Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8uFh_o4UNIFADMcr13If8ILJa0k.roa
File:                     8uFh_o4UNIFADMcr13If8ILJa0k.roa (raw, json)
Hash identifier:          ByzJNehmlL5Zxr0qsWnlhW5ksz+YrIoL1Wc56UGngXc=
Subject key identifier:   F2:E1:61:FE:8E:14:34:81:40:0C:C7:2B:D7:72:1F:F0:82:C9:6B:49
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220092EEC1CEEA3E75D6D1BE55B4FDC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8uFh_o4UNIFADMcr13If8ILJa0k.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4648
IP address blocks:        89.35.159.0/24 maxlen: 24
                          89.44.207.0/24 maxlen: 24
                          103.212.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:09:2e:ec:1c:ee:a3:e7:5d:6d:1b:e5:5b:4f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2e161fe8e143481400cc72bd7721ff082c96b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:92:f3:d2:c4:ab:bf:6b:2e:c8:16:9b:ec:70:
                    6f:55:96:23:d4:8d:b6:56:0d:5c:ca:7a:46:92:4d:
                    93:0c:cd:6f:d5:40:07:e7:fd:ed:10:cb:d8:af:d6:
                    97:8b:8d:04:8e:35:c2:ab:2f:9d:33:e5:f5:e8:85:
                    ba:e6:0b:a5:06:ca:be:97:a3:ba:0d:e9:95:4d:e0:
                    e5:64:84:21:17:8e:d0:89:1c:25:eb:65:9d:d7:ef:
                    4e:60:2e:98:3c:53:49:80:fe:88:b4:c2:48:4c:a8:
                    10:32:dc:58:92:9a:cd:b6:b5:d8:66:46:d7:2f:3d:
                    75:12:1c:38:17:26:17:aa:5f:ff:6c:ca:f5:93:dc:
                    bc:bc:ad:8e:3d:11:01:d5:2e:4e:b3:ce:71:d8:c1:
                    9e:9e:d6:f9:07:5a:2a:0b:f2:4d:9d:14:23:84:12:
                    56:96:24:8b:f6:e9:bf:db:ea:79:0f:0a:90:ec:03:
                    2d:51:7e:25:d7:29:ad:76:27:3c:0c:f9:5a:74:22:
                    6f:a1:1d:3b:34:e3:a4:db:ef:d1:49:9b:76:b7:03:
                    55:7b:25:85:fe:25:e1:59:08:24:8c:bd:65:5f:2d:
                    78:57:ea:57:ef:13:f8:e6:64:46:c1:24:04:b6:89:
                    cc:34:2e:16:0e:d4:c5:ef:46:68:25:a2:59:c8:f4:
                    25:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E1:61:FE:8E:14:34:81:40:0C:C7:2B:D7:72:1F:F0:82:C9:6B:49
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8uFh_o4UNIFADMcr13If8ILJa0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.159.0/24
                  89.44.207.0/24
                  103.212.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:18:c7:12:69:39:2a:aa:fd:39:e6:f8:78:25:18:7f:b9:48:
         03:e1:a6:5b:3a:72:44:b1:88:5c:e6:fd:e3:b5:2b:c7:c3:7e:
         18:80:ba:42:40:08:0e:c2:eb:37:66:07:ff:c6:d9:ca:97:43:
         de:ce:a5:7f:c7:27:78:ee:2a:f5:6f:18:dd:9f:e2:88:3d:97:
         d0:fb:55:7d:38:9c:8d:7d:44:c7:54:50:ae:05:d8:75:2c:d7:
         a6:45:ee:bb:d3:aa:8b:1f:87:7a:05:32:89:95:be:17:18:7e:
         fb:e0:01:9a:1b:a1:a8:04:e3:f3:59:8f:c2:cd:f0:7a:8d:3a:
         a0:5c:cd:01:14:6d:a4:ec:17:da:ce:e0:b6:4a:1e:11:e9:82:
         6e:f8:52:22:2b:f1:97:3b:8f:e5:ed:77:a0:8f:46:99:07:12:
         92:56:9a:d7:a1:ca:38:71:3e:1c:c3:5e:37:9c:00:da:c1:dc:
         a5:a8:8c:9c:46:40:28:eb:75:39:70:bd:20:7a:d8:70:8e:b5:
         ae:6a:59:30:ef:b5:6c:f2:fd:7a:d8:ac:ab:1e:bb:ef:74:8e:
         cc:dd:6f:a6:d6:9b:e9:19:11:cf:69:15:f9:95:d9:17:cc:9a:
         bd:54:be:92:dc:ef:57:c7:39:ab:de:ca:4f:0c:bc:42:78:48:
         f7:0a:e9:92
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIAku7Bzuo+ddbRvlW0/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmUxNjFmZThlMTQzNDgxNDAwY2M3MmJkNzcyMWZmMDgyYzk2YjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZLz0sSrv2suyBab7HBvVZYj1I22
Vg1cynpGkk2TDM1v1UAH5/3tEMvYr9aXi40EjjXCqy+dM+X16IW65gulBsq+l6O6
DemVTeDlZIQhF47QiRwl62Wd1+9OYC6YPFNJgP6ItMJITKgQMtxYkprNtrXYZkbX
Lz11Ehw4FyYXql//bMr1k9y8vK2OPREB1S5Os85x2MGentb5B1oqC/JNnRQjhBJW
liSL9um/2+p5DwqQ7AMtUX4l1ymtdic8DPladCJvoR07NOOk2+/RSZt2twNVeyWF
/iXhWQgkjL1lXy14V+pX7xP45mRGwSQEtonMNC4WDtTF70ZoJaJZyPQl8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPLhYf6OFDSBQAzHK9dyH/CCyWtJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOHVGaF9vNFVOSUZBRE1jcjEzSWY4SUxKYTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSOfAwQA
WSzPAwQBZ9RQMA0GCSqGSIb3DQEBCwUAA4IBAQAEGMcSaTkqqv055vh4JRh/uUgD
4aZbOnJEsYhc5v3jtSvHw34YgLpCQAgOwus3Zgf/xtnKl0PezqV/xyd47ir1bxjd
n+KIPZfQ+1V9OJyNfUTHVFCuBdh1LNemRe6706qLH4d6BTKJlb4XGH774AGaG6Go
BOPzWY/CzfB6jTqgXM0BFG2k7BfazuC2Sh4R6YJu+FIiK/GXO4/l7Xegj0aZBxKS
VprXoco4cT4cw143nADawdylqIycRkAo63U5cL0gethwjrWualkw77Vs8v162Kyr
HrvvdI7M3W+m1pvpGRHPaRX5ldkXzJq9VL6S3O9Xxzmr3spPDLxCeEj3CumS
-----END CERTIFICATE-----