Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/a8IXKpHV3NWa7LICJ758JvcRIvY.roa
File:                     a8IXKpHV3NWa7LICJ758JvcRIvY.roa (raw, json)
Hash identifier:          X2zHQ2bSxMYP23moGooOgAvqdrG84QharuHsT6bVARw=
Subject key identifier:   6B:C2:17:2A:91:D5:DC:D5:9A:EC:B2:02:27:BE:7C:26:F7:11:22:F6
Certificate issuer:       /CN=8d50b3a9a0503905596c77f5802bef9fc73d647d
Certificate serial:       0194258E893E49C44DD175D0DE22B81F4D4B
Authority key identifier: 8D:50:B3:A9:A0:50:39:05:59:6C:77:F5:80:2B:EF:9F:C7:3D:64:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/a8IXKpHV3NWa7LICJ758JvcRIvY.roa
Signing time:             Thu 02 Jan 2025 05:48:05 +0000
ROA not before:           Thu 02 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34412
IP address blocks:        194.5.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:89:3e:49:c4:4d:d1:75:d0:de:22:b8:1f:4d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d50b3a9a0503905596c77f5802bef9fc73d647d
        Validity
            Not Before: Jan  2 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bc2172a91d5dcd59aecb20227be7c26f71122f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ba:a0:9b:24:f5:d5:3b:58:fd:37:6e:65:68:
                    2c:c3:d6:a5:3b:cd:69:a6:a3:5a:c7:f5:1c:a0:75:
                    41:cb:03:f2:29:be:66:27:d7:ad:ba:fd:11:f0:c9:
                    23:d4:03:8b:e0:0b:5e:37:fc:91:a4:34:10:a4:8d:
                    8f:b0:ce:f5:5a:d7:b8:5f:20:22:c2:e0:f3:95:42:
                    13:97:92:c8:41:3a:35:f2:71:00:3c:a9:dd:5e:d7:
                    9b:a6:21:b6:66:f8:b3:9e:f1:38:47:06:09:b2:bb:
                    ee:7c:23:e8:3b:70:65:61:09:b3:b7:2b:de:6a:90:
                    9e:77:cb:d0:e3:9a:1b:c7:5b:b7:ec:6b:e5:23:f7:
                    24:aa:5c:6d:e3:06:03:49:76:51:b7:86:9c:4a:6a:
                    2c:e3:dd:24:0e:91:f8:d2:f5:91:36:3b:fb:59:7b:
                    c9:09:91:3b:d0:33:cc:73:3f:84:f2:ad:6f:46:f1:
                    30:d7:40:7e:6f:70:ed:97:0a:27:61:96:58:4f:12:
                    21:ae:34:6d:96:0f:e9:ed:ec:01:ce:40:4e:03:7d:
                    71:0b:d0:e5:de:9f:ed:a0:f7:c7:b0:3e:d2:45:50:
                    10:a4:67:e6:57:e8:4a:0a:0d:ab:cb:6f:76:f5:04:
                    06:61:12:62:ab:71:f9:9d:f5:72:35:87:2a:24:fb:
                    1d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C2:17:2A:91:D5:DC:D5:9A:EC:B2:02:27:BE:7C:26:F7:11:22:F6
            X509v3 Authority Key Identifier:
                keyid:8D:50:B3:A9:A0:50:39:05:59:6C:77:F5:80:2B:EF:9F:C7:3D:64:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/a8IXKpHV3NWa7LICJ758JvcRIvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:81:9c:c9:1b:74:d1:d0:bf:c7:33:d1:78:a2:6d:59:67:06:
         1b:fd:9f:41:c7:a0:3b:76:fe:cb:b8:d8:87:72:50:02:b6:71:
         1f:a5:14:f1:83:19:08:c7:82:b7:21:6c:71:ae:63:d5:f7:ad:
         e4:3a:e7:21:e3:f2:2a:4d:b5:64:48:7b:2f:0c:0d:dd:3f:5e:
         88:60:0a:e0:9a:1a:28:ee:35:a2:fb:ab:08:a0:10:56:de:0c:
         0e:8e:86:fd:ab:8d:b9:64:ba:93:af:fb:8c:f6:72:f6:86:fd:
         99:6a:df:9a:a8:4b:c5:1b:6b:ab:62:d6:1b:be:cc:59:83:48:
         2f:6a:db:1c:67:0d:dd:28:28:fb:f4:9d:0b:14:69:5e:98:d9:
         03:57:be:61:4f:50:d4:f9:ab:30:63:d5:a8:1f:7d:5f:2c:17:
         40:6b:7f:67:68:52:46:80:3f:8b:86:0e:e3:0a:95:c3:76:71:
         86:68:94:45:3b:7e:b2:c7:f3:dc:e4:d0:dd:e4:84:f1:7f:ed:
         00:b8:f8:79:2f:0d:8d:48:1b:4c:36:f6:a1:79:a0:d2:57:08:
         3e:df:f1:79:f7:83:35:e2:27:21:bb:fe:1d:a7:f0:f3:4d:73:
         ac:fb:61:03:3b:8e:81:ba:f5:38:d3:16:97:ff:71:3d:f4:84:
         fc:d6:14:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljok+ScRN0XXQ3iK4H01LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTBiM2E5YTA1MDM5MDU1OTZjNzdmNTgwMmJlZjlmYzcz
ZDY0N2QwHhcNMjUwMTAyMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmMyMTcyYTkxZDVkY2Q1OWFlY2IyMDIyN2JlN2MyNmY3MTEyMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbqgmyT11TtY/TduZWgsw9alO81p
pqNax/UcoHVBywPyKb5mJ9etuv0R8Mkj1AOL4AteN/yRpDQQpI2PsM71Wte4XyAi
wuDzlUITl5LIQTo18nEAPKndXtebpiG2ZviznvE4RwYJsrvufCPoO3BlYQmztyve
apCed8vQ45obx1u37GvlI/ckqlxt4wYDSXZRt4acSmos490kDpH40vWRNjv7WXvJ
CZE70DPMcz+E8q1vRvEw10B+b3DtlwonYZZYTxIhrjRtlg/p7ewBzkBOA31xC9Dl
3p/toPfHsD7SRVAQpGfmV+hKCg2ry2929QQGYRJiq3H5nfVyNYcqJPsdqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvCFyqR1dzVmuyyAie+fCb3ESL2MB8GA1UdIwQY
MBaAFI1Qs6mgUDkFWWx39YAr75/HPWR9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZDenFhQlFPUVZaYkhmMWdDdnZuOGM5WkgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82OGQxNDMtMTIzNy00OTEyLWE4OTIt
Y2VmMDFkODc3ZWJlLzEvYThJWEtwSFYzTldhN0xJQ0o3NThKdmNSSXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82OGQxNDMtMTIzNy00OTEyLWE4OTItY2VmMDFkODc3ZWJl
LzEvalZDenFhQlFPUVZaYkhmMWdDdnZuOGM5WkgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgUQMA0G
CSqGSIb3DQEBCwUAA4IBAQCDgZzJG3TR0L/HM9F4om1ZZwYb/Z9Bx6A7dv7LuNiH
clACtnEfpRTxgxkIx4K3IWxxrmPV963kOuch4/IqTbVkSHsvDA3dP16IYArgmhoo
7jWi+6sIoBBW3gwOjob9q425ZLqTr/uM9nL2hv2Zat+aqEvFG2urYtYbvsxZg0gv
atscZw3dKCj79J0LFGlemNkDV75hT1DU+aswY9WoH31fLBdAa39naFJGgD+Lhg7j
CpXDdnGGaJRFO36yx/Pc5NDd5ITxf+0AuPh5Lw2NSBtMNvaheaDSVwg+3/F594M1
4ichu/4dp/DzTXOs+2EDO46BuvU40xaX/3E99IT81hQt
-----END CERTIFICATE-----