Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/B8TmpTIld46zLBK0-B3daz7YHhY.roa
File:                     B8TmpTIld46zLBK0-B3daz7YHhY.roa (raw, json)
Hash identifier:          cFhKXA0OqtddifzterPyToaMFZ67uadtC/NjCzS5eJ0=
Subject key identifier:   07:C4:E6:A5:32:25:77:8E:B3:2C:12:B4:F8:1D:DD:6B:3E:D8:1E:16
Certificate issuer:       /CN=ce08fe33a5f0ba0b286253505bbfb293220f5816
Certificate serial:       019426D9A7377C028303DDD7BA5DA5C49150
Authority key identifier: CE:08:FE:33:A5:F0:BA:0B:28:62:53:50:5B:BF:B2:93:22:0F:58:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zgj-M6XwugsoYlNQW7-ykyIPWBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/B8TmpTIld46zLBK0-B3daz7YHhY.roa
Signing time:             Thu 02 Jan 2025 11:49:45 +0000
ROA not before:           Thu 02 Jan 2025 11:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28985
IP address blocks:        195.47.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/zgj-M6XwugsoYlNQW7-ykyIPWBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/zgj-M6XwugsoYlNQW7-ykyIPWBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zgj-M6XwugsoYlNQW7-ykyIPWBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a7:37:7c:02:83:03:dd:d7:ba:5d:a5:c4:91:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce08fe33a5f0ba0b286253505bbfb293220f5816
        Validity
            Not Before: Jan  2 11:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07c4e6a53225778eb32c12b4f81ddd6b3ed81e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9d:78:d3:14:46:c7:aa:ac:cb:04:22:7a:18:
                    40:8b:a3:07:0e:bc:a1:8b:43:6d:1e:5b:33:a7:ff:
                    8d:70:c1:3f:3a:e5:17:13:72:37:f0:82:85:34:8a:
                    b4:12:11:2c:6e:f2:68:55:06:ee:d5:d7:0c:6f:d1:
                    ca:06:a2:04:35:1c:d8:d1:f7:af:a3:87:ff:f0:31:
                    5f:96:b9:37:40:19:39:29:f7:c9:a0:18:27:13:57:
                    c2:dd:4d:14:3e:4c:72:1b:00:65:0c:d2:a0:db:57:
                    1d:8b:83:a3:d6:b4:4f:46:03:ba:dc:cc:d7:cb:07:
                    3c:f6:1b:ff:a1:5e:3a:d0:55:6d:17:75:c1:7b:6c:
                    02:cc:6c:0d:4f:a7:de:07:e3:e6:0d:13:a5:c4:6b:
                    fc:5a:35:51:8c:15:30:ff:45:b9:46:48:94:be:7d:
                    3d:19:de:ef:a2:ae:13:c1:bb:8f:af:c5:7e:de:be:
                    bb:0f:ec:45:e8:4c:e9:3b:53:c0:2c:13:0b:36:34:
                    bd:c2:a3:cc:40:ea:9d:19:6e:7d:59:c1:70:5b:e4:
                    fa:f1:72:27:fa:9d:e1:cc:2a:27:b8:76:c7:f1:10:
                    f8:7d:98:cc:68:d5:a1:9f:75:13:d7:3b:83:ff:62:
                    e6:28:d1:77:88:e5:69:58:e4:94:7a:cd:23:b9:1d:
                    cc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C4:E6:A5:32:25:77:8E:B3:2C:12:B4:F8:1D:DD:6B:3E:D8:1E:16
            X509v3 Authority Key Identifier:
                keyid:CE:08:FE:33:A5:F0:BA:0B:28:62:53:50:5B:BF:B2:93:22:0F:58:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zgj-M6XwugsoYlNQW7-ykyIPWBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/B8TmpTIld46zLBK0-B3daz7YHhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2a55cf-ce4a-498d-bcd7-d8cfe591dd9e/1/zgj-M6XwugsoYlNQW7-ykyIPWBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:30:9d:9b:56:f6:ce:18:aa:30:83:c5:58:df:99:aa:28:da:
         02:c0:a4:48:cf:dd:39:b0:de:f6:90:3f:ea:59:bc:d3:b0:5f:
         05:6a:1d:38:88:eb:6a:95:c8:e1:db:a2:eb:b8:f6:b9:35:d0:
         ba:a2:d7:26:4d:e1:cd:31:b0:28:9e:15:3d:de:ec:51:27:e3:
         23:e9:c1:f4:28:ab:c5:54:95:f1:49:c6:67:39:b7:d0:a4:db:
         b1:96:49:4b:a7:ba:e3:f3:77:e5:5c:a6:e4:c9:e3:eb:68:1b:
         6f:7b:e6:4c:37:82:63:02:4e:ff:12:43:67:73:df:5d:53:4e:
         d3:b0:9f:1e:f1:93:1c:52:cf:88:ae:5c:22:41:3e:45:ce:95:
         68:69:f4:26:c6:f3:12:a1:34:a4:d5:38:f1:55:27:d4:69:7f:
         57:c5:4e:f4:73:c8:a5:ab:c8:aa:c1:6c:7b:9a:3e:6b:6b:2d:
         5b:2b:a9:c3:18:5f:66:82:2d:65:fd:08:a2:7d:c2:65:98:d8:
         fb:16:75:f7:44:b5:3a:88:ba:b0:83:9c:58:bb:3e:ce:e8:c9:
         03:69:18:74:06:1c:cf:7e:f7:d2:01:42:03:58:51:04:61:58:
         f5:82:44:d8:b8:13:71:85:80:02:4a:74:4b:a3:1e:8c:6e:ec:
         5d:6c:67:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ac3fAKDA93Xul2lxJFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMDhmZTMzYTVmMGJhMGIyODYyNTM1MDViYmZiMjkzMjIw
ZjU4MTYwHhcNMjUwMTAyMTE0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M0ZTZhNTMyMjU3NzhlYjMyYzEyYjRmODFkZGQ2YjNlZDgxZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1J140xRGx6qsywQiehhAi6MHDryh
i0NtHlszp/+NcME/OuUXE3I38IKFNIq0EhEsbvJoVQbu1dcMb9HKBqIENRzY0fev
o4f/8DFflrk3QBk5KffJoBgnE1fC3U0UPkxyGwBlDNKg21cdi4Oj1rRPRgO63MzX
ywc89hv/oV460FVtF3XBe2wCzGwNT6feB+PmDROlxGv8WjVRjBUw/0W5RkiUvn09
Gd7voq4TwbuPr8V+3r67D+xF6EzpO1PALBMLNjS9wqPMQOqdGW59WcFwW+T68XIn
+p3hzConuHbH8RD4fZjMaNWhn3UT1zuD/2LmKNF3iOVpWOSUes0juR3MuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfE5qUyJXeOsywStPgd3Ws+2B4WMB8GA1UdIwQY
MBaAFM4I/jOl8LoLKGJTUFu/spMiD1gWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemdqLU02WHd1Z3NvWWxOUVc3LXlreUlQV0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8yYTU1Y2YtY2U0YS00OThkLWJjZDct
ZDhjZmU1OTFkZDllLzEvQjhUbXBUSWxkNDZ6TEJLMC1CM2RhejdZSGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8yYTU1Y2YtY2U0YS00OThkLWJjZDctZDhjZmU1OTFkZDll
LzEvemdqLU02WHd1Z3NvWWxOUVc3LXlreUlQV0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/TMA0G
CSqGSIb3DQEBCwUAA4IBAQBkMJ2bVvbOGKowg8VY35mqKNoCwKRIz905sN72kD/q
WbzTsF8Fah04iOtqlcjh26LruPa5NdC6otcmTeHNMbAonhU93uxRJ+Mj6cH0KKvF
VJXxScZnObfQpNuxlklLp7rj83flXKbkyePraBtve+ZMN4JjAk7/EkNnc99dU07T
sJ8e8ZMcUs+IrlwiQT5FzpVoafQmxvMSoTSk1TjxVSfUaX9XxU70c8ilq8iqwWx7
mj5ray1bK6nDGF9mgi1l/QiifcJlmNj7FnX3RLU6iLqwg5xYuz7O6MkDaRh0BhzP
fvfSAUIDWFEEYVj1gkTYuBNxhYACSnRLox6MbuxdbGeX
-----END CERTIFICATE-----