Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/8ufIDITsiM6oD6O8MQCNfNFjxSc.roa
File:                     8ufIDITsiM6oD6O8MQCNfNFjxSc.roa (raw, json)
Hash identifier:          8hR826cHBgGmwXj/DW4UGY4gM4QS8fSh6KW7UDD9poY=
Subject key identifier:   F2:E7:C8:0C:84:EC:88:CE:A8:0F:A3:BC:31:00:8D:7C:D1:63:C5:27
Certificate issuer:       /CN=749ea3b1e58ba060b41fc2a078f6016264759664
Certificate serial:       01942521950D9EBA07FD4A093B08B9350BBB
Authority key identifier: 74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/8ufIDITsiM6oD6O8MQCNfNFjxSc.roa
Signing time:             Thu 02 Jan 2025 03:49:05 +0000
ROA not before:           Thu 02 Jan 2025 03:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59767
IP address blocks:        185.34.4.0/22 maxlen: 22
                          2a04:5d40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:95:0d:9e:ba:07:fd:4a:09:3b:08:b9:35:0b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749ea3b1e58ba060b41fc2a078f6016264759664
        Validity
            Not Before: Jan  2 03:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2e7c80c84ec88cea80fa3bc31008d7cd163c527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:cc:39:d1:5d:c4:d8:21:a0:12:28:7d:9b:f8:
                    38:c4:37:6c:3a:51:89:4a:8e:c6:9e:f9:09:2b:d2:
                    91:37:7c:57:6a:32:69:f4:5c:1d:8b:08:5e:5d:55:
                    da:78:7c:36:67:b8:47:c0:a6:c5:83:68:00:39:5f:
                    74:1a:13:92:2e:5f:77:7f:b2:13:fc:bc:18:bb:34:
                    e5:28:96:c3:a9:dc:4a:c7:85:75:00:b9:ba:06:ed:
                    28:1b:88:4b:68:13:24:48:01:61:2e:83:a7:13:d8:
                    3a:fb:e9:c4:f2:b7:fa:dc:17:cb:98:c4:e0:88:73:
                    2b:4d:8e:76:89:17:97:fe:11:e5:bb:d0:ff:5a:44:
                    3c:ba:6f:bc:78:ad:73:80:5e:bc:d5:a5:a0:c2:70:
                    e5:4c:b6:f5:d2:15:3e:20:11:6f:1a:a9:6d:42:f9:
                    e4:fa:29:8f:c6:65:f0:87:c8:09:84:06:8a:b7:31:
                    e6:69:fd:0e:4e:ea:bd:ff:7d:1b:ea:57:89:1d:9b:
                    b6:01:6e:dd:4c:69:11:ac:26:74:54:6c:8b:cc:71:
                    70:b3:80:53:a5:77:b0:e5:ae:9a:72:a6:b3:6c:ab:
                    a0:2e:13:8e:3d:53:14:84:67:16:cb:86:9f:71:56:
                    b8:13:db:0e:0b:9d:b3:fe:bc:a4:03:a1:a7:8a:a6:
                    60:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E7:C8:0C:84:EC:88:CE:A8:0F:A3:BC:31:00:8D:7C:D1:63:C5:27
            X509v3 Authority Key Identifier:
                keyid:74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/8ufIDITsiM6oD6O8MQCNfNFjxSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.4.0/22
                IPv6:
                  2a04:5d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:8d:df:b7:19:3c:df:fc:7b:0c:34:e8:4b:db:11:43:9b:fc:
         86:cb:e2:bb:9c:34:99:30:48:8f:79:2b:4a:e6:ef:cc:1d:f0:
         82:c7:f2:5b:d7:40:fc:4f:ce:61:80:2e:87:6b:3c:5d:5b:23:
         9a:2f:d1:4c:f9:ae:d6:a6:c3:92:20:50:ed:89:f7:1e:a2:ec:
         1a:08:c1:e4:7e:3d:6e:de:47:93:3d:49:b7:42:98:cd:78:55:
         4a:24:3e:8b:f5:82:6b:ca:1d:7f:a4:a8:ac:09:18:2d:52:9b:
         77:6b:cd:72:e8:bd:f7:19:1c:ce:ce:56:79:42:81:9a:f8:bf:
         26:2c:40:e3:82:c5:45:f6:b1:bb:ab:7f:9a:c8:8f:ff:9a:ca:
         c6:ac:fd:49:f9:45:3e:b0:e3:39:87:43:1a:35:46:15:80:9f:
         d0:75:7e:e8:97:e4:15:f1:19:df:02:0a:e3:08:f0:17:e6:15:
         b6:62:e3:34:30:e8:5e:71:2d:fd:f9:24:ff:f4:cf:b3:9e:0a:
         81:5c:7a:bb:99:c8:32:3d:b7:9f:3d:d1:84:e7:52:2c:47:d0:
         89:f0:6a:30:87:ac:58:7a:51:a9:fe:56:4d:b8:25:74:27:01:
         5f:a0:33:92:e9:f5:bf:6f:c9:fc:fb:f6:15:cb:15:47:bd:e2:
         b3:71:09:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIZUNnroH/UoJOwi5NQu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OWVhM2IxZTU4YmEwNjBiNDFmYzJhMDc4ZjYwMTYyNjQ3
NTk2NjQwHhcNMjUwMTAyMDM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmU3YzgwYzg0ZWM4OGNlYTgwZmEzYmMzMTAwOGQ3Y2QxNjNjNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38w50V3E2CGgEih9m/g4xDdsOlGJ
So7GnvkJK9KRN3xXajJp9FwdiwheXVXaeHw2Z7hHwKbFg2gAOV90GhOSLl93f7IT
/LwYuzTlKJbDqdxKx4V1ALm6Bu0oG4hLaBMkSAFhLoOnE9g6++nE8rf63BfLmMTg
iHMrTY52iReX/hHlu9D/WkQ8um+8eK1zgF681aWgwnDlTLb10hU+IBFvGqltQvnk
+imPxmXwh8gJhAaKtzHmaf0OTuq9/30b6leJHZu2AW7dTGkRrCZ0VGyLzHFws4BT
pXew5a6acqazbKugLhOOPVMUhGcWy4afcVa4E9sOC52z/rykA6GniqZg8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPLnyAyE7IjOqA+jvDEAjXzRY8UnMB8GA1UdIwQY
MBaAFHSeo7Hli6BgtB/CoHj2AWJkdZZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQt
MmY0MjQyYTEzZDAwLzEvOHVmSURJVHNpTTZvRDZPOE1RQ05mTkZqeFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQtMmY0MjQyYTEzZDAw
LzEvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSIEMA0E
AgACMAcDBQMqBF1AMA0GCSqGSIb3DQEBCwUAA4IBAQCKjd+3GTzf/HsMNOhL2xFD
m/yGy+K7nDSZMEiPeStK5u/MHfCCx/Jb10D8T85hgC6HazxdWyOaL9FM+a7WpsOS
IFDtifceouwaCMHkfj1u3keTPUm3QpjNeFVKJD6L9YJryh1/pKisCRgtUpt3a81y
6L33GRzOzlZ5QoGa+L8mLEDjgsVF9rG7q3+ayI//msrGrP1J+UU+sOM5h0MaNUYV
gJ/QdX7ol+QV8RnfAgrjCPAX5hW2YuM0MOhecS39+ST/9M+zngqBXHq7mcgyPbef
PdGE51IsR9CJ8Gowh6xYelGp/lZNuCV0JwFfoDOS6fW/b8n8+/YVyxVHveKzcQkp
-----END CERTIFICATE-----