Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/_414kKe8CrM8omxF14iw_uWfQeQ.roa
File:                     _414kKe8CrM8omxF14iw_uWfQeQ.roa (raw, json)
Hash identifier:          STEuM8jfatMl0Nipri3GXEfRe55DrJzbXE1Ue4EdCsw=
Subject key identifier:   FF:8D:78:90:A7:BC:0A:B3:3C:A2:6C:45:D7:88:B0:FE:E5:9F:41:E4
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC53235B5A0E20F3F99CAF679E376
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/_414kKe8CrM8omxF14iw_uWfQeQ.roa
Signing time:             Wed 01 Jan 2025 01:48:26 +0000
ROA not before:           Wed 01 Jan 2025 01:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209632
IP address blocks:        139.28.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c5:32:35:b5:a0:e2:0f:3f:99:ca:f6:79:e3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff8d7890a7bc0ab33ca26c45d788b0fee59f41e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d8:53:7f:59:b9:e8:52:45:c9:17:0f:02:6b:
                    ad:36:4c:9c:2d:85:1f:f1:d3:b2:56:20:e9:e5:19:
                    d5:ee:2f:86:31:65:86:f3:3f:40:c3:fb:25:f6:85:
                    53:2b:d3:31:c3:ea:ba:0e:b8:ef:27:be:84:94:5e:
                    c5:0a:98:75:59:5a:4f:ec:97:30:e5:aa:41:f5:c2:
                    15:f6:0f:61:1e:81:26:83:02:02:b7:d8:0d:3f:73:
                    4a:84:de:f0:20:49:e5:7b:ca:85:ec:2b:8a:f3:7c:
                    fc:7b:9b:50:d0:41:41:e2:f7:c5:ee:67:3c:39:f1:
                    33:8e:cf:90:8d:ee:62:43:8a:01:cd:2b:96:98:c4:
                    b2:39:d7:9d:63:e5:60:77:21:a7:88:37:45:cd:92:
                    aa:53:e0:59:da:12:15:18:5f:d6:57:17:b7:97:49:
                    38:11:db:3b:15:56:22:85:3c:4f:3b:21:18:d8:2d:
                    78:47:e9:1a:66:d4:5e:5c:60:dc:13:96:f9:07:06:
                    61:ac:4a:29:31:0d:40:ad:4b:74:ab:7b:c3:1b:bf:
                    8d:b0:7d:b4:bc:b3:3a:32:f0:0c:df:de:10:c1:24:
                    48:cf:ab:18:f1:e3:86:7d:de:e3:80:3f:ec:09:c1:
                    0b:aa:07:14:f5:96:05:0e:92:cf:52:fc:72:57:e7:
                    7d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8D:78:90:A7:BC:0A:B3:3C:A2:6C:45:D7:88:B0:FE:E5:9F:41:E4
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/_414kKe8CrM8omxF14iw_uWfQeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:2c:81:4e:4d:da:3f:41:00:4a:f0:e0:da:9f:87:6f:23:05:
         b8:71:51:66:51:64:0b:92:1e:68:f1:f7:4a:2b:c0:3d:a6:78:
         89:cf:2a:f6:d2:55:f8:11:88:43:49:2c:8f:0a:b7:c5:36:c6:
         a9:9c:2c:6b:b1:ea:de:c5:48:de:11:6d:01:ff:c5:f2:6e:3d:
         fb:30:74:2b:6c:25:11:d3:1c:53:f5:41:5b:cb:2c:8e:35:ab:
         9c:4f:a2:0b:04:1c:e8:e0:1a:16:92:54:fb:7d:4d:ca:b1:61:
         c7:6f:b0:eb:14:53:a4:45:2c:66:c9:64:61:c4:12:ee:18:be:
         69:32:35:a5:de:76:a8:66:16:78:99:82:63:70:de:db:a1:a3:
         3b:66:a6:9c:dd:79:82:df:67:09:a1:ae:42:ca:df:0b:c1:18:
         98:38:15:e0:f1:3b:e4:11:7c:71:02:6c:36:fa:b0:a3:be:f3:
         59:d8:e3:5e:4a:bf:1a:89:18:3e:7b:11:21:42:e2:a1:a5:be:
         fa:d5:26:30:56:09:f6:eb:4d:34:33:ca:56:9a:b6:41:28:2a:
         ff:92:56:23:8c:59:ac:31:67:63:ce:c9:e4:68:e9:92:da:fb:
         2c:eb:2b:cd:66:b7:82:af:ef:bd:ec:34:a8:9a:19:b3:08:5d:
         a1:9d:93:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMUyNbWg4g8/mcr2eeN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhkNzg5MGE3YmMwYWIzM2NhMjZjNDVkNzg4YjBmZWU1OWY0MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dhTf1m56FJFyRcPAmutNkycLYUf
8dOyViDp5RnV7i+GMWWG8z9Aw/sl9oVTK9Mxw+q6DrjvJ76ElF7FCph1WVpP7Jcw
5apB9cIV9g9hHoEmgwICt9gNP3NKhN7wIEnle8qF7CuK83z8e5tQ0EFB4vfF7mc8
OfEzjs+Qje5iQ4oBzSuWmMSyOdedY+VgdyGniDdFzZKqU+BZ2hIVGF/WVxe3l0k4
Eds7FVYihTxPOyEY2C14R+kaZtReXGDcE5b5BwZhrEopMQ1ArUt0q3vDG7+NsH20
vLM6MvAM394QwSRIz6sY8eOGfd7jgD/sCcELqgcU9ZYFDpLPUvxyV+d9awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+NeJCnvAqzPKJsRdeIsP7ln0HkMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvXzQxNGtLZThDck04b214RjE0aXdfdVdmUWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixy8MA0G
CSqGSIb3DQEBCwUAA4IBAQCnLIFOTdo/QQBK8ODan4dvIwW4cVFmUWQLkh5o8fdK
K8A9pniJzyr20lX4EYhDSSyPCrfFNsapnCxrserexUjeEW0B/8Xybj37MHQrbCUR
0xxT9UFbyyyONaucT6ILBBzo4BoWklT7fU3KsWHHb7DrFFOkRSxmyWRhxBLuGL5p
MjWl3naoZhZ4mYJjcN7boaM7Zqac3XmC32cJoa5Cyt8LwRiYOBXg8TvkEXxxAmw2
+rCjvvNZ2ONeSr8aiRg+exEhQuKhpb761SYwVgn26000M8pWmrZBKCr/klYjjFms
MWdjzsnkaOmS2vss6yvNZreCr++97DSomhmzCF2hnZO8
-----END CERTIFICATE-----