Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/8-JB4jMg3_rMGJjuIMVCBLnxwQ8.roa
File:                     8-JB4jMg3_rMGJjuIMVCBLnxwQ8.roa (raw, json)
Hash identifier:          buBER4odhou/4TCkZQ3UeIhbfaoQJUXmTZ3cmJ4K9k8=
Subject key identifier:   F3:E2:41:E2:33:20:DF:FA:CC:18:98:EE:20:C5:42:04:B9:F1:C1:0F
Certificate issuer:       /CN=4d2f9fd5c8a14cdc9f31c4585cd60db57cffb4c2
Certificate serial:       01942747BB4282F3DEDFFB95459B982FC040
Authority key identifier: 4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/8-JB4jMg3_rMGJjuIMVCBLnxwQ8.roa
Signing time:             Thu 02 Jan 2025 13:49:59 +0000
ROA not before:           Thu 02 Jan 2025 13:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        193.17.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 22:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bb:42:82:f3:de:df:fb:95:45:9b:98:2f:c0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d2f9fd5c8a14cdc9f31c4585cd60db57cffb4c2
        Validity
            Not Before: Jan  2 13:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3e241e23320dffacc1898ee20c54204b9f1c10f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e5:d5:6d:1f:67:88:75:19:1b:62:8a:2e:b7:
                    1a:5a:24:5d:3e:99:c5:75:56:86:79:c9:42:71:2f:
                    a4:9c:51:5c:86:e1:a0:f5:f9:51:5b:af:1c:15:8d:
                    46:72:0c:be:bd:29:69:12:32:75:c3:ce:43:65:8e:
                    b7:a6:c5:d9:8d:e4:bb:83:ba:b3:a0:7a:08:4e:80:
                    46:0c:a3:62:eb:51:6e:64:23:06:99:29:ab:75:81:
                    01:4c:df:53:73:7e:73:e1:57:0f:0c:7f:71:d3:1c:
                    94:54:7f:73:ea:cf:cf:c9:5d:5d:e1:de:3e:b4:11:
                    25:a3:de:fc:46:c0:cb:ac:5f:ef:f5:b2:ae:7f:31:
                    f7:9f:12:64:ce:0f:c6:d3:a7:eb:99:c3:ca:69:c0:
                    c3:03:32:52:e2:64:5f:73:4c:22:d4:b1:ec:11:5c:
                    a8:9c:8e:55:8c:03:f9:e7:55:50:ab:92:49:82:6e:
                    a2:33:c6:40:7e:15:2a:b7:09:8b:4d:62:87:e0:f0:
                    17:56:b8:ac:6f:2e:d0:39:60:81:cf:c2:09:f9:68:
                    35:20:4d:17:3d:9d:ff:32:27:75:17:6c:79:8b:08:
                    c4:d5:d8:a0:92:9b:13:c9:77:29:83:a9:9a:5f:ec:
                    2f:e7:58:16:bf:e1:ca:fc:45:ae:b3:99:81:b7:d7:
                    39:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E2:41:E2:33:20:DF:FA:CC:18:98:EE:20:C5:42:04:B9:F1:C1:0F
            X509v3 Authority Key Identifier:
                keyid:4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/8-JB4jMg3_rMGJjuIMVCBLnxwQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:6e:4a:94:d6:6d:86:68:00:da:c8:b9:30:3e:fc:3a:e3:e0:
         0f:c4:73:cb:6a:95:84:93:27:6e:cf:81:eb:a9:d0:34:7f:1e:
         28:86:2b:96:bb:d8:88:c0:38:37:65:ee:f2:f9:a5:ff:07:03:
         a8:67:80:64:c8:db:22:e9:12:ba:e4:6f:92:fa:dc:d5:84:76:
         63:00:23:30:78:19:39:92:49:13:7f:49:88:28:14:03:56:8f:
         e9:7f:2a:c4:ca:e0:c1:40:98:7b:51:0d:64:6e:53:b5:02:06:
         a2:cd:35:4a:ca:85:6a:03:0c:f4:e9:e6:8a:a8:89:88:3c:bd:
         92:bd:a6:96:ac:a1:ed:15:eb:60:9c:94:bf:5b:c6:51:e5:0c:
         54:91:e3:70:61:56:7a:0a:6d:b6:1a:35:64:2b:a1:8c:55:5e:
         90:12:a5:1c:9b:b0:ef:17:0d:df:74:5c:e4:28:3a:76:e9:ad:
         3e:04:e0:7d:5e:5a:56:eb:2a:9b:b4:f5:99:c5:9a:84:44:8a:
         86:06:1e:fd:2b:9d:7a:f3:53:75:15:46:fd:e2:a4:d3:9d:89:
         a7:a8:b8:c8:97:f3:a6:9c:f9:4c:b9:ba:a2:b6:87:66:78:ff:
         eb:f0:ce:c2:48:31:85:f4:f8:20:55:c9:22:92:8c:1b:e0:a4:
         ed:2a:56:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7tCgvPe3/uVRZuYL8BAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMmY5ZmQ1YzhhMTRjZGM5ZjMxYzQ1ODVjZDYwZGI1N2Nm
ZmI0YzIwHhcNMjUwMTAyMTM0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2UyNDFlMjMzMjBkZmZhY2MxODk4ZWUyMGM1NDIwNGI5ZjFjMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreXVbR9niHUZG2KKLrcaWiRdPpnF
dVaGeclCcS+knFFchuGg9flRW68cFY1Gcgy+vSlpEjJ1w85DZY63psXZjeS7g7qz
oHoIToBGDKNi61FuZCMGmSmrdYEBTN9Tc35z4VcPDH9x0xyUVH9z6s/PyV1d4d4+
tBElo978RsDLrF/v9bKufzH3nxJkzg/G06frmcPKacDDAzJS4mRfc0wi1LHsEVyo
nI5VjAP551VQq5JJgm6iM8ZAfhUqtwmLTWKH4PAXVrisby7QOWCBz8IJ+Wg1IE0X
PZ3/Mid1F2x5iwjE1digkpsTyXcpg6maX+wv51gWv+HK/EWus5mBt9c5ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPiQeIzIN/6zBiY7iDFQgS58cEPMB8GA1UdIwQY
MBaAFE0vn9XIoUzcnzHEWFzWDbV8/7TCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFMtZjFjaWhUTnlmTWNSWVhOWU50WHpfdE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kYTRlNDYtMmE5My00NGE0LWI4ZTMt
YzIxMzNkZDgxYjU2LzEvOC1KQjRqTWczX3JNR0pqdUlNVkNCTG54d1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kYTRlNDYtMmE5My00NGE0LWI4ZTMtYzIxMzNkZDgxYjU2
LzEvVFMtZjFjaWhUTnlmTWNSWVhOWU50WHpfdE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHDMA0G
CSqGSIb3DQEBCwUAA4IBAQB9bkqU1m2GaADayLkwPvw64+APxHPLapWEkyduz4Hr
qdA0fx4ohiuWu9iIwDg3Ze7y+aX/BwOoZ4BkyNsi6RK65G+S+tzVhHZjACMweBk5
kkkTf0mIKBQDVo/pfyrEyuDBQJh7UQ1kblO1AgaizTVKyoVqAwz06eaKqImIPL2S
vaaWrKHtFetgnJS/W8ZR5QxUkeNwYVZ6Cm22GjVkK6GMVV6QEqUcm7DvFw3fdFzk
KDp26a0+BOB9XlpW6yqbtPWZxZqERIqGBh79K51681N1FUb94qTTnYmnqLjIl/Om
nPlMubqitodmeP/r8M7CSDGF9PggVckikowb4KTtKlbn
-----END CERTIFICATE-----