Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/LxNSeoOpRPG9_HiGLcIAHRadlNc.roa
File:                     LxNSeoOpRPG9_HiGLcIAHRadlNc.roa (raw, json)
Hash identifier:          qvJbggqu+HiEq8RovpTm1/fCGos5lBoKnbhtXPjlKWA=
Subject key identifier:   2F:13:52:7A:83:A9:44:F1:BD:FC:78:86:2D:C2:00:1D:16:9D:94:D7
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0195D7B83A8FA235FC600AB0360C9A7C4899
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/LxNSeoOpRPG9_HiGLcIAHRadlNc.roa
Signing time:             Thu 27 Mar 2025 13:08:49 +0000
ROA not before:           Thu 27 Mar 2025 13:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50129
IP address blocks:        185.209.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:b8:3a:8f:a2:35:fc:60:0a:b0:36:0c:9a:7c:48:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Mar 27 13:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f13527a83a944f1bdfc78862dc2001d169d94d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:34:e6:18:e2:88:f4:99:c4:f1:e5:a9:78:ca:
                    1e:77:89:ea:74:00:fb:93:68:52:55:c9:ab:21:e5:
                    ea:f6:c5:74:97:1b:fe:b5:53:c6:e9:59:53:63:27:
                    4a:e8:c7:93:52:98:a2:78:63:fe:92:09:dd:dc:9e:
                    1a:4a:23:62:b6:e4:4f:bd:53:1b:08:d6:b9:d1:b5:
                    e0:cb:cf:1f:ef:7c:d8:31:c7:05:1d:e9:de:2b:96:
                    3f:9b:ea:6d:27:62:29:30:be:ee:0b:d8:46:d1:8d:
                    79:e9:2b:e3:e0:65:fa:10:08:1f:fb:08:f6:42:f2:
                    d6:d4:9d:ac:fe:ce:dd:18:47:f8:29:49:3c:84:de:
                    4e:fc:20:ba:c3:4d:e0:c7:f2:b8:de:f2:c9:ab:40:
                    06:1b:eb:7a:a0:1b:2a:20:be:98:05:fd:62:55:74:
                    1b:db:68:db:66:26:d2:0b:8f:1a:36:fb:a0:86:44:
                    ea:0f:35:12:32:9c:98:54:24:c7:36:57:70:32:be:
                    4f:9e:29:34:40:2b:0b:14:5b:03:e2:76:c1:ae:d1:
                    9e:8b:64:b4:68:e6:30:4f:1e:01:59:2a:0a:43:c6:
                    1b:b4:e1:60:dd:3c:a9:92:75:e7:e5:b3:17:73:2d:
                    63:3c:d4:57:ac:c8:6f:bd:4b:c6:c5:0f:83:c6:8b:
                    12:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:13:52:7A:83:A9:44:F1:BD:FC:78:86:2D:C2:00:1D:16:9D:94:D7
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/LxNSeoOpRPG9_HiGLcIAHRadlNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:59:3a:5c:8b:58:7a:88:66:bd:35:95:92:bb:5d:a0:d1:ce:
         57:f0:71:c3:c6:75:38:ba:37:60:7e:27:7c:78:a7:68:fd:8b:
         e4:e8:33:d7:c6:a4:27:66:d7:bd:f5:b4:36:26:b6:e0:57:d8:
         c6:8b:40:80:e8:10:7a:a1:3f:9c:86:b8:6b:33:5d:a1:2a:3d:
         fe:0b:eb:64:c6:43:b9:28:2e:6c:99:b5:4d:30:d0:9b:49:fe:
         8a:fe:a7:42:ee:51:d0:a3:8e:45:9b:4d:b7:53:53:77:e4:d8:
         21:4f:9d:bc:5f:3f:6c:b4:d6:eb:0e:78:b3:70:c2:cb:3c:5d:
         49:b7:87:4f:0a:37:24:c5:b4:66:2a:8e:de:b3:4f:33:cd:7e:
         62:68:cb:7b:12:25:be:05:ba:4c:fd:13:31:bd:42:b9:3b:6c:
         ad:5c:4c:d2:39:f7:31:96:a7:98:30:1c:0e:2d:69:ce:ef:3d:
         0b:50:64:38:95:a4:78:93:26:7a:36:d0:06:a9:fc:ff:18:27:
         9c:82:c4:79:71:10:a4:b5:30:78:62:bd:2f:80:c3:43:66:de:
         f6:4b:52:a1:d2:b9:c5:c8:e5:09:95:13:81:27:78:bd:41:3c:
         c7:da:c3:57:25:66:25:67:a3:18:a4:1c:37:13:1a:e6:2f:f7:
         89:a5:11:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXXuDqPojX8YAqwNgyafEiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMzI3MTMwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjEzNTI3YTgzYTk0NGYxYmRmYzc4ODYyZGMyMDAxZDE2OWQ5NGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzTmGOKI9JnE8eWpeMoed4nqdAD7
k2hSVcmrIeXq9sV0lxv+tVPG6VlTYydK6MeTUpiieGP+kgnd3J4aSiNituRPvVMb
CNa50bXgy88f73zYMccFHeneK5Y/m+ptJ2IpML7uC9hG0Y156Svj4GX6EAgf+wj2
QvLW1J2s/s7dGEf4KUk8hN5O/CC6w03gx/K43vLJq0AGG+t6oBsqIL6YBf1iVXQb
22jbZibSC48aNvughkTqDzUSMpyYVCTHNldwMr5Pnik0QCsLFFsD4nbBrtGei2S0
aOYwTx4BWSoKQ8YbtOFg3TypknXn5bMXcy1jPNRXrMhvvUvGxQ+DxosSUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8TUnqDqUTxvfx4hi3CAB0WnZTXMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvTHhOU2VvT3BSUEc5X0hpR0xjSUFIUmFkbE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudEIMA0G
CSqGSIb3DQEBCwUAA4IBAQAsWTpci1h6iGa9NZWSu12g0c5X8HHDxnU4ujdgfid8
eKdo/Yvk6DPXxqQnZte99bQ2JrbgV9jGi0CA6BB6oT+chrhrM12hKj3+C+tkxkO5
KC5smbVNMNCbSf6K/qdC7lHQo45Fm023U1N35NghT528Xz9stNbrDnizcMLLPF1J
t4dPCjckxbRmKo7es08zzX5iaMt7EiW+BbpM/RMxvUK5O2ytXEzSOfcxlqeYMBwO
LWnO7z0LUGQ4laR4kyZ6NtAGqfz/GCecgsR5cRCktTB4Yr0vgMNDZt72S1Kh0rnF
yOUJlROBJ3i9QTzH2sNXJWYlZ6MYpBw3ExrmL/eJpRFr
-----END CERTIFICATE-----