Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/8Rj91VmErY8nG9AvttlpyE1wLJw.roa
File:                     8Rj91VmErY8nG9AvttlpyE1wLJw.roa (raw, json)
Hash identifier:          M9Ao53zeBk6GPnJYr5ZYdgrGPitX+aJ7EjLXG/7qqNM=
Subject key identifier:   F1:18:FD:D5:59:84:AD:8F:27:1B:D0:2F:B6:D9:69:C8:4D:70:2C:9C
Certificate issuer:       /CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
Certificate serial:       0196C9E46498DD35324D5B10D779E189864F
Authority key identifier: 7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/8Rj91VmErY8nG9AvttlpyE1wLJw.roa
Signing time:             Tue 13 May 2025 13:45:10 +0000
ROA not before:           Tue 13 May 2025 13:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210281
IP address blocks:        195.178.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:e4:64:98:dd:35:32:4d:5b:10:d7:79:e1:89:86:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
        Validity
            Not Before: May 13 13:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f118fdd55984ad8f271bd02fb6d969c84d702c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:da:23:f6:d8:44:c2:e0:30:6b:95:ef:81:4a:
                    fa:1c:1e:97:8c:6c:27:1c:47:80:5e:ba:14:e1:bf:
                    86:f7:e8:73:97:4b:13:06:e1:ed:4d:61:6b:5b:39:
                    3d:9f:19:b4:29:7f:c0:08:b1:3b:b6:35:11:9a:69:
                    e7:2c:c5:7b:2f:30:af:07:7e:1d:e2:80:26:a0:99:
                    cc:64:39:ed:b2:4f:b9:df:95:d0:2e:1a:fe:55:a3:
                    05:0d:f3:98:40:de:07:95:33:4c:d1:04:33:1b:6b:
                    66:4e:c1:d2:d7:83:f4:98:18:ea:cf:c5:b0:fb:95:
                    9f:07:87:9f:ad:c1:62:0d:88:10:5c:c3:8d:85:7f:
                    17:9f:67:58:1d:b9:19:85:58:df:b2:94:4e:03:1c:
                    f9:fb:55:ab:1e:fd:a7:c5:4b:39:52:f4:1c:6d:a1:
                    d0:e6:a4:83:ed:21:7b:b4:e5:33:80:64:ab:ed:4e:
                    c8:d7:65:d5:2b:22:59:77:8a:82:e2:1e:2e:e1:d7:
                    cd:2f:7e:e3:93:e4:bf:86:a5:b4:e4:35:52:a5:1b:
                    f6:cb:ed:b7:2d:c8:ab:57:2e:0a:8c:b3:d1:11:6b:
                    b9:0f:e3:fc:7a:5f:19:a5:8d:1c:99:79:7f:27:e2:
                    4f:69:e5:68:2a:7a:60:9d:c3:0b:29:43:1b:6d:22:
                    ea:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:18:FD:D5:59:84:AD:8F:27:1B:D0:2F:B6:D9:69:C8:4D:70:2C:9C
            X509v3 Authority Key Identifier:
                keyid:7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/8Rj91VmErY8nG9AvttlpyE1wLJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:10:18:46:7a:56:15:75:9d:d8:6d:b9:c6:0b:23:ee:0a:6f:
         fc:bd:58:50:47:7a:28:ab:3d:60:13:02:d9:98:4d:00:d5:36:
         f6:12:78:b1:db:79:5d:d2:e4:9b:23:35:30:ab:90:0a:bc:d9:
         b5:34:67:6e:d7:7a:c0:c2:d3:b8:f5:7a:ad:42:0b:5b:f5:38:
         bf:61:2f:13:23:7d:72:c5:b2:f2:97:90:dd:7c:b2:8a:0c:ed:
         21:e0:6b:21:f8:2a:25:b3:fb:ee:6b:0f:83:a5:ff:45:87:84:
         e8:20:23:14:7f:67:b9:10:87:93:43:ed:80:57:61:4f:32:1c:
         9f:54:75:67:38:42:9c:11:af:3d:eb:1e:c6:14:e5:40:9a:dc:
         07:04:95:69:76:c0:ac:7c:0d:92:e3:5f:24:7d:3f:66:61:89:
         8a:5b:c9:48:1b:2d:10:ea:c9:6f:9c:df:a6:04:42:55:e4:cb:
         d3:ba:cc:7f:cb:e8:8c:a2:42:74:3c:73:a3:30:88:13:09:d9:
         f5:cb:30:9a:eb:5c:5a:7c:70:49:e6:39:b8:64:0d:9f:fb:18:
         fa:f9:67:c7:f0:f4:14:67:90:15:a5:82:24:e9:b6:ca:0d:42:
         c2:41:3e:14:24:b2:39:fb:f6:36:b4:71:60:7b:f8:73:1b:ae:
         53:ca:be:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJ5GSY3TUyTVsQ13nhiYZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjljMmY1NzIzZjI5ZWM1ZTBlNzkzZTczYWI1NWI4YTFj
ODZiYTkwHhcNMjUwNTEzMTM0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTE4ZmRkNTU5ODRhZDhmMjcxYmQwMmZiNmQ5NjljODRkNzAyYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtoj9thEwuAwa5XvgUr6HB6XjGwn
HEeAXroU4b+G9+hzl0sTBuHtTWFrWzk9nxm0KX/ACLE7tjURmmnnLMV7LzCvB34d
4oAmoJnMZDntsk+535XQLhr+VaMFDfOYQN4HlTNM0QQzG2tmTsHS14P0mBjqz8Ww
+5WfB4efrcFiDYgQXMONhX8Xn2dYHbkZhVjfspROAxz5+1WrHv2nxUs5UvQcbaHQ
5qSD7SF7tOUzgGSr7U7I12XVKyJZd4qC4h4u4dfNL37jk+S/hqW05DVSpRv2y+23
LcirVy4KjLPREWu5D+P8el8ZpY0cmXl/J+JPaeVoKnpgncMLKUMbbSLqlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEY/dVZhK2PJxvQL7bZachNcCycMB8GA1UdIwQY
MBaAFHwpwvVyPynsXg55PnOrVbihyGupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUt
ZjE5NTIyM2QwM2IzLzEvOFJqOTFWbUVyWThuRzlBdnR0bHB5RTF3TEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUtZjE5NTIyM2QwM2Iz
LzEvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7JiMA0G
CSqGSIb3DQEBCwUAA4IBAQBdEBhGelYVdZ3YbbnGCyPuCm/8vVhQR3ooqz1gEwLZ
mE0A1Tb2Enix23ld0uSbIzUwq5AKvNm1NGdu13rAwtO49XqtQgtb9Ti/YS8TI31y
xbLyl5DdfLKKDO0h4Gsh+Cols/vuaw+Dpf9Fh4ToICMUf2e5EIeTQ+2AV2FPMhyf
VHVnOEKcEa896x7GFOVAmtwHBJVpdsCsfA2S418kfT9mYYmKW8lIGy0Q6slvnN+m
BEJV5MvTusx/y+iMokJ0PHOjMIgTCdn1yzCa61xafHBJ5jm4ZA2f+xj6+WfH8PQU
Z5AVpYIk6bbKDULCQT4UJLI5+/Y2tHFge/hzG65Tyr7v
-----END CERTIFICATE-----