Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/En8-GoJ8b8wzWMOZSSvYdOC_d0Q.roa
File:                     En8-GoJ8b8wzWMOZSSvYdOC_d0Q.roa (raw, json)
Hash identifier:          PL43OakReMXHfp4mMkhTD4X7qZfQiScwqWGHnEOSCsQ=
Subject key identifier:   12:7F:3E:1A:82:7C:6F:CC:33:58:C3:99:49:2B:D8:74:E0:BF:77:44
Certificate issuer:       /CN=837ed6602bc27f196a49ee4b306a0fa6dee9d29d
Certificate serial:       0194274839021127BBF6EF790B936476BBE9
Authority key identifier: 83:7E:D6:60:2B:C2:7F:19:6A:49:EE:4B:30:6A:0F:A6:DE:E9:D2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g37WYCvCfxlqSe5LMGoPpt7p0p0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/En8-GoJ8b8wzWMOZSSvYdOC_d0Q.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        149.236.0.0/16 maxlen: 16
                          149.236.0.0/17 maxlen: 17
                          149.236.9.0/24 maxlen: 24
                          149.236.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/g37WYCvCfxlqSe5LMGoPpt7p0p0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/g37WYCvCfxlqSe5LMGoPpt7p0p0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g37WYCvCfxlqSe5LMGoPpt7p0p0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:39:02:11:27:bb:f6:ef:79:0b:93:64:76:bb:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=837ed6602bc27f196a49ee4b306a0fa6dee9d29d
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=127f3e1a827c6fcc3358c399492bd874e0bf7744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:87:02:fe:de:f8:24:c4:0e:83:53:4e:45:49:
                    a1:25:d6:39:71:ca:19:41:8e:19:d3:52:44:9e:49:
                    2b:16:81:d8:47:5a:21:8b:84:eb:fd:f1:af:94:c0:
                    cb:4e:3d:50:cb:4b:26:71:12:9f:cb:7f:88:87:5c:
                    7b:e3:e5:38:76:03:dd:04:7d:55:56:8f:bc:53:33:
                    a9:aa:2a:3e:37:40:6d:94:a0:74:8c:ba:c6:f6:65:
                    6e:af:ee:b6:27:d2:7a:1d:b6:9c:72:da:bf:6a:d1:
                    1b:84:5a:27:60:4e:38:ac:d2:76:41:a4:f7:e6:7d:
                    7b:f5:7e:f1:3c:cf:52:d4:cf:f6:68:76:05:91:1f:
                    47:a8:2b:b8:46:78:e1:69:e6:06:be:d6:8f:81:dc:
                    4c:6c:a4:58:a8:8e:6f:42:6b:3b:a1:10:9a:cf:e3:
                    38:15:71:02:87:a7:d8:69:c3:af:ad:28:e8:0b:4a:
                    71:f1:95:53:ed:40:37:30:bb:b9:4b:93:43:cc:b7:
                    1e:3b:cf:a2:78:2e:3c:39:46:b3:2c:5a:0d:d2:3b:
                    22:1f:ea:17:e8:f7:7a:bd:70:61:a4:b8:9c:75:9e:
                    bf:77:d9:4d:07:81:a6:46:89:fb:4c:13:8c:1b:44:
                    57:d4:5d:e2:3e:1e:39:26:c0:e6:24:b2:02:5e:75:
                    c2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:7F:3E:1A:82:7C:6F:CC:33:58:C3:99:49:2B:D8:74:E0:BF:77:44
            X509v3 Authority Key Identifier:
                keyid:83:7E:D6:60:2B:C2:7F:19:6A:49:EE:4B:30:6A:0F:A6:DE:E9:D2:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g37WYCvCfxlqSe5LMGoPpt7p0p0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/En8-GoJ8b8wzWMOZSSvYdOC_d0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/4cfb8c-20f0-47f1-8b86-28e697c715ca/1/g37WYCvCfxlqSe5LMGoPpt7p0p0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         38:77:e8:03:63:5b:dc:9b:25:1f:b0:6b:45:46:a2:72:36:68:
         6b:0a:a9:e6:90:8d:6b:a3:78:60:91:5f:6a:79:6a:af:08:84:
         4f:34:13:85:35:6e:3b:ad:e7:4f:60:fb:f2:2d:f4:c8:ea:cf:
         55:9e:d0:f0:e7:e1:da:e3:cb:d3:7f:df:47:d0:75:35:44:85:
         04:be:3d:da:6c:73:2d:17:97:c7:e4:8e:0e:b4:ca:38:4c:bc:
         f1:05:a7:24:8b:3b:07:ab:84:a5:85:3d:54:45:47:36:c2:dd:
         7e:e6:7e:bd:90:2e:d1:39:ab:4e:da:fc:17:32:31:13:90:ed:
         52:c2:8b:fa:1d:f0:13:8b:4b:46:27:d1:87:a6:cb:6b:83:c5:
         19:e6:95:d1:39:9f:e4:ad:1d:b1:a1:36:0b:de:d3:4e:96:94:
         1e:af:b3:ab:0c:cb:60:91:50:f2:9d:6f:f2:07:e8:d3:e0:47:
         e5:c7:96:32:86:6a:2a:3a:d2:50:27:99:0b:8e:38:58:7b:c7:
         05:87:c2:1d:e0:b7:ab:31:ad:b7:2d:16:b9:1c:18:72:7d:cd:
         23:0f:6e:ff:98:f2:57:21:c6:a2:bf:b0:6c:38:bc:2a:f8:54:
         cc:3c:6b:e7:74:10:91:96:5d:22:0a:78:c2:fe:a5:ac:bc:ac:
         81:07:a5:9f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQnSDkCESe79u95C5NkdrvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzN2VkNjYwMmJjMjdmMTk2YTQ5ZWU0YjMwNmEwZmE2ZGVl
OWQyOWQwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjdmM2UxYTgyN2M2ZmNjMzM1OGMzOTk0OTJiZDg3NGUwYmY3NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyocC/t74JMQOg1NORUmhJdY5ccoZ
QY4Z01JEnkkrFoHYR1ohi4Tr/fGvlMDLTj1Qy0smcRKfy3+Ih1x74+U4dgPdBH1V
Vo+8UzOpqio+N0BtlKB0jLrG9mVur+62J9J6Hbacctq/atEbhFonYE44rNJ2QaT3
5n179X7xPM9S1M/2aHYFkR9HqCu4RnjhaeYGvtaPgdxMbKRYqI5vQms7oRCaz+M4
FXECh6fYacOvrSjoC0px8ZVT7UA3MLu5S5NDzLceO8+ieC48OUazLFoN0jsiH+oX
6Pd6vXBhpLicdZ6/d9lNB4GmRon7TBOMG0RX1F3iPh45JsDmJLICXnXCrQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBJ/PhqCfG/MM1jDmUkr2HTgv3dEMB8GA1UdIwQY
MBaAFIN+1mArwn8ZaknuSzBqD6be6dKdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzM3V1lDdkNmeGxxU2U1TE1Hb1BwdDdwMHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi80Y2ZiOGMtMjBmMC00N2YxLThiODYt
MjhlNjk3YzcxNWNhLzEvRW44LUdvSjhiOHd6V01PWlNTdllkT0NfZDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi80Y2ZiOGMtMjBmMC00N2YxLThiODYtMjhlNjk3YzcxNWNh
LzEvZzM3V1lDdkNmeGxxU2U1TE1Hb1BwdDdwMHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlewwDQYJ
KoZIhvcNAQELBQADggEBADh36ANjW9ybJR+wa0VGonI2aGsKqeaQjWujeGCRX2p5
aq8IhE80E4U1bjut509g+/It9Mjqz1We0PDn4drjy9N/30fQdTVEhQS+Pdpscy0X
l8fkjg60yjhMvPEFpySLOwerhKWFPVRFRzbC3X7mfr2QLtE5q07a/BcyMROQ7VLC
i/od8BOLS0Yn0Yemy2uDxRnmldE5n+StHbGhNgve006WlB6vs6sMy2CRUPKdb/IH
6NPgR+XHljKGaio60lAnmQuOOFh7xwWHwh3gt6sxrbctFrkcGHJ9zSMPbv+Y8lch
xqK/sGw4vCr4VMw8a+d0EJGWXSIKeML+pay8rIEHpZ8=
-----END CERTIFICATE-----