Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/8g7txje9SoqKQ2otzBwN4bLks6E.roa
File:                     8g7txje9SoqKQ2otzBwN4bLks6E.roa (raw, json)
Hash identifier:          jScybjiDRqy1KfNxgfGU+W1leoiKzswBB30SIf7izkk=
Subject key identifier:   F2:0E:ED:C6:37:BD:4A:8A:8A:43:6A:2D:CC:1C:0D:E1:B2:E4:B3:A1
Certificate issuer:       /CN=52e02224ffb971172e4935ed7dd965d1155089b6
Certificate serial:       0194222042434005D8A0AA769E0CB72ECD71
Authority key identifier: 52:E0:22:24:FF:B9:71:17:2E:49:35:ED:7D:D9:65:D1:15:50:89:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UuAiJP-5cRcuSTXtfdll0RVQibY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/8g7txje9SoqKQ2otzBwN4bLks6E.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8791
IP address blocks:        185.121.16.0/22 maxlen: 22
                          185.121.16.0/24 maxlen: 24
                          185.121.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/UuAiJP-5cRcuSTXtfdll0RVQibY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/UuAiJP-5cRcuSTXtfdll0RVQibY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UuAiJP-5cRcuSTXtfdll0RVQibY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:42:43:40:05:d8:a0:aa:76:9e:0c:b7:2e:cd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52e02224ffb971172e4935ed7dd965d1155089b6
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f20eedc637bd4a8a8a436a2dcc1c0de1b2e4b3a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fc:9a:dd:c3:06:aa:dd:2e:a5:a6:d5:76:a6:
                    75:4d:27:88:86:00:e5:24:5f:e9:a2:44:e3:28:d6:
                    88:04:85:68:d3:54:c1:f5:70:07:3a:d5:4b:83:8e:
                    5c:91:16:1a:ab:7d:ac:3a:a6:8d:db:a1:23:cb:15:
                    45:d0:e1:29:c4:75:4c:c4:26:fe:92:da:9e:0c:43:
                    b5:66:e3:97:84:16:08:06:e2:c3:28:b7:4f:86:70:
                    9f:d2:17:3c:69:b6:29:73:23:8c:2b:8f:3b:bc:f1:
                    f9:42:6f:67:17:5c:4c:c4:bd:0d:cf:e4:77:f3:dc:
                    63:f9:7a:74:5b:1e:be:98:1b:26:d1:6a:f8:30:7c:
                    1a:a5:0f:c6:8b:71:20:1a:4e:4d:6a:fd:9b:df:d1:
                    c9:27:30:74:1e:06:34:fe:c3:b2:54:d9:55:31:b6:
                    3c:04:7a:5a:85:3b:33:16:4e:eb:ca:5c:60:f6:f2:
                    31:ef:c9:1f:c7:97:91:35:a7:54:a2:75:a3:e6:9b:
                    3a:18:7a:25:8e:67:c9:46:c7:d2:af:59:c5:fd:4b:
                    1d:3e:a5:05:3f:6b:e7:b7:f2:9c:44:bd:48:e0:76:
                    a8:ba:45:ce:6a:ff:1c:dd:7a:a9:73:6e:f9:15:1b:
                    b3:f5:9a:09:b7:c8:b2:a3:e8:82:07:89:1b:13:c7:
                    29:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:0E:ED:C6:37:BD:4A:8A:8A:43:6A:2D:CC:1C:0D:E1:B2:E4:B3:A1
            X509v3 Authority Key Identifier:
                keyid:52:E0:22:24:FF:B9:71:17:2E:49:35:ED:7D:D9:65:D1:15:50:89:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UuAiJP-5cRcuSTXtfdll0RVQibY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/8g7txje9SoqKQ2otzBwN4bLks6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/311bc5-3f36-4d5e-abde-b8da89406bed/1/UuAiJP-5cRcuSTXtfdll0RVQibY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:d4:44:de:8a:57:7e:b1:4d:bd:2a:ac:f2:78:e1:20:b4:4b:
         24:c5:3f:90:da:f1:7c:0f:ab:cb:d6:dd:a2:d3:21:53:3c:f1:
         6b:f0:09:4f:43:1d:58:c8:74:1e:68:1a:ed:5a:5b:51:34:3a:
         00:71:86:c1:f0:64:e9:7d:a9:bc:ab:e2:a8:23:10:28:26:db:
         2e:24:2c:3e:64:c2:f0:78:d0:cd:f1:2e:a9:9c:2a:2a:9e:c1:
         40:9f:c1:47:4c:62:61:b0:1e:17:83:6a:d7:19:41:bb:bb:cb:
         30:13:75:ab:9e:39:07:86:62:ae:dd:62:40:74:b2:6e:84:06:
         59:41:63:a4:78:6e:fa:a5:e6:77:c3:5c:0e:90:3b:51:fe:a7:
         46:5c:5a:70:72:fb:7f:30:2c:55:a2:28:0c:70:ac:c6:ba:e0:
         40:d6:1c:04:a4:67:73:4a:c3:f3:f8:b0:ea:fe:0b:e3:88:1f:
         36:06:c9:af:4e:1f:b9:76:ac:70:09:a6:2c:75:f2:8a:db:51:
         27:b9:7b:02:44:4f:e5:1e:41:be:48:af:ec:35:bf:9c:84:c1:
         af:7c:e7:5d:92:22:28:4d:df:b4:e5:c7:6f:93:64:be:2a:68:
         50:88:dc:9d:b8:5b:65:43:ee:80:74:d9:84:65:c2:81:f5:37:
         8b:f9:1c:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEJDQAXYoKp2ngy3Ls1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZTAyMjI0ZmZiOTcxMTcyZTQ5MzVlZDdkZDk2NWQxMTU1
MDg5YjYwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjBlZWRjNjM3YmQ0YThhOGE0MzZhMmRjYzFjMGRlMWIyZTRiM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/ya3cMGqt0upabVdqZ1TSeIhgDl
JF/pokTjKNaIBIVo01TB9XAHOtVLg45ckRYaq32sOqaN26EjyxVF0OEpxHVMxCb+
ktqeDEO1ZuOXhBYIBuLDKLdPhnCf0hc8abYpcyOMK487vPH5Qm9nF1xMxL0Nz+R3
89xj+Xp0Wx6+mBsm0Wr4MHwapQ/Gi3EgGk5Nav2b39HJJzB0HgY0/sOyVNlVMbY8
BHpahTszFk7rylxg9vIx78kfx5eRNadUonWj5ps6GHoljmfJRsfSr1nF/UsdPqUF
P2vnt/KcRL1I4HaoukXOav8c3Xqpc275FRuz9ZoJt8iyo+iCB4kbE8cpqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIO7cY3vUqKikNqLcwcDeGy5LOhMB8GA1UdIwQY
MBaAFFLgIiT/uXEXLkk17X3ZZdEVUIm2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVBaUpQLTVjUmN1U1RYdGZkbGwwUlZRaWJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zMTFiYzUtM2YzNi00ZDVlLWFiZGUt
YjhkYTg5NDA2YmVkLzEvOGc3dHhqZTlTb3FLUTJvdHpCd040YkxrczZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zMTFiYzUtM2YzNi00ZDVlLWFiZGUtYjhkYTg5NDA2YmVk
LzEvVXVBaUpQLTVjUmN1U1RYdGZkbGwwUlZRaWJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBE1ETeild+sU29KqzyeOEgtEskxT+Q2vF8D6vL1t2i
0yFTPPFr8AlPQx1YyHQeaBrtWltRNDoAcYbB8GTpfam8q+KoIxAoJtsuJCw+ZMLw
eNDN8S6pnCoqnsFAn8FHTGJhsB4Xg2rXGUG7u8swE3WrnjkHhmKu3WJAdLJuhAZZ
QWOkeG76peZ3w1wOkDtR/qdGXFpwcvt/MCxVoigMcKzGuuBA1hwEpGdzSsPz+LDq
/gvjiB82BsmvTh+5dqxwCaYsdfKK21EnuXsCRE/lHkG+SK/sNb+chMGvfOddkiIo
Td+05cdvk2S+KmhQiNyduFtlQ+6AdNmEZcKB9TeL+Ryn
-----END CERTIFICATE-----