Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/8adR64UTKfQJyv8Hn8Uu3Mto6Ss.roa
File:                     8adR64UTKfQJyv8Hn8Uu3Mto6Ss.roa (raw, json)
Hash identifier:          QwMK3mT98zuHytYWjDXlVT7MVpssQnTqv+nHseA43Vg=
Subject key identifier:   F1:A7:51:EB:85:13:29:F4:09:CA:FF:07:9F:C5:2E:DC:CB:68:E9:2B
Certificate issuer:       /CN=cbffc771f2ed58fc2821ee74cda853fd2e36c428
Certificate serial:       019426D9C8B13E9EBB107848E09CD24A91F5
Authority key identifier: CB:FF:C7:71:F2:ED:58:FC:28:21:EE:74:CD:A8:53:FD:2E:36:C4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y__HcfLtWPwoIe50zahT_S42xCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/8adR64UTKfQJyv8Hn8Uu3Mto6Ss.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25516
IP address blocks:        185.49.16.0/22 maxlen: 24
                          185.49.16.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/y__HcfLtWPwoIe50zahT_S42xCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/y__HcfLtWPwoIe50zahT_S42xCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y__HcfLtWPwoIe50zahT_S42xCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c8:b1:3e:9e:bb:10:78:48:e0:9c:d2:4a:91:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbffc771f2ed58fc2821ee74cda853fd2e36c428
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1a751eb851329f409caff079fc52edccb68e92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:ea:92:7f:23:45:36:d5:80:d8:be:20:0a:54:
                    77:6e:6d:ab:be:a4:01:0d:c0:b1:98:9e:ae:46:a5:
                    7a:43:31:5b:b2:7b:a0:86:6e:69:ff:e1:c1:37:3d:
                    6e:fb:78:73:f0:3e:a3:7d:3d:3f:ee:e1:cc:ec:05:
                    14:10:45:93:19:da:da:1c:12:af:81:9a:96:63:c8:
                    ef:70:80:a7:e5:08:55:3b:7d:0e:de:0c:70:18:63:
                    c0:9b:be:cb:55:50:40:09:42:7d:ce:5f:8f:17:62:
                    c5:51:42:2e:ee:1f:fd:28:01:b4:4d:e2:13:2e:5c:
                    ec:17:7c:eb:ca:53:a6:0b:44:da:1f:48:1e:97:d2:
                    42:07:64:96:87:47:31:35:a2:74:d8:f6:ed:62:8f:
                    8d:e0:81:b8:12:20:ad:47:53:a7:ff:f3:01:8b:18:
                    a3:35:99:13:bf:ba:0c:81:99:46:93:fa:56:6f:68:
                    59:1d:8e:4f:ad:56:20:3b:3e:3d:d6:97:cb:cc:28:
                    c1:40:08:81:85:86:ff:5f:e4:1e:35:70:0e:9d:9e:
                    de:c6:af:b8:4b:c0:78:55:b4:be:a1:e1:fa:88:70:
                    e6:46:c0:c7:23:b3:b4:10:38:65:46:e8:3b:6d:4c:
                    a5:e8:e7:fe:69:29:cc:b1:58:0e:c2:c4:ad:8a:11:
                    97:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A7:51:EB:85:13:29:F4:09:CA:FF:07:9F:C5:2E:DC:CB:68:E9:2B
            X509v3 Authority Key Identifier:
                keyid:CB:FF:C7:71:F2:ED:58:FC:28:21:EE:74:CD:A8:53:FD:2E:36:C4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y__HcfLtWPwoIe50zahT_S42xCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/8adR64UTKfQJyv8Hn8Uu3Mto6Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/e52e14-7aad-43e4-88c4-7a4054551fd4/1/y__HcfLtWPwoIe50zahT_S42xCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:64:b6:10:08:55:3b:2d:3f:e8:d5:35:c3:02:3a:3d:52:d7:
         85:cd:81:7d:09:cc:f2:d4:4b:96:14:3e:95:cd:2e:83:d0:23:
         d5:eb:15:94:38:c4:ea:1c:af:51:f3:7a:0c:72:c7:dc:72:5f:
         00:e9:20:ff:ca:80:e3:95:6a:02:dc:9f:22:cd:a8:cd:ca:3a:
         67:39:88:ef:6a:fb:d5:2a:40:f6:eb:eb:0f:11:b0:b1:fa:ac:
         ea:12:cc:e2:11:94:07:7e:16:33:8c:2a:b1:94:4d:1a:27:36:
         18:ac:56:e9:70:46:85:e2:2d:e0:8b:b4:63:1d:cd:a4:0a:01:
         c8:10:ed:2c:91:52:c7:cc:2b:7a:94:7f:71:19:d4:1e:31:8d:
         9c:4e:3e:6c:e6:f3:52:0b:d3:28:b9:9a:1b:aa:3a:e5:ae:ed:
         3e:ef:2f:07:8f:ba:1f:d6:2c:6d:81:91:65:f0:7e:c4:a7:6e:
         53:36:6c:e0:46:a5:51:b7:07:1a:ed:a8:00:96:3c:fb:8e:8c:
         03:72:05:a0:4a:cd:a1:e7:7b:40:fa:6d:e6:fc:a2:31:3f:e7:
         42:dd:15:d2:8c:9a:08:c5:3e:b2:82:33:73:04:a4:84:8e:62:
         7a:7e:cc:ce:12:f2:9f:d5:bf:c6:aa:ce:1a:f0:46:59:25:e0:
         c5:69:2d:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cixPp67EHhI4JzSSpH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZmZjNzcxZjJlZDU4ZmMyODIxZWU3NGNkYTg1M2ZkMmUz
NmM0MjgwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWE3NTFlYjg1MTMyOWY0MDljYWZmMDc5ZmM1MmVkY2NiNjhlOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+OqSfyNFNtWA2L4gClR3bm2rvqQB
DcCxmJ6uRqV6QzFbsnughm5p/+HBNz1u+3hz8D6jfT0/7uHM7AUUEEWTGdraHBKv
gZqWY8jvcICn5QhVO30O3gxwGGPAm77LVVBACUJ9zl+PF2LFUUIu7h/9KAG0TeIT
LlzsF3zrylOmC0TaH0gel9JCB2SWh0cxNaJ02PbtYo+N4IG4EiCtR1On//MBixij
NZkTv7oMgZlGk/pWb2hZHY5PrVYgOz491pfLzCjBQAiBhYb/X+QeNXAOnZ7exq+4
S8B4VbS+oeH6iHDmRsDHI7O0EDhlRug7bUyl6Of+aSnMsVgOwsStihGXLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGnUeuFEyn0Ccr/B5/FLtzLaOkrMB8GA1UdIwQY
MBaAFMv/x3Hy7Vj8KCHudM2oU/0uNsQoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV9fSGNmTHRXUHdvSWU1MHphaFRfUzQyeENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9lNTJlMTQtN2FhZC00M2U0LTg4YzQt
N2E0MDU0NTUxZmQ0LzEvOGFkUjY0VVRLZlFKeXY4SG44VXUzTXRvNlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9lNTJlMTQtN2FhZC00M2U0LTg4YzQtN2E0MDU0NTUxZmQ0
LzEveV9fSGNmTHRXUHdvSWU1MHphaFRfUzQyeENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTEQMA0G
CSqGSIb3DQEBCwUAA4IBAQCkZLYQCFU7LT/o1TXDAjo9UteFzYF9Cczy1EuWFD6V
zS6D0CPV6xWUOMTqHK9R83oMcsfccl8A6SD/yoDjlWoC3J8izajNyjpnOYjvavvV
KkD26+sPEbCx+qzqEsziEZQHfhYzjCqxlE0aJzYYrFbpcEaF4i3gi7RjHc2kCgHI
EO0skVLHzCt6lH9xGdQeMY2cTj5s5vNSC9MouZobqjrlru0+7y8Hj7of1ixtgZFl
8H7Ep25TNmzgRqVRtwca7agAljz7jowDcgWgSs2h53tA+m3m/KIxP+dC3RXSjJoI
xT6ygjNzBKSEjmJ6fszOEvKf1b/Gqs4a8EZZJeDFaS2N
-----END CERTIFICATE-----