Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/tXUyhf07-eQaf37r4yK9NmJ5yPE.roa
File:                     tXUyhf07-eQaf37r4yK9NmJ5yPE.roa (raw, json)
Hash identifier:          GWIxTVoGfPA2NfNvC8esjl5GZCoj69LgeTwNbdVaqCA=
Subject key identifier:   B5:75:32:85:FD:3B:F9:E4:1A:7F:7E:EB:E3:22:BD:36:62:79:C8:F1
Certificate issuer:       /CN=8445acd31bccbd345f964ad907ca7783d504026d
Certificate serial:       019423D6A1A43D4349B243F74F5E3C549A5F
Authority key identifier: 84:45:AC:D3:1B:CC:BD:34:5F:96:4A:D9:07:CA:77:83:D5:04:02:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/tXUyhf07-eQaf37r4yK9NmJ5yPE.roa
Signing time:             Wed 01 Jan 2025 21:47:36 +0000
ROA not before:           Wed 01 Jan 2025 21:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59562
IP address blocks:        185.240.204.0/22 maxlen: 22
                          2a0c:8980::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a1:a4:3d:43:49:b2:43:f7:4f:5e:3c:54:9a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8445acd31bccbd345f964ad907ca7783d504026d
        Validity
            Not Before: Jan  1 21:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5753285fd3bf9e41a7f7eebe322bd366279c8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0e:c9:4e:3a:0f:56:29:53:89:45:ff:ae:02:
                    da:50:ef:a8:07:15:5b:d5:80:7e:62:1c:a9:6b:6a:
                    40:6f:1e:76:b9:b7:9a:4b:fb:0d:f7:f2:14:35:9c:
                    8d:50:29:59:fb:96:0f:08:a8:7a:e3:06:89:f1:f6:
                    07:6f:d9:fd:24:3a:03:01:b7:fb:9a:75:13:d5:48:
                    c7:a1:7e:e2:c0:35:4b:64:5a:1f:7e:c5:9c:5e:3d:
                    7b:5f:bc:18:dc:30:af:9e:38:df:d5:b1:c7:1f:5d:
                    6f:54:c1:e1:0b:dc:3f:f9:b1:53:6c:0c:dc:be:be:
                    9e:c6:26:ab:75:28:31:26:ea:22:86:0c:1b:c2:da:
                    cf:c9:e5:54:b8:cd:af:2a:40:88:bb:e5:c9:e3:6f:
                    25:2d:f8:cb:81:00:a8:0a:0b:1a:4a:b0:fb:28:01:
                    30:fb:40:03:87:06:8d:31:56:0e:3d:c8:c8:31:77:
                    d6:dc:45:cf:b4:05:6b:6a:a0:44:46:44:50:a8:c5:
                    9e:06:ee:3b:65:df:f0:6f:ec:b9:10:85:c0:19:ed:
                    b6:b2:9f:be:f4:7b:fa:2d:8c:de:d1:47:7c:ce:a8:
                    66:db:8d:fa:e6:61:cf:6d:87:bc:1d:f6:3a:21:64:
                    f7:ca:d3:d7:45:cb:ea:e5:4f:38:25:99:1c:cb:84:
                    5a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:75:32:85:FD:3B:F9:E4:1A:7F:7E:EB:E3:22:BD:36:62:79:C8:F1
            X509v3 Authority Key Identifier:
                keyid:84:45:AC:D3:1B:CC:BD:34:5F:96:4A:D9:07:CA:77:83:D5:04:02:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/tXUyhf07-eQaf37r4yK9NmJ5yPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.204.0/22
                IPv6:
                  2a0c:8980::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:68:eb:fc:68:96:84:45:3e:c5:19:60:31:b3:f2:41:46:21:
         ea:68:dc:c4:f0:1f:5c:7d:b6:22:82:aa:c6:9d:e1:32:5f:2c:
         96:31:89:b9:fa:7b:c4:55:1d:6f:8d:8e:4a:40:63:6b:6d:d4:
         b3:ef:fa:5b:a3:c1:30:f0:a0:d4:43:ba:cd:4e:07:ce:37:59:
         f0:7c:95:de:f1:de:29:90:ad:56:b8:f6:a4:12:40:3e:8a:c2:
         aa:25:52:02:61:bf:d8:10:ed:a1:94:41:48:f2:c9:36:a0:a3:
         8b:f5:de:af:12:b0:d3:ea:57:20:c9:94:99:88:c8:cf:61:e7:
         58:7c:31:a6:a0:6a:9c:c0:73:55:bc:50:b7:a4:48:16:9b:f7:
         88:34:4f:23:70:97:4e:64:6a:58:32:e4:a8:58:c9:34:e7:89:
         09:3a:6c:a7:4b:fe:1d:8f:de:75:5f:d1:bf:ce:ff:63:55:05:
         dc:c9:8f:3c:98:fa:7b:3b:a9:37:9f:63:99:ce:7d:56:2d:b9:
         d4:d2:78:e0:0f:35:5a:92:ab:93:34:60:49:69:a2:a2:af:8b:
         20:83:31:fd:73:14:98:85:63:6d:dc:14:0b:4d:10:2d:7d:d3:
         90:d9:00:53:1f:78:f7:c2:d8:a8:db:16:ee:77:04:e8:ff:37:
         a7:16:2c:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1qGkPUNJskP3T148VJpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDVhY2QzMWJjY2JkMzQ1Zjk2NGFkOTA3Y2E3NzgzZDUw
NDAyNmQwHhcNMjUwMTAxMjE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc1MzI4NWZkM2JmOWU0MWE3ZjdlZWJlMzIyYmQzNjYyNzljOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg7JTjoPVilTiUX/rgLaUO+oBxVb
1YB+Yhypa2pAbx52ubeaS/sN9/IUNZyNUClZ+5YPCKh64waJ8fYHb9n9JDoDAbf7
mnUT1UjHoX7iwDVLZFoffsWcXj17X7wY3DCvnjjf1bHHH11vVMHhC9w/+bFTbAzc
vr6exiardSgxJuoihgwbwtrPyeVUuM2vKkCIu+XJ428lLfjLgQCoCgsaSrD7KAEw
+0ADhwaNMVYOPcjIMXfW3EXPtAVraqBERkRQqMWeBu47Zd/wb+y5EIXAGe22sp++
9Hv6LYze0Ud8zqhm24365mHPbYe8HfY6IWT3ytPXRcvq5U84JZkcy4Ra5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLV1MoX9O/nkGn9+6+MivTZiecjxMB8GA1UdIwQY
MBaAFIRFrNMbzL00X5ZK2QfKd4PVBAJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVXczB4dk12VFJmbGtyWkI4cDNnOVVFQW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mY2I3YWYtNTZkMC00YzU1LWE3Nzgt
MDczZTNiN2FkODUwLzEvdFhVeWhmMDctZVFhZjM3cjR5SzlObUo1eVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mY2I3YWYtNTZkMC00YzU1LWE3NzgtMDczZTNiN2FkODUw
LzEvaEVXczB4dk12VFJmbGtyWkI4cDNnOVVFQW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufDMMA0E
AgACMAcDBQMqDImAMA0GCSqGSIb3DQEBCwUAA4IBAQAYaOv8aJaERT7FGWAxs/JB
RiHqaNzE8B9cfbYigqrGneEyXyyWMYm5+nvEVR1vjY5KQGNrbdSz7/pbo8Ew8KDU
Q7rNTgfON1nwfJXe8d4pkK1WuPakEkA+isKqJVICYb/YEO2hlEFI8sk2oKOL9d6v
ErDT6lcgyZSZiMjPYedYfDGmoGqcwHNVvFC3pEgWm/eINE8jcJdOZGpYMuSoWMk0
54kJOmynS/4dj951X9G/zv9jVQXcyY88mPp7O6k3n2OZzn1WLbnU0njgDzVakquT
NGBJaaKir4sggzH9cxSYhWNt3BQLTRAtfdOQ2QBTH3j3wtio2xbudwTo/zenFiwA
-----END CERTIFICATE-----