Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/iyAReQYZi6annFwTzxnNMi_NX88.roa
File:                     iyAReQYZi6annFwTzxnNMi_NX88.roa (raw, json)
Hash identifier:          RA8Tw9Fc/DRqwFBqIp5rQULzzVh8lGYGH4fnEdfI7zE=
Subject key identifier:   8B:20:11:79:06:19:8B:A6:A7:9C:5C:13:CF:19:CD:32:2F:CD:5F:CF
Certificate issuer:       /CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
Certificate serial:       0194266B506CF502564BDDCEB4EA321B694B
Authority key identifier: 7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/iyAReQYZi6annFwTzxnNMi_NX88.roa
Signing time:             Thu 02 Jan 2025 09:49:14 +0000
ROA not before:           Thu 02 Jan 2025 09:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        86.108.204.0/24 maxlen: 24
                          86.108.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:50:6c:f5:02:56:4b:dd:ce:b4:ea:32:1b:69:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
        Validity
            Not Before: Jan  2 09:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b20117906198ba6a79c5c13cf19cd322fcd5fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fd:46:32:57:b8:51:03:03:e9:ef:0b:13:aa:
                    6c:8e:a7:08:28:04:92:db:f2:fa:86:d7:ca:bf:2f:
                    4f:9e:63:bc:0e:ea:68:0e:96:b3:ef:78:8b:09:3b:
                    c2:5f:c7:75:fe:a0:87:a7:30:95:a1:74:3b:d7:01:
                    7c:25:68:7d:4b:d2:a7:eb:f3:bf:c2:de:98:71:46:
                    e9:77:84:8c:73:6b:f2:96:27:2a:ca:b1:ce:90:b9:
                    2f:a5:40:c6:0e:fc:38:e2:be:15:0a:b4:15:b8:b8:
                    86:4d:35:e1:60:30:16:55:00:4d:7d:db:89:9d:a8:
                    96:84:77:f6:de:7d:4b:20:37:90:b2:fb:4a:53:46:
                    8c:39:18:c8:c3:e2:a5:26:a7:d7:38:5f:f7:c6:5c:
                    44:4d:7b:be:6f:bf:bc:83:96:98:a1:37:62:b4:14:
                    d1:39:74:2d:21:25:b1:e9:68:a9:9f:e1:47:bf:42:
                    79:c7:c0:cc:0a:90:0f:9b:d1:b5:02:70:38:f0:90:
                    f5:94:b2:a5:14:d4:12:05:ee:a8:9e:a9:e0:95:c8:
                    b6:05:bf:f7:d6:ad:d0:f0:7f:05:c4:b5:20:40:1d:
                    3d:de:90:9c:74:e2:ae:ba:43:78:f3:ee:ec:f3:f5:
                    70:22:ee:80:2a:c3:2b:f4:d3:80:14:90:f8:35:0c:
                    07:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:20:11:79:06:19:8B:A6:A7:9C:5C:13:CF:19:CD:32:2F:CD:5F:CF
            X509v3 Authority Key Identifier:
                keyid:7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/iyAReQYZi6annFwTzxnNMi_NX88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.108.204.0/24
                  86.108.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:01:98:1f:3f:e9:76:89:15:75:9a:ab:f5:5c:b2:e9:99:2b:
         12:2b:4a:85:ae:39:7d:73:d1:48:8f:3f:fc:7a:4d:4f:dd:dc:
         a3:03:b6:ac:eb:b5:7b:cf:61:21:ca:8b:9a:07:65:0b:7a:92:
         7a:c4:61:ff:b3:05:76:02:80:4c:2f:2d:6b:b2:40:80:0b:21:
         5d:0c:c5:61:19:35:db:84:98:d2:c8:96:f8:ef:cf:5a:75:75:
         ed:7e:9b:cb:ce:e7:61:77:31:e5:20:f6:97:07:f1:8d:4e:02:
         d3:2f:2c:22:18:45:77:77:68:50:30:68:d4:5a:27:b4:be:85:
         7f:e2:fd:c2:fa:2d:64:3a:8e:4a:5f:56:12:dc:f7:fe:3e:b0:
         5f:a1:ea:1f:8a:84:12:ea:d6:35:44:c6:14:ed:86:1b:e9:46:
         fd:3e:ee:de:f5:d5:d1:37:49:f1:40:b2:eb:35:e5:d3:10:7d:
         cc:a6:61:08:2f:bc:fb:57:8d:58:f8:8b:32:55:12:a9:47:75:
         ca:c6:85:60:82:a9:a2:d4:b1:0a:9d:ff:1d:39:b7:cd:38:30:
         ee:56:ca:cf:02:f1:d2:f4:45:ce:ac:82:78:85:01:8f:50:20:
         9d:4e:a1:cb:b4:d1:74:c9:3d:69:30:32:c5:e6:bf:f2:ae:1c:
         43:97:2a:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma1Bs9QJWS93OtOoyG2lLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzY1YTFkY2Y4MjI1ZTdmMTBiZTIwZGRkZTFlMjE2ZTgw
MGI2N2MwHhcNMjUwMTAyMDk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjIwMTE3OTA2MTk4YmE2YTc5YzVjMTNjZjE5Y2QzMjJmY2Q1ZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsv1GMle4UQMD6e8LE6psjqcIKASS
2/L6htfKvy9PnmO8DupoDpaz73iLCTvCX8d1/qCHpzCVoXQ71wF8JWh9S9Kn6/O/
wt6YcUbpd4SMc2vylicqyrHOkLkvpUDGDvw44r4VCrQVuLiGTTXhYDAWVQBNfduJ
naiWhHf23n1LIDeQsvtKU0aMORjIw+KlJqfXOF/3xlxETXu+b7+8g5aYoTditBTR
OXQtISWx6Wipn+FHv0J5x8DMCpAPm9G1AnA48JD1lLKlFNQSBe6onqnglci2Bb/3
1q3Q8H8FxLUgQB093pCcdOKuukN48+7s8/VwIu6AKsMr9NOAFJD4NQwHNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIsgEXkGGYump5xcE88ZzTIvzV/PMB8GA1UdIwQY
MBaAFH7GWh3PgiXn8QviDd3h4hboALZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQt
N2Q5YjgyMzA1MzdlLzEvaXlBUmVRWVppNmFubkZ3VHp4bk5NaV9OWDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQtN2Q5YjgyMzA1Mzdl
LzEvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmzMAwQA
VmzrMA0GCSqGSIb3DQEBCwUAA4IBAQCiAZgfP+l2iRV1mqv1XLLpmSsSK0qFrjl9
c9FIjz/8ek1P3dyjA7as67V7z2EhyouaB2ULepJ6xGH/swV2AoBMLy1rskCACyFd
DMVhGTXbhJjSyJb4789adXXtfpvLzudhdzHlIPaXB/GNTgLTLywiGEV3d2hQMGjU
Wie0voV/4v3C+i1kOo5KX1YS3Pf+PrBfoeofioQS6tY1RMYU7YYb6Ub9Pu7e9dXR
N0nxQLLrNeXTEH3MpmEIL7z7V41Y+IsyVRKpR3XKxoVggqmi1LEKnf8dObfNODDu
VsrPAvHS9EXOrIJ4hQGPUCCdTqHLtNF0yT1pMDLF5r/yrhxDlypP
-----END CERTIFICATE-----