Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/exm8rc32L_wbT_gd_YdDY8C32r8.roa
File:                     exm8rc32L_wbT_gd_YdDY8C32r8.roa (raw, json)
Hash identifier:          0N4gUB7nt/KMrfDsE58zzQxqihCTZWmo0aE9uU/awsQ=
Subject key identifier:   7B:19:BC:AD:CD:F6:2F:FC:1B:4F:F8:1D:FD:87:43:63:C0:B7:DA:BF
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D3283936D1F425912AEBF8642A8B3
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/exm8rc32L_wbT_gd_YdDY8C32r8.roa
Signing time:             Wed 01 Jan 2025 15:47:46 +0000
ROA not before:           Wed 01 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59530
IP address blocks:        5.8.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:32:83:93:6d:1f:42:59:12:ae:bf:86:42:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b19bcadcdf62ffc1b4ff81dfd874363c0b7dabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:17:ec:25:e0:54:fc:e4:ec:25:e5:b8:3f:8c:
                    f7:a3:3c:7d:2d:27:3c:28:5f:97:ba:16:b1:1c:3c:
                    cd:bd:fe:d0:16:50:99:9f:95:11:8b:ee:aa:d3:79:
                    75:cc:2f:c5:ba:4c:1b:51:8d:49:54:3e:ab:e0:c0:
                    8a:09:28:b8:66:4e:29:b0:e8:66:5d:39:3e:81:f3:
                    fc:1f:72:1c:35:81:85:4c:6f:a1:02:86:d3:1c:87:
                    02:6e:53:52:14:d5:fe:12:25:19:da:d6:81:a2:92:
                    23:d8:65:7a:54:db:d1:b3:27:07:f6:80:d5:4f:58:
                    52:dc:e9:bd:04:e8:2c:41:e4:ed:b0:65:ac:45:9e:
                    3a:19:64:33:86:8d:ae:ff:20:09:44:45:e5:36:34:
                    fc:8c:36:d3:8f:59:42:cb:64:6b:ca:2e:0e:b2:2d:
                    7f:1b:88:ca:47:4d:c7:8e:01:d7:85:4a:34:24:88:
                    e3:3b:c6:b7:85:6f:51:a7:4a:ad:31:29:1a:a2:34:
                    63:1d:63:72:e4:26:a9:96:42:43:ea:36:ef:79:7f:
                    dd:b5:c6:aa:a4:ca:5b:76:d0:63:bf:99:88:7f:00:
                    30:8b:4f:ff:5d:87:2e:37:6e:42:03:46:38:18:17:
                    60:a0:ad:0d:a9:e8:a5:05:79:ad:47:84:ae:f7:3d:
                    9a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:BC:AD:CD:F6:2F:FC:1B:4F:F8:1D:FD:87:43:63:C0:B7:DA:BF
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/exm8rc32L_wbT_gd_YdDY8C32r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:74:08:c1:1c:3e:7e:f8:d2:cf:d3:f2:e4:48:e5:24:95:9c:
         02:07:4f:81:ac:b1:ec:ef:1a:30:4c:be:bb:b4:3c:b9:5b:08:
         e6:d3:94:68:58:47:df:10:0e:bf:86:8e:ed:ec:5e:0b:3f:46:
         2b:ec:74:1d:da:85:6f:58:2c:5c:58:7d:98:dd:a6:5a:d8:d6:
         68:10:e1:09:b6:72:5e:57:4f:af:29:14:b0:e2:91:0d:96:7b:
         b0:be:89:60:a7:ee:81:4e:e7:7c:99:a5:d6:a3:7b:94:83:c7:
         f9:6e:b7:e5:5b:be:17:16:4e:0b:2f:8e:d0:94:25:be:ba:93:
         e1:4c:20:c0:2b:2c:37:ad:fd:6a:73:95:eb:fa:79:61:f8:64:
         d5:a2:fa:45:f0:a7:44:ba:d9:f5:df:9f:04:0d:ea:54:8e:27:
         c3:95:d7:41:7d:b1:07:88:a9:a5:22:b9:be:2e:9a:81:50:82:
         71:ed:25:2c:8b:e3:c8:1d:d2:98:f3:ce:c2:a4:2b:98:df:11:
         b0:b9:b2:17:53:c0:9c:68:bb:c0:ef:17:ea:88:12:58:d7:d0:
         32:4a:4e:91:65:d2:b1:04:59:41:76:01:ef:30:ac:17:08:84:
         35:5d:dd:93:95:5a:69:7b:a3:d6:3d:e9:51:14:d6:54:44:2d:
         7d:78:cf:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTKDk20fQlkSrr+GQqizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE5YmNhZGNkZjYyZmZjMWI0ZmY4MWRmZDg3NDM2M2MwYjdkYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hfsJeBU/OTsJeW4P4z3ozx9LSc8
KF+XuhaxHDzNvf7QFlCZn5URi+6q03l1zC/FukwbUY1JVD6r4MCKCSi4Zk4psOhm
XTk+gfP8H3IcNYGFTG+hAobTHIcCblNSFNX+EiUZ2taBopIj2GV6VNvRsycH9oDV
T1hS3Om9BOgsQeTtsGWsRZ46GWQzho2u/yAJREXlNjT8jDbTj1lCy2Rryi4Osi1/
G4jKR03HjgHXhUo0JIjjO8a3hW9Rp0qtMSkaojRjHWNy5CaplkJD6jbveX/dtcaq
pMpbdtBjv5mIfwAwi0//XYcuN25CA0Y4GBdgoK0NqeilBXmtR4Su9z2aZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsZvK3N9i/8G0/4Hf2HQ2PAt9q/MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvZXhtOHJjMzJMX3diVF9nZF9ZZERZOEMzMnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQi2MA0G
CSqGSIb3DQEBCwUAA4IBAQAUdAjBHD5++NLP0/LkSOUklZwCB0+BrLHs7xowTL67
tDy5Wwjm05RoWEffEA6/ho7t7F4LP0Yr7HQd2oVvWCxcWH2Y3aZa2NZoEOEJtnJe
V0+vKRSw4pENlnuwvolgp+6BTud8maXWo3uUg8f5brflW74XFk4LL47QlCW+upPh
TCDAKyw3rf1qc5Xr+nlh+GTVovpF8KdEutn1358EDepUjifDlddBfbEHiKmlIrm+
LpqBUIJx7SUsi+PIHdKY887CpCuY3xGwubIXU8CcaLvA7xfqiBJY19AySk6RZdKx
BFlBdgHvMKwXCIQ1Xd2TlVppe6PWPelRFNZURC19eM/u
-----END CERTIFICATE-----