Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/8erVUpFu_SWhnDZ0_l1Vtu2sHPw.roa
File:                     8erVUpFu_SWhnDZ0_l1Vtu2sHPw.roa (raw, json)
Hash identifier:          9WQMcrHYwxyep2DR6oFwYC8VDui4KgN0q3L7C72HEVI=
Subject key identifier:   F1:EA:D5:52:91:6E:FD:25:A1:9C:36:74:FE:5D:55:B6:ED:AC:1C:FC
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       0194258F1D3E56F4FFB3CE9B9CF1D653194A
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/8erVUpFu_SWhnDZ0_l1Vtu2sHPw.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201632
IP address blocks:        193.140.16.0/21 maxlen: 21
                          193.140.184.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1d:3e:56:f4:ff:b3:ce:9b:9c:f1:d6:53:19:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1ead552916efd25a19c3674fe5d55b6edac1cfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e2:a7:f5:40:57:0d:23:40:fe:cb:47:87:e7:
                    04:66:68:7a:e7:e8:f5:bc:31:2d:cc:6e:c1:91:03:
                    e7:b3:eb:ac:22:ac:d7:03:87:c6:13:e0:ec:72:11:
                    3f:13:d6:d6:a9:2f:78:81:55:4a:59:36:ad:a6:02:
                    81:af:86:60:e2:f9:f3:48:01:8e:e1:f8:23:b2:55:
                    07:67:a2:e7:15:5d:7a:39:3f:4d:a7:3e:bf:4d:18:
                    ca:fa:c9:72:40:e8:b7:2b:e5:80:31:f0:a7:e5:a7:
                    67:89:e3:30:89:1b:6b:78:92:76:47:60:fa:6b:87:
                    30:55:49:29:7c:2f:03:8c:da:d9:44:3d:19:e7:a3:
                    9c:6b:45:65:53:cd:15:60:94:9c:54:77:23:60:62:
                    40:e9:ae:20:3a:d4:9c:3c:e6:95:4f:ff:fb:a5:05:
                    65:0c:c2:4f:f9:8e:35:b5:45:50:b6:b2:1f:49:5a:
                    25:17:0d:4a:d3:7b:19:3c:26:a4:64:ef:25:40:da:
                    e1:0f:23:b6:e1:f6:51:80:81:68:cc:e2:23:73:77:
                    84:cc:92:eb:ff:33:57:7c:b9:86:ab:30:11:2d:36:
                    43:de:32:b7:7f:d5:80:73:c1:88:98:aa:05:8c:11:
                    a3:12:ae:ad:61:cb:5a:59:ab:02:e1:20:75:57:d0:
                    9d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:EA:D5:52:91:6E:FD:25:A1:9C:36:74:FE:5D:55:B6:ED:AC:1C:FC
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/8erVUpFu_SWhnDZ0_l1Vtu2sHPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.140.16.0/21
                  193.140.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:fa:c7:fc:ca:af:b2:3e:83:bd:b6:d3:e0:68:7e:f9:ac:9e:
         72:d0:72:fb:c1:52:9b:b2:0a:c8:65:3f:e0:0d:b5:21:b8:5b:
         4e:db:c2:f3:85:3a:cb:e3:af:76:bb:df:d7:e9:6b:a6:2c:c6:
         73:ae:1d:2e:de:0e:f8:4d:19:ec:58:6c:b7:40:8f:fd:57:62:
         4e:6f:f9:a4:1c:a0:07:e4:77:e9:35:d5:b0:18:7c:a2:72:ca:
         98:63:33:ca:73:61:c2:0f:42:95:02:ba:e9:68:92:12:6d:10:
         30:67:3a:2d:f5:77:27:90:c2:2a:82:57:18:dc:8f:b2:f2:dd:
         4a:9b:01:4f:fc:f9:68:6c:01:c9:8a:5c:2c:be:c5:e4:52:b1:
         e2:16:18:b4:fe:0c:93:34:8d:2f:a3:4d:96:cf:ce:a5:99:cb:
         21:81:ce:3f:76:73:3f:3d:cf:77:db:4f:8d:f7:03:b7:b8:6d:
         21:47:8c:dd:fb:63:b4:e7:f2:37:45:5e:46:95:16:60:99:d5:
         75:96:ac:db:eb:12:d3:7d:15:80:ad:b7:1a:01:e8:03:38:c4:
         56:1f:32:1d:cc:d3:28:fe:09:94:a8:f2:44:0e:c1:fa:b1:67:
         79:95:2a:37:dc:ba:74:a0:7c:0a:a7:81:ce:c0:c7:60:d2:b0:
         20:3c:33:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljx0+VvT/s86bnPHWUxlKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWVhZDU1MjkxNmVmZDI1YTE5YzM2NzRmZTVkNTViNmVkYWMxY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+Kn9UBXDSNA/stHh+cEZmh65+j1
vDEtzG7BkQPns+usIqzXA4fGE+DschE/E9bWqS94gVVKWTatpgKBr4Zg4vnzSAGO
4fgjslUHZ6LnFV16OT9Npz6/TRjK+slyQOi3K+WAMfCn5adnieMwiRtreJJ2R2D6
a4cwVUkpfC8DjNrZRD0Z56Oca0VlU80VYJScVHcjYGJA6a4gOtScPOaVT//7pQVl
DMJP+Y41tUVQtrIfSVolFw1K03sZPCakZO8lQNrhDyO24fZRgIFozOIjc3eEzJLr
/zNXfLmGqzARLTZD3jK3f9WAc8GImKoFjBGjEq6tYctaWasC4SB1V9CdJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPHq1VKRbv0loZw2dP5dVbbtrBz8MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvOGVyVlVwRnVfU1dobkRaMF9sMVZ0dTJzSFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDwYwQAwQD
wYy4MA0GCSqGSIb3DQEBCwUAA4IBAQBi+sf8yq+yPoO9ttPgaH75rJ5y0HL7wVKb
sgrIZT/gDbUhuFtO28LzhTrL4692u9/X6WumLMZzrh0u3g74TRnsWGy3QI/9V2JO
b/mkHKAH5HfpNdWwGHyicsqYYzPKc2HCD0KVArrpaJISbRAwZzot9XcnkMIqglcY
3I+y8t1KmwFP/PlobAHJilwsvsXkUrHiFhi0/gyTNI0vo02Wz86lmcshgc4/dnM/
Pc9320+N9wO3uG0hR4zd+2O05/I3RV5GlRZgmdV1lqzb6xLTfRWArbcaAegDOMRW
HzIdzNMo/gmUqPJEDsH6sWd5lSo33Lp0oHwKp4HOwMdg0rAgPDPq
-----END CERTIFICATE-----