Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/I8X4-fx8YNfYZj3EvfIsATaUGac.roa
File:                     I8X4-fx8YNfYZj3EvfIsATaUGac.roa (raw, json)
Hash identifier:          c5YWTRrX3QnWTxXe+8t+vVb1UcDfoatadHEMGSgtrjU=
Subject key identifier:   23:C5:F8:F9:FC:7C:60:D7:D8:66:3D:C4:BD:F2:2C:01:36:94:19:A7
Certificate issuer:       /CN=f2262faf4376420024aad72983ac3e87944ea7a5
Certificate serial:       0196CCEA0332A83AD113C3FF1DFA7F0F35C7
Authority key identifier: F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/I8X4-fx8YNfYZj3EvfIsATaUGac.roa
Signing time:             Wed 14 May 2025 03:50:10 +0000
ROA not before:           Wed 14 May 2025 03:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211248
IP address blocks:        185.45.104.0/22 maxlen: 22
                          193.35.44.0/24 maxlen: 24
                          2a04:2a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cc:ea:03:32:a8:3a:d1:13:c3:ff:1d:fa:7f:0f:35:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2262faf4376420024aad72983ac3e87944ea7a5
        Validity
            Not Before: May 14 03:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23c5f8f9fc7c60d7d8663dc4bdf22c01369419a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a5:89:f5:78:03:3a:39:d4:a7:99:1e:b5:b6:
                    19:72:d3:bf:59:23:7c:5f:e4:ab:a2:c1:ab:8d:6c:
                    14:67:63:63:c5:ac:56:07:55:48:cc:9a:4a:8f:0b:
                    f0:8f:f4:ea:1b:5e:c3:74:2c:34:39:a7:50:a4:df:
                    cb:bc:f2:56:88:9d:09:50:78:12:0c:d8:33:68:28:
                    85:ca:02:a7:60:49:0e:a0:66:cf:5a:01:88:6c:4c:
                    54:d2:72:58:4a:72:cc:a5:a9:02:23:84:1a:d1:51:
                    d6:88:d5:cc:f0:bc:5a:38:12:47:3f:e9:ef:53:57:
                    77:c1:7e:23:38:5a:73:a9:34:ec:ec:10:c8:73:6a:
                    10:60:bd:90:21:6a:ba:dd:1a:f3:56:b2:5c:25:0e:
                    ff:59:b9:1f:3b:62:19:fe:86:3e:cf:4f:36:a0:81:
                    28:29:ef:40:2a:33:7d:9a:4c:2d:98:91:8a:21:cf:
                    45:1d:5f:4c:cf:4b:13:5c:a9:05:27:36:0a:59:0d:
                    49:90:42:8d:61:e5:18:3e:e8:50:3e:aa:26:70:95:
                    98:30:0e:b6:d3:53:b5:b8:ef:ea:ee:93:bc:be:0f:
                    b8:ca:3a:95:a4:0f:fa:1d:db:c6:ef:d7:c4:87:97:
                    02:d9:4a:a0:c5:05:f3:5d:51:7c:c8:5f:11:b2:90:
                    5e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C5:F8:F9:FC:7C:60:D7:D8:66:3D:C4:BD:F2:2C:01:36:94:19:A7
            X509v3 Authority Key Identifier:
                keyid:F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/I8X4-fx8YNfYZj3EvfIsATaUGac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.104.0/22
                  193.35.44.0/24
                IPv6:
                  2a04:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:8a:39:4b:13:77:29:11:8f:40:97:ed:be:fd:03:ca:a7:f5:
         54:e7:56:b1:58:dd:60:78:cc:5b:05:ed:14:61:ac:80:1b:52:
         01:37:9f:ae:fd:68:5e:57:aa:c4:de:b5:0d:22:b0:1a:aa:df:
         5f:70:09:d3:28:90:90:00:af:3d:4e:e1:61:bd:03:30:c4:f6:
         23:b7:87:54:1f:28:92:0e:13:3e:02:90:6e:7c:b6:b1:9f:5b:
         85:a3:89:9a:c5:e5:4c:4e:1e:e1:37:eb:be:a1:a2:1b:35:6b:
         af:87:a5:12:e0:50:5f:d3:a4:6f:a6:a0:77:02:2e:13:6f:8c:
         48:eb:4f:d0:1e:e4:94:1c:d7:45:4a:74:25:9a:27:7c:dd:16:
         bf:d0:01:2d:3a:9f:53:3d:c0:98:52:9e:b0:c2:b7:e1:ad:91:
         94:46:fa:4c:cf:4a:7d:52:ef:fc:29:64:2a:98:6a:2a:80:58:
         e2:2d:5d:f8:d1:1b:8d:ce:a7:2c:78:d1:bf:d0:cc:3a:06:17:
         6c:06:5d:15:07:06:59:66:d7:22:72:3c:35:02:ad:f7:a2:28:
         9d:90:b6:2e:7a:da:d9:5e:ab:15:3e:53:2f:c0:b0:8d:00:fd:
         33:72:ad:a1:85:1a:ed:bf:43:05:a3:61:e3:76:35:7b:1a:bf:
         3b:d9:f5:b9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZbM6gMyqDrRE8P/Hfp/DzXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjYyZmFmNDM3NjQyMDAyNGFhZDcyOTgzYWMzZTg3OTQ0
ZWE3YTUwHhcNMjUwNTE0MDM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2M1ZjhmOWZjN2M2MGQ3ZDg2NjNkYzRiZGYyMmMwMTM2OTQxOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56WJ9XgDOjnUp5ketbYZctO/WSN8
X+SrosGrjWwUZ2NjxaxWB1VIzJpKjwvwj/TqG17DdCw0OadQpN/LvPJWiJ0JUHgS
DNgzaCiFygKnYEkOoGbPWgGIbExU0nJYSnLMpakCI4Qa0VHWiNXM8LxaOBJHP+nv
U1d3wX4jOFpzqTTs7BDIc2oQYL2QIWq63RrzVrJcJQ7/WbkfO2IZ/oY+z082oIEo
Ke9AKjN9mkwtmJGKIc9FHV9Mz0sTXKkFJzYKWQ1JkEKNYeUYPuhQPqomcJWYMA62
01O1uO/q7pO8vg+4yjqVpA/6HdvG79fEh5cC2UqgxQXzXVF8yF8RspBewwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCPF+Pn8fGDX2GY9xL3yLAE2lBmnMB8GA1UdIwQY
MBaAFPImL69DdkIAJKrXKYOsPoeUTqelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMt
YmFkYWZjYTM5NDRmLzEvSThYNC1meDhZTmZZWmozRXZmSXNBVGFVR2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMtYmFkYWZjYTM5NDRm
LzEvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuS1oAwQA
wSMsMA0EAgACMAcDBQMqBCpAMA0GCSqGSIb3DQEBCwUAA4IBAQCYijlLE3cpEY9A
l+2+/QPKp/VU51axWN1geMxbBe0UYayAG1IBN5+u/WheV6rE3rUNIrAaqt9fcAnT
KJCQAK89TuFhvQMwxPYjt4dUHyiSDhM+ApBufLaxn1uFo4maxeVMTh7hN+u+oaIb
NWuvh6US4FBf06RvpqB3Ai4Tb4xI60/QHuSUHNdFSnQlmid83Ra/0AEtOp9TPcCY
Up6wwrfhrZGURvpMz0p9Uu/8KWQqmGoqgFjiLV340RuNzqcseNG/0Mw6BhdsBl0V
BwZZZtcicjw1Aq33oiidkLYuetrZXqsVPlMvwLCNAP0zcq2hhRrtv0MFo2HjdjV7
Gr872fW5
-----END CERTIFICATE-----