Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/8hy4LvnnAU5I0e0aQht8iOw2MZc.roa
File:                     8hy4LvnnAU5I0e0aQht8iOw2MZc.roa (raw, json)
Hash identifier:          wUJ1gVqCR+mLJ32VhTFjDY+noupZeETbuzClcHTPtgo=
Subject key identifier:   F2:1C:B8:2E:F9:E7:01:4E:48:D1:ED:1A:42:1B:7C:88:EC:36:31:97
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       01918E2FCCA1164DC4ADDF98F29177B5F914
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/8hy4LvnnAU5I0e0aQht8iOw2MZc.roa
Signing time:             Mon 26 Aug 2024 10:16:22 +0000
ROA not before:           Mon 26 Aug 2024 10:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.178.52.0/24 maxlen: 24
                          193.178.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:2f:cc:a1:16:4d:c4:ad:df:98:f2:91:77:b5:f9:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Aug 26 10:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f21cb82ef9e7014e48d1ed1a421b7c88ec363197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:37:b1:66:f7:92:b9:be:6b:fb:61:6a:59:
                    ea:bb:1a:e3:7d:7f:c4:2b:d4:4a:11:7c:d5:bd:18:
                    c2:aa:d9:80:5e:16:7e:5e:36:87:cd:fe:69:39:3c:
                    c7:80:44:0f:16:21:eb:ec:e5:e0:a5:6f:83:09:ef:
                    36:19:76:76:6d:0a:cf:13:49:4d:9e:47:0c:dc:b2:
                    29:97:8b:ff:6a:20:18:97:31:43:c8:69:1f:a8:53:
                    eb:67:1a:4f:50:da:ec:63:75:c8:3b:47:68:9d:92:
                    9c:4e:f8:e5:d3:87:60:ec:6b:5e:f9:61:46:6a:c6:
                    16:0b:02:81:3a:a4:7a:bf:9b:fb:d4:8f:f1:14:f6:
                    a3:b0:70:09:2a:3f:b5:60:b8:dc:0b:7b:83:66:a7:
                    80:12:28:de:82:5c:95:4a:fb:7a:87:bd:53:8e:41:
                    0e:b9:d5:d8:0f:8f:79:86:da:60:93:6f:c4:db:f5:
                    be:9a:64:c6:95:13:7d:19:27:60:1f:8a:6a:58:ed:
                    4c:a1:21:1c:1c:4d:bf:26:a5:2b:9d:09:66:b6:d2:
                    23:dd:64:f9:f5:22:b0:5d:1b:5f:15:91:aa:48:7a:
                    1f:43:e5:dd:40:f2:bd:80:5c:14:e2:cf:10:91:05:
                    8c:66:10:7a:f9:1f:56:4a:5e:83:15:b0:75:49:57:
                    d2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:1C:B8:2E:F9:E7:01:4E:48:D1:ED:1A:42:1B:7C:88:EC:36:31:97
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/8hy4LvnnAU5I0e0aQht8iOw2MZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.52.0/24
                  193.178.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6d:57:0a:92:00:84:5e:d7:df:ad:ac:0b:81:69:b4:f2:1d:
         b5:f9:ee:5c:bc:27:a2:f9:39:62:6a:ca:ef:f6:fe:fa:72:a0:
         ed:8e:5c:01:f0:f0:70:00:cd:79:97:65:97:1c:06:59:20:c8:
         b2:25:ba:b2:16:c4:cd:22:90:ab:8c:bf:e3:1f:63:d7:04:84:
         1e:53:99:15:fc:42:73:f1:ef:ec:26:7f:5d:79:5a:d3:16:a7:
         31:80:1c:fc:13:e4:96:35:20:3c:67:8b:fd:32:6f:20:41:93:
         f8:d2:fb:64:5e:2d:ff:83:ea:93:a5:a7:79:bc:a2:14:b7:8b:
         f3:a0:d2:24:5d:6c:00:4a:1e:a9:18:38:73:36:40:9a:26:51:
         97:54:02:1a:19:68:81:4a:33:14:5c:22:7c:18:2a:e6:c5:38:
         0f:34:e6:2a:7b:44:c9:3b:c1:01:0b:6d:2a:73:c8:0c:b4:3c:
         28:d6:d4:72:5d:79:86:cb:5b:6c:9e:f6:5b:0b:af:c0:22:1c:
         d5:f9:45:be:3c:7f:6b:15:12:69:b2:39:e4:75:a6:ec:3f:cc:
         49:20:03:f9:63:2f:f2:76:6c:8a:58:43:4e:26:12:9f:ce:0e:
         2f:30:a2:cf:4c:a8:a2:78:ec:94:9d:1d:6e:e9:19:ce:76:db:
         de:df:e1:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGOL8yhFk3Erd+Y8pF3tfkUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjQwODI2MTAxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFjYjgyZWY5ZTcwMTRlNDhkMWVkMWE0MjFiN2M4OGVjMzYzMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlM3sWb3krm+a/thalnquxrjfX/E
K9RKEXzVvRjCqtmAXhZ+XjaHzf5pOTzHgEQPFiHr7OXgpW+DCe82GXZ2bQrPE0lN
nkcM3LIpl4v/aiAYlzFDyGkfqFPrZxpPUNrsY3XIO0donZKcTvjl04dg7Gte+WFG
asYWCwKBOqR6v5v71I/xFPajsHAJKj+1YLjcC3uDZqeAEijeglyVSvt6h71TjkEO
udXYD495htpgk2/E2/W+mmTGlRN9GSdgH4pqWO1MoSEcHE2/JqUrnQlmttIj3WT5
9SKwXRtfFZGqSHofQ+XdQPK9gFwU4s8QkQWMZhB6+R9WSl6DFbB1SVfS8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPIcuC755wFOSNHtGkIbfIjsNjGXMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvOGh5NEx2bm5BVTVJMGUwYVFodDhpT3cyTVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbI0AwQA
wbJzMA0GCSqGSIb3DQEBCwUAA4IBAQBIbVcKkgCEXtffrawLgWm08h21+e5cvCei
+Tliasrv9v76cqDtjlwB8PBwAM15l2WXHAZZIMiyJbqyFsTNIpCrjL/jH2PXBIQe
U5kV/EJz8e/sJn9deVrTFqcxgBz8E+SWNSA8Z4v9Mm8gQZP40vtkXi3/g+qTpad5
vKIUt4vzoNIkXWwASh6pGDhzNkCaJlGXVAIaGWiBSjMUXCJ8GCrmxTgPNOYqe0TJ
O8EBC20qc8gMtDwo1tRyXXmGy1tsnvZbC6/AIhzV+UW+PH9rFRJpsjnkdabsP8xJ
IAP5Yy/ydmyKWENOJhKfzg4vMKLPTKiieOyUnR1u6RnOdtve3+Gg
-----END CERTIFICATE-----