DC:9E:22:01:12:A2:7C:15:2B:C3:23:89:03:89:74:AE:45:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VdXcniIBEqJ8FSvDI4kDiXSuRXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/h9epvE3XZbxuQFOC07DHje9oldc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d8ed41-71f6-4bb7-a3ee-a0bb140a596e/1/VdXcniIBEqJ8FSvDI4kDiXSuRXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.130.0/24
                IPv6:
                  2a01:6780:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:0e:d7:0c:fe:5f:88:b4:1d:4e:fa:5f:1d:61:e3:73:d6:42:
         a8:eb:1f:47:2a:02:87:87:91:a7:4c:bf:84:e6:82:3d:1c:07:
         36:82:5c:fb:12:86:d1:cf:5d:76:3b:d5:80:75:95:12:b5:8b:
         e4:ec:0a:e7:01:d3:18:b2:61:18:e9:97:d7:da:29:b9:de:56:
         4a:2e:eb:4a:2e:e0:fe:29:8c:a5:1c:e5:55:bb:c8:8d:97:4b:
         64:59:57:7c:d3:50:dc:97:36:6e:e7:8a:af:0e:7a:bb:57:a5:
         42:53:3f:b7:fe:3f:a2:95:e3:d8:f2:31:97:f5:45:16:dd:c1:
         74:2e:63:d3:15:4d:91:9b:45:c2:69:5a:51:6f:a0:b6:34:6d:
         5d:dd:49:61:b1:73:82:93:f3:30:b2:9e:e4:9c:b9:51:da:cb:
         13:97:42:25:41:b9:5d:86:8c:88:93:6d:2e:d0:d9:8f:e1:fd:
         7a:22:86:bb:d1:a4:b8:46:4e:87:9e:20:b3:43:a5:fc:8d:5b:
         61:52:70:05:0c:ba:20:65:28:06:d3:be:19:d8:01:fc:17:fa:
         98:94:87:97:5d:53:14:ec:89:a3:84:37:0b:f9:aa:de:1b:5c:
         01:e9:0a:95:13:e9:70:82:7f:75:81:eb:14:7f:bd:bf:91:9a:
         d2:57:6d:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+hM1L2MiKm2nV5zJbzpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZDVkYzllMjIwMTEyYTI3YzE1MmJjMzIzODkwMzg5NzRh
ZTQ1NzIwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q3YTliYzRkZDc2NWJjNmU0MDUzODJkM2IwYzc4ZGVmNjg5NWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytpU1BBaTdl+Rfz2gNpGMMKuOoP+
ln06uS0+tkP9YroFwou0PWGGMXA+Q3jpZomDc0eH0cCPM5EbRukVak8JLdtBH7IT
W/P1NwG+oQsm9hhVRDVMCO+5UeaAcKG01wIqFtyH6TYtFeheXh6R580E403sfLkL
Q4z0R+iBlRd7tyJY2fQ0nDhHtfmrbgzWfP4lVfAbtpSuqWzB3/f65+jCcfRsHNE6
HPjFTFYle6oPfaZKKA7V+p8CzrFWAEcM3wUwJkwfDhBtdewit4MGOBC5+nLJmIeT
Oi0e2q+/nVXzb4YsPcWbwyWshMA4dZxrDTerhdCYTTnDP61mr/nJOLZLMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIfXqbxN12W8bkBTgtOwx43vaJXXMB8GA1UdIwQY
MBaAFFXV3J4iARKifBUrwyOJA4l0rkVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUt
YTBiYjE0MGE1OTZlLzEvaDllcHZFM1haYnh1UUZPQzA3REhqZTlvbGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kOGVkNDEtNzFmNi00YmI3LWEzZWUtYTBiYjE0MGE1OTZl
LzEvVmRYY25pSUJFcUo4RlN2REk0a0RpWFN1UlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXmSCMA8E
AgACMAkDBwAqAWeAAAgwDQYJKoZIhvcNAQELBQADggEBAEkO1wz+X4i0HU76Xx1h
43PWQqjrH0cqAoeHkadMv4Tmgj0cBzaCXPsShtHPXXY71YB1lRK1i+TsCucB0xiy
YRjpl9faKbneVkou60ou4P4pjKUc5VW7yI2XS2RZV3zTUNyXNm7niq8OertXpUJT
P7f+P6KV49jyMZf1RRbdwXQuY9MVTZGbRcJpWlFvoLY0bV3dSWGxc4KT8zCynuSc
uVHayxOXQiVBuV2GjIiTbS7Q2Y/h/XoihrvRpLhGToeeILNDpfyNW2FScAUMuiBl
KAbTvhnYAfwX+piUh5ddUxTsiaOENwv5qt4bXAHpCpUT6XCCf3WB6xR/vb+RmtJX
bec=
-----END CERTIFICATE-----