Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/xT7aM3kUy4b46Qb4CAkkSam9t5g.roa
File:                     xT7aM3kUy4b46Qb4CAkkSam9t5g.roa (raw, json)
Hash identifier:          Rfd0mKt9HyiAqh5+s2geHZ1SUFHa0fSNkwoTUgmAYpI=
Subject key identifier:   C5:3E:DA:33:79:14:CB:86:F8:E9:06:F8:08:09:24:49:A9:BD:B7:98
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       0194252118D5CEF6182244167706FE35249D
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/xT7aM3kUy4b46Qb4CAkkSam9t5g.roa
Signing time:             Thu 02 Jan 2025 03:48:33 +0000
ROA not before:           Thu 02 Jan 2025 03:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24589
IP address blocks:        193.0.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:18:d5:ce:f6:18:22:44:16:77:06:fe:35:24:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 03:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c53eda337914cb86f8e906f808092449a9bdb798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:29:21:71:db:11:3f:5c:e2:33:07:ce:80:25:
                    e9:af:ec:0b:12:6a:db:bc:2d:f5:82:27:4a:c6:cc:
                    c7:02:bd:22:72:fe:0f:ff:7f:7f:55:b4:32:84:14:
                    c4:16:8e:46:9e:b3:56:73:8d:a5:c3:0c:e5:41:02:
                    48:37:c7:13:80:db:92:e2:c2:c6:b4:e4:92:68:74:
                    8d:2d:5b:cc:17:d6:26:3f:49:46:d2:b8:bc:e7:84:
                    5a:72:03:7b:0a:bd:94:22:fa:19:28:a6:50:55:84:
                    97:82:66:de:a2:ce:61:e1:36:44:f6:d3:59:6e:cb:
                    0c:1f:cd:c9:be:68:f5:30:ab:76:c9:7b:5e:cf:6c:
                    3d:9a:17:ba:0c:89:8f:3b:27:2b:70:91:54:cb:b4:
                    16:10:a7:b9:23:d4:24:8b:0d:28:b3:99:55:97:57:
                    2b:2f:5e:10:87:2e:d9:e9:2d:0f:c5:42:a8:ec:bf:
                    1c:d7:11:80:6c:65:60:e1:fc:bc:51:51:9b:a4:fa:
                    72:34:7e:a6:78:ff:66:05:65:56:29:7a:bd:80:9e:
                    16:24:3c:60:97:c6:e7:dc:d3:cd:d7:46:67:66:94:
                    72:b0:54:16:c5:28:78:af:71:8c:9a:a2:7b:4d:44:
                    c1:d6:75:db:ad:d3:85:54:00:b7:f3:32:bc:85:c5:
                    d6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:3E:DA:33:79:14:CB:86:F8:E9:06:F8:08:09:24:49:A9:BD:B7:98
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/xT7aM3kUy4b46Qb4CAkkSam9t5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:35:56:a8:0f:02:17:97:cd:41:93:1d:40:71:56:29:64:68:
         fa:d8:36:8c:14:9b:85:d7:de:51:5b:bd:47:93:a2:e1:89:df:
         29:87:68:5c:94:5b:f1:7f:78:de:ad:4a:51:92:d7:02:0c:85:
         e1:a0:ab:17:30:92:36:6a:77:18:c9:82:1a:8a:df:b3:fa:6a:
         49:ff:a1:1b:0e:dd:f2:39:22:22:2f:9a:d9:f6:3f:03:85:07:
         0b:2e:6e:97:e6:d3:7a:7c:01:c2:c4:81:aa:fe:03:24:2f:1e:
         8e:a4:e9:85:da:2f:9d:25:b8:a3:ca:9b:64:79:dd:7b:82:e1:
         6c:2e:70:74:49:92:09:43:38:20:ec:bd:9b:6c:0f:4a:79:c8:
         30:a5:aa:32:b0:bf:b9:1e:07:d8:05:bc:3e:85:92:ce:88:cf:
         e7:32:ba:8a:05:03:75:74:8b:a4:b1:39:c3:cb:67:da:c1:e8:
         ba:0d:fe:8a:86:e2:4b:d8:39:75:e2:b8:53:99:e0:ff:14:21:
         39:da:db:96:7a:cd:99:14:93:0e:ee:a3:11:c1:08:c4:8b:46:
         03:8e:f9:bf:6d:11:b8:78:95:97:8b:a1:05:38:d2:04:29:35:
         69:1b:cb:72:f0:e4:68:4c:aa:ed:36:55:6f:d4:8e:b2:1f:96:
         14:b0:99:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIRjVzvYYIkQWdwb+NSSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjUwMTAyMDM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNlZGEzMzc5MTRjYjg2ZjhlOTA2ZjgwODA5MjQ0OWE5YmRiNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvikhcdsRP1ziMwfOgCXpr+wLEmrb
vC31gidKxszHAr0icv4P/39/VbQyhBTEFo5GnrNWc42lwwzlQQJIN8cTgNuS4sLG
tOSSaHSNLVvMF9YmP0lG0ri854RacgN7Cr2UIvoZKKZQVYSXgmbeos5h4TZE9tNZ
bssMH83Jvmj1MKt2yXtez2w9mhe6DImPOycrcJFUy7QWEKe5I9Qkiw0os5lVl1cr
L14Qhy7Z6S0PxUKo7L8c1xGAbGVg4fy8UVGbpPpyNH6meP9mBWVWKXq9gJ4WJDxg
l8bn3NPN10ZnZpRysFQWxSh4r3GMmqJ7TUTB1nXbrdOFVAC38zK8hcXWjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMU+2jN5FMuG+OkG+AgJJEmpvbeYMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEveFQ3YU0za1V5NGI0NlFiNENBa2tTYW05dDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDvMA0G
CSqGSIb3DQEBCwUAA4IBAQAMNVaoDwIXl81Bkx1AcVYpZGj62DaMFJuF195RW71H
k6Lhid8ph2hclFvxf3jerUpRktcCDIXhoKsXMJI2ancYyYIait+z+mpJ/6EbDt3y
OSIiL5rZ9j8DhQcLLm6X5tN6fAHCxIGq/gMkLx6OpOmF2i+dJbijyptked17guFs
LnB0SZIJQzgg7L2bbA9KecgwpaoysL+5HgfYBbw+hZLOiM/nMrqKBQN1dIuksTnD
y2fawei6Df6KhuJL2Dl14rhTmeD/FCE52tuWes2ZFJMO7qMRwQjEi0YDjvm/bRG4
eJWXi6EFONIEKTVpG8ty8ORoTKrtNlVv1I6yH5YUsJkd
-----END CERTIFICATE-----