Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/oT8ZqtyuPG2bCnSuAma5RHBNbQM.roa
File:                     oT8ZqtyuPG2bCnSuAma5RHBNbQM.roa (raw, json)
Hash identifier:          JchFsffJ7J9U8adfMeuKKlBlUfa5a5FcVwQr7lJU+UI=
Subject key identifier:   A1:3F:19:AA:DC:AE:3C:6D:9B:0A:74:AE:02:66:B9:44:70:4D:6D:03
Certificate issuer:       /CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
Certificate serial:       019421B1FA8DD0BBE0EAE6631B78A3654CE6
Authority key identifier: E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/oT8ZqtyuPG2bCnSuAma5RHBNbQM.roa
Signing time:             Wed 01 Jan 2025 11:48:19 +0000
ROA not before:           Wed 01 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204896
IP address blocks:        91.142.112.0/20 maxlen: 20
                          185.143.148.0/22 maxlen: 22
                          2a00:17b0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fa:8d:d0:bb:e0:ea:e6:63:1b:78:a3:65:4c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a13f19aadcae3c6d9b0a74ae0266b944704d6d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b8:c7:d0:c0:0e:3c:e5:0b:0e:51:bd:c7:b7:
                    29:ac:22:83:0a:5f:b7:18:15:fc:1e:e6:c8:5d:c5:
                    c3:dc:7d:42:88:ce:e5:60:37:89:56:9b:05:bd:59:
                    08:6d:56:28:32:7b:0e:99:4d:f9:b6:a2:5c:1d:61:
                    da:78:37:87:9b:22:e6:4c:bf:c8:dc:6c:5d:ce:9e:
                    ed:a2:64:d1:45:3e:d0:32:6c:f4:73:87:c0:73:a4:
                    2e:a6:87:8a:63:ff:0e:6a:95:3f:96:ba:17:72:cf:
                    47:bb:9c:c6:7d:6b:d0:dd:68:e7:4a:73:82:a0:2e:
                    03:90:9a:8f:ae:27:85:71:cd:52:d3:6a:ad:b6:7b:
                    14:73:ea:c8:26:a9:88:be:ba:29:50:60:e0:99:fb:
                    41:c5:ad:be:15:27:ad:8a:c6:62:0a:6c:ec:44:61:
                    49:85:0a:67:3d:99:1f:cc:8d:67:54:f5:6e:5a:e3:
                    0e:3d:ea:fc:94:bf:df:f0:b2:2d:d4:d6:87:f6:51:
                    2c:6f:18:c4:7c:85:98:b8:90:b9:bf:2f:47:35:9d:
                    55:00:12:43:05:40:78:39:de:9e:36:58:23:aa:e2:
                    3e:25:79:94:d9:2d:49:c8:35:ad:bf:99:9e:c7:d4:
                    53:a4:29:c3:02:5d:02:b5:1c:e2:d6:51:ef:ac:c1:
                    4e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:3F:19:AA:DC:AE:3C:6D:9B:0A:74:AE:02:66:B9:44:70:4D:6D:03
            X509v3 Authority Key Identifier:
                keyid:E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/oT8ZqtyuPG2bCnSuAma5RHBNbQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.112.0/20
                  185.143.148.0/22
                IPv6:
                  2a00:17b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:72:dd:0b:86:88:e9:83:f3:74:a1:3f:58:68:4f:03:1f:47:
         f4:20:d2:28:a2:44:e9:ab:33:ea:06:39:10:45:5a:1b:28:2d:
         50:f2:f1:c5:c4:aa:2c:26:07:11:19:6e:e6:ee:82:98:2c:9a:
         27:74:9f:62:a9:c3:07:f0:95:c9:06:47:1f:52:ed:89:7c:7c:
         89:18:a0:95:b7:b7:6a:f3:1b:37:8e:c8:f9:fe:a8:3c:d8:93:
         24:bb:d6:cd:d2:8c:ff:fd:6c:70:77:bc:e0:3d:a9:88:28:5c:
         5a:ba:16:23:ad:21:35:b3:05:16:e0:d4:f3:52:e6:3e:d4:1f:
         9a:a0:f0:9b:89:a4:86:4b:67:26:f6:a6:92:7c:cd:41:7b:69:
         01:24:f4:66:90:c0:ba:28:de:17:f5:3b:af:d5:4d:8a:0c:af:
         46:eb:43:14:9f:f0:4d:82:7e:7d:2f:27:a6:0f:ac:0f:dc:9f:
         7b:ed:c1:3c:db:73:05:e3:61:9e:94:29:49:e2:71:86:58:28:
         71:4f:f3:5d:01:be:c5:cf:37:bd:20:38:40:b0:1f:c9:31:90:
         88:d6:4b:69:66:2b:6a:3f:17:a9:3b:2a:db:ee:f0:ce:e7:bf:
         ca:db:eb:cb:0d:2a:9b:c6:d3:6c:cd:2a:a3:e7:1c:17:9b:b6:
         c7:c3:c2:6e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsfqN0Lvg6uZjG3ijZUzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTMyZThhNmFjNmY2ZWMzNzg2MGVlN2MwN2ViOGRmOTMx
NDc3NzkwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTNmMTlhYWRjYWUzYzZkOWIwYTc0YWUwMjY2Yjk0NDcwNGQ2ZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLjH0MAOPOULDlG9x7cprCKDCl+3
GBX8HubIXcXD3H1CiM7lYDeJVpsFvVkIbVYoMnsOmU35tqJcHWHaeDeHmyLmTL/I
3Gxdzp7tomTRRT7QMmz0c4fAc6QupoeKY/8OapU/lroXcs9Hu5zGfWvQ3WjnSnOC
oC4DkJqPrieFcc1S02qttnsUc+rIJqmIvropUGDgmftBxa2+FSetisZiCmzsRGFJ
hQpnPZkfzI1nVPVuWuMOPer8lL/f8LIt1NaH9lEsbxjEfIWYuJC5vy9HNZ1VABJD
BUB4Od6eNlgjquI+JXmU2S1JyDWtv5mex9RTpCnDAl0CtRzi1lHvrMFOHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKE/Garcrjxtmwp0rgJmuURwTW0DMB8GA1UdIwQY
MBaAFOijLopqxvbsN4YO58B+uN+TFHd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEt
NGZhNTM3ZGJlMmU5LzEvb1Q4WnF0eXVQRzJiQ25TdUFtYTVSSEJOYlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jNGJmZDQtYTBhMS00MzM0LTg2MGEtNGZhNTM3ZGJlMmU5
LzEvNktNdWltckc5dXczaGc3bndINjQzNU1VZDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEW45wAwQC
uY+UMA0EAgACMAcDBQAqABewMA0GCSqGSIb3DQEBCwUAA4IBAQBect0Lhojpg/N0
oT9YaE8DH0f0INIookTpqzPqBjkQRVobKC1Q8vHFxKosJgcRGW7m7oKYLJondJ9i
qcMH8JXJBkcfUu2JfHyJGKCVt7dq8xs3jsj5/qg82JMku9bN0oz//Wxwd7zgPamI
KFxauhYjrSE1swUW4NTzUuY+1B+aoPCbiaSGS2cm9qaSfM1Be2kBJPRmkMC6KN4X
9Tuv1U2KDK9G60MUn/BNgn59LyemD6wP3J977cE823MF42GelClJ4nGGWChxT/Nd
Ab7Fzze9IDhAsB/JMZCI1ktpZitqPxepOyrb7vDO57/K2+vLDSqbxtNszSqj5xwX
m7bHw8Ju
-----END CERTIFICATE-----