Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/sNOmKVH7tMrDuL3fMAOHhGsunRA.roa
File:                     sNOmKVH7tMrDuL3fMAOHhGsunRA.roa (raw, json)
Hash identifier:          DxnOn55k4qyNQUwxXY/rkLpkBwXf2PX1LCxEafVyHiE=
Subject key identifier:   B0:D3:A6:29:51:FB:B4:CA:C3:B8:BD:DF:30:03:87:84:6B:2E:9D:10
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72EDFA15381DEF263B88D73826A34
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/sNOmKVH7tMrDuL3fMAOHhGsunRA.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214927
IP address blocks:        82.115.223.0/24 maxlen: 24
                          185.106.92.0/24 maxlen: 24
                          193.124.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2e:df:a1:53:81:de:f2:63:b8:8d:73:82:6a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0d3a62951fbb4cac3b8bddf300387846b2e9d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:12:cb:0c:2b:44:c3:e3:34:6c:4d:43:2a:25:
                    de:dc:19:c6:6d:e8:e6:bf:74:10:ea:0e:32:ca:47:
                    be:94:f6:0f:43:f4:a2:d1:2d:e3:6f:1a:7c:79:24:
                    e0:4a:0e:80:62:9f:a9:d0:dc:1f:96:c5:3d:62:2d:
                    ca:53:d0:72:f0:fd:05:e3:a8:d2:ab:c5:c2:fc:17:
                    7a:d8:60:7f:d2:e9:82:39:60:7f:76:1f:c1:35:28:
                    c6:9c:58:d1:b1:2c:f1:05:7c:b8:11:ab:52:3c:20:
                    d0:13:17:e8:bc:01:9d:40:9e:f9:ea:b4:f1:19:3f:
                    1e:b4:8d:cb:ac:3c:d4:a1:4d:46:9a:ac:80:17:02:
                    8a:aa:6a:10:5e:db:ce:36:6f:6c:cf:f2:eb:4a:1e:
                    d3:24:2d:12:1a:7f:5a:4f:3e:57:11:c9:f6:3f:86:
                    35:0c:3c:7c:f1:93:3d:63:7b:00:94:fc:01:99:9a:
                    08:61:f4:c0:03:27:ea:2c:56:4b:f8:d8:91:bd:ad:
                    e2:81:ce:df:f7:a1:c7:70:c9:05:88:7e:4b:d0:b8:
                    33:2d:4d:e9:89:a7:8e:09:d1:27:7b:a5:bb:33:fb:
                    bc:75:b5:b6:18:48:8e:2b:b7:fe:da:93:a1:68:e2:
                    a5:a2:c7:a9:41:c2:9a:04:30:6e:57:41:f7:40:b6:
                    1f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D3:A6:29:51:FB:B4:CA:C3:B8:BD:DF:30:03:87:84:6B:2E:9D:10
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/sNOmKVH7tMrDuL3fMAOHhGsunRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.223.0/24
                  185.106.92.0/24
                  193.124.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:99:c5:87:ea:05:86:2e:c3:45:f6:68:76:03:0f:60:6d:02:
         41:5b:54:3f:d0:16:0d:4c:82:a3:1b:5f:b2:3f:bd:f2:85:65:
         c4:51:50:76:fd:d3:55:3b:a6:a9:19:7b:bb:f8:1e:31:b8:10:
         14:d2:2f:5e:15:32:ec:da:27:b2:30:aa:93:ca:84:6f:40:fc:
         c0:cb:ce:6d:16:73:ed:b5:4c:2d:4b:21:de:4f:e0:e7:69:d9:
         5a:25:57:68:31:50:d4:ec:1c:8d:27:f5:d8:18:c9:97:51:66:
         ad:7c:1c:d5:fd:0f:d0:c2:ee:19:2e:1c:2d:db:dc:bc:06:d6:
         f0:ad:67:b9:87:33:37:5f:a7:fa:23:21:28:53:31:08:db:be:
         89:6f:fd:0c:2a:37:55:7a:44:43:84:41:5f:6f:34:e3:68:1a:
         02:2b:0c:9d:4d:4c:e6:06:f5:2b:a5:dc:b0:cf:d6:5d:57:c7:
         63:02:9b:31:b5:90:cf:29:d5:c3:01:3a:2b:2f:df:3e:c7:8d:
         a0:cf:a8:8b:62:57:f3:05:d6:ee:60:e8:fa:c8:bb:7e:c8:f2:
         17:54:41:87:c6:90:df:28:02:a7:1d:d8:27:05:43:44:11:8d:
         bc:25:d8:da:28:9a:4d:ff:68:87:b1:0b:1d:0f:b1:33:ee:15:
         cd:46:45:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQj1y7foVOB3vJjuI1zgmo0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGQzYTYyOTUxZmJiNGNhYzNiOGJkZGYzMDAzODc4NDZiMmU5ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRLLDCtEw+M0bE1DKiXe3BnGbejm
v3QQ6g4yyke+lPYPQ/Si0S3jbxp8eSTgSg6AYp+p0NwflsU9Yi3KU9By8P0F46jS
q8XC/Bd62GB/0umCOWB/dh/BNSjGnFjRsSzxBXy4EatSPCDQExfovAGdQJ756rTx
GT8etI3LrDzUoU1GmqyAFwKKqmoQXtvONm9sz/LrSh7TJC0SGn9aTz5XEcn2P4Y1
DDx88ZM9Y3sAlPwBmZoIYfTAAyfqLFZL+NiRva3igc7f96HHcMkFiH5L0LgzLU3p
iaeOCdEne6W7M/u8dbW2GEiOK7f+2pOhaOKlosepQcKaBDBuV0H3QLYfwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLDTpilR+7TKw7i93zADh4RrLp0QMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvc05PbUtWSDd0TXJEdUwzZk1BT0hoR3N1blJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUnPfAwQA
uWpcAwQAwXy5MA0GCSqGSIb3DQEBCwUAA4IBAQBZmcWH6gWGLsNF9mh2Aw9gbQJB
W1Q/0BYNTIKjG1+yP73yhWXEUVB2/dNVO6apGXu7+B4xuBAU0i9eFTLs2ieyMKqT
yoRvQPzAy85tFnPttUwtSyHeT+DnadlaJVdoMVDU7ByNJ/XYGMmXUWatfBzV/Q/Q
wu4ZLhwt29y8BtbwrWe5hzM3X6f6IyEoUzEI276Jb/0MKjdVekRDhEFfbzTjaBoC
KwydTUzmBvUrpdywz9ZdV8djApsxtZDPKdXDATorL98+x42gz6iLYlfzBdbuYOj6
yLt+yPIXVEGHxpDfKAKnHdgnBUNEEY28JdjaKJpN/2iHsQsdD7Ez7hXNRkUi
-----END CERTIFICATE-----