Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/8RH3qUKE88xn5HbZw6qudmUS57M.roa
File:                     8RH3qUKE88xn5HbZw6qudmUS57M.roa (raw, json)
Hash identifier:          2XUgMZycB/m/voP6J2TdO00CC19oe6XDb8VlW5+rmh4=
Subject key identifier:   F1:11:F7:A9:42:84:F3:CC:67:E4:76:D9:C3:AA:AE:76:65:12:E7:B3
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       019428280228FC082FEB0E86D72E3B386207
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/8RH3qUKE88xn5HbZw6qudmUS57M.roa
Signing time:             Thu 02 Jan 2025 17:54:58 +0000
ROA not before:           Thu 02 Jan 2025 17:54:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6789
IP address blocks:        95.140.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:02:28:fc:08:2f:eb:0e:86:d7:2e:3b:38:62:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  2 17:54:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f111f7a94284f3cc67e476d9c3aaae766512e7b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f2:d0:d8:3e:eb:44:1d:15:63:b9:b8:ac:37:
                    4a:86:8b:53:a3:3e:6e:b4:35:b7:c3:f6:62:23:59:
                    49:48:09:fe:b9:4c:55:c7:4d:7c:38:aa:ea:67:02:
                    81:4d:a7:33:16:df:1c:60:76:55:58:e8:6b:66:74:
                    85:de:e0:b3:d0:b7:91:c4:b2:8f:19:08:ad:0f:ec:
                    c4:da:52:f9:4b:d7:c1:86:d4:b4:e6:1f:77:e0:ec:
                    53:12:59:3d:10:62:75:a8:2d:62:bf:ab:5c:29:26:
                    d8:f2:1c:64:07:21:4a:58:d4:30:dd:a8:35:b8:5f:
                    d7:99:b8:25:2d:5e:48:b8:a6:7e:83:0b:25:8e:12:
                    bd:01:35:84:4c:4b:60:18:8b:dd:a0:30:86:67:e1:
                    d3:87:12:7e:78:5a:ae:bc:13:9a:3e:2e:e5:4e:c1:
                    b3:97:5f:84:8f:c3:16:8d:16:40:08:b4:d2:d7:b1:
                    ca:87:b2:d5:28:21:b6:0d:74:9b:41:c4:fa:2c:14:
                    f7:a1:39:c9:66:f5:82:80:46:a8:b0:cf:1e:51:0b:
                    fd:d0:29:86:53:dc:09:8c:c9:c9:d0:33:db:bc:ac:
                    b9:16:79:7d:68:45:bc:87:93:d3:eb:d6:6f:c3:1f:
                    37:35:2b:d5:cf:6e:da:a7:ab:cf:ee:63:f1:88:53:
                    7b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:11:F7:A9:42:84:F3:CC:67:E4:76:D9:C3:AA:AE:76:65:12:E7:B3
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/8RH3qUKE88xn5HbZw6qudmUS57M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:72:b3:1f:cd:58:76:8c:66:0b:02:18:21:10:44:c3:03:29:
         8a:32:cc:6b:57:01:8e:85:27:89:92:c2:a9:33:83:aa:66:be:
         5f:47:2e:cc:c0:33:b0:64:70:a5:2d:72:55:f9:40:3c:a0:f8:
         5e:08:cf:ea:4c:24:3c:4c:b0:e8:92:2c:ae:86:96:cf:22:4d:
         d1:94:e5:33:d0:ae:71:a6:33:59:29:1a:9c:65:53:8a:f6:e3:
         9d:93:42:c4:63:38:68:72:44:5b:99:74:fb:29:71:48:2b:99:
         ed:8d:fc:77:95:e4:d8:9d:8b:22:67:ad:35:74:70:dd:0b:e5:
         6d:87:21:d7:2c:52:b3:31:79:fe:17:4c:fc:10:c5:9a:e4:5e:
         08:42:51:e9:dc:d7:a7:64:54:4d:37:1d:ce:fc:38:4e:0e:8b:
         19:a3:24:40:5a:c3:9b:1e:94:b8:bc:3a:71:83:c9:c0:59:23:
         3b:c7:22:dc:19:d7:8a:73:ac:f8:7c:6d:8f:95:81:b3:62:51:
         54:3f:d1:01:30:40:59:0f:f0:94:1f:65:9b:34:22:cd:17:8c:
         e1:05:8d:17:5f:c3:d4:19:2a:49:3d:8a:16:21:44:cf:51:97:
         6e:9d:2b:91:29:2c:82:2f:95:33:8c:53:1d:0b:5b:38:24:38:
         0f:fd:5d:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKAIo/Agv6w6G1y47OGIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwMTAyMTc1NDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTExZjdhOTQyODRmM2NjNjdlNDc2ZDljM2FhYWU3NjY1MTJlN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfLQ2D7rRB0VY7m4rDdKhotToz5u
tDW3w/ZiI1lJSAn+uUxVx018OKrqZwKBTaczFt8cYHZVWOhrZnSF3uCz0LeRxLKP
GQitD+zE2lL5S9fBhtS05h934OxTElk9EGJ1qC1iv6tcKSbY8hxkByFKWNQw3ag1
uF/XmbglLV5IuKZ+gwsljhK9ATWETEtgGIvdoDCGZ+HThxJ+eFquvBOaPi7lTsGz
l1+Ej8MWjRZACLTS17HKh7LVKCG2DXSbQcT6LBT3oTnJZvWCgEaosM8eUQv90CmG
U9wJjMnJ0DPbvKy5Fnl9aEW8h5PT69Zvwx83NSvVz27ap6vP7mPxiFN7XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPER96lChPPMZ+R22cOqrnZlEuezMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvOFJIM3FVS0U4OHhuNUhiWnc2cXVkbVVTNTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4yXMA0G
CSqGSIb3DQEBCwUAA4IBAQBAcrMfzVh2jGYLAhghEETDAymKMsxrVwGOhSeJksKp
M4OqZr5fRy7MwDOwZHClLXJV+UA8oPheCM/qTCQ8TLDokiyuhpbPIk3RlOUz0K5x
pjNZKRqcZVOK9uOdk0LEYzhockRbmXT7KXFIK5ntjfx3leTYnYsiZ601dHDdC+Vt
hyHXLFKzMXn+F0z8EMWa5F4IQlHp3NenZFRNNx3O/DhODosZoyRAWsObHpS4vDpx
g8nAWSM7xyLcGdeKc6z4fG2PlYGzYlFUP9EBMEBZD/CUH2WbNCLNF4zhBY0XX8PU
GSpJPYoWIUTPUZdunSuRKSyCL5UzjFMdC1s4JDgP/V2x
-----END CERTIFICATE-----