Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/T8CaRngGi_3wzcIt9PzPZ1wckgY.roa
File:                     T8CaRngGi_3wzcIt9PzPZ1wckgY.roa (raw, json)
Hash identifier:          37vNH+xFSIYvkh93FypQjuj5VJFxVq0H4oy/OpBqTs8=
Subject key identifier:   4F:C0:9A:46:78:06:8B:FD:F0:CD:C2:2D:F4:FC:CF:67:5C:1C:92:06
Certificate issuer:       /CN=73c2f49445980199475512f5297608f45d08bb5a
Certificate serial:       019424B3B1160482C278056FA978A9389C86
Authority key identifier: 73:C2:F4:94:45:98:01:99:47:55:12:F5:29:76:08:F4:5D:08:BB:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/T8CaRngGi_3wzcIt9PzPZ1wckgY.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12993
IP address blocks:        194.152.32.0/23 maxlen: 23
                          195.216.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b1:16:04:82:c2:78:05:6f:a9:78:a9:38:9c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c2f49445980199475512f5297608f45d08bb5a
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fc09a4678068bfdf0cdc22df4fccf675c1c9206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5e:64:a8:50:5d:8b:25:60:67:4d:de:9c:eb:
                    6e:15:db:2e:ee:f0:ad:9d:c2:1d:21:68:8e:28:f4:
                    58:a2:6b:a8:89:f0:c8:cb:a8:89:f7:d5:3c:72:d1:
                    c2:02:59:df:31:05:1c:29:dd:3b:21:9c:76:5e:49:
                    62:54:0c:38:53:7a:f9:1a:7d:5c:85:84:20:ad:be:
                    fe:fc:4a:f3:f6:9a:e1:11:48:49:64:a7:bc:20:9f:
                    96:e0:e9:70:98:6d:57:d2:ad:dd:48:d5:44:5d:e3:
                    5b:89:f5:69:6a:e6:97:3e:72:b9:52:31:25:d5:7b:
                    fe:fb:3d:a1:e8:2f:4e:f8:93:41:0d:99:92:e5:1d:
                    fc:ed:8e:f3:bc:db:e4:d1:40:af:cc:68:db:9a:ba:
                    86:fb:6f:98:f6:ed:f7:82:14:43:46:89:1c:1b:42:
                    ff:ab:67:4f:7f:56:2c:5d:66:c8:6b:db:75:ea:15:
                    32:08:02:d3:fd:4e:e5:fc:78:18:a4:eb:f9:cf:d9:
                    06:10:5d:fa:5f:94:fa:27:1b:97:5c:b1:c6:47:28:
                    97:7d:73:56:6a:ef:c3:92:e5:b5:7c:b1:3c:2d:ba:
                    66:c4:69:af:33:95:18:78:5c:40:9c:7e:40:a5:7f:
                    e8:48:5e:08:14:61:b2:ee:ee:43:f5:59:25:d2:6a:
                    c4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C0:9A:46:78:06:8B:FD:F0:CD:C2:2D:F4:FC:CF:67:5C:1C:92:06
            X509v3 Authority Key Identifier:
                keyid:73:C2:F4:94:45:98:01:99:47:55:12:F5:29:76:08:F4:5D:08:BB:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/T8CaRngGi_3wzcIt9PzPZ1wckgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/8a2518-39a0-4a98-9562-787b9b584c2d/1/c8L0lEWYAZlHVRL1KXYI9F0Iu1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.32.0/23
                  195.216.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:17:54:63:5b:64:a6:0a:f9:86:7b:1f:7d:ec:10:8d:fa:2f:
         74:a3:22:5d:f9:9f:31:ae:11:b6:75:18:d3:fc:89:e4:a5:c9:
         f6:f5:3d:46:d6:47:c1:ad:91:a8:ad:a9:a4:7d:36:97:dd:d0:
         b5:1c:e1:b4:7e:db:e2:a3:5d:28:1c:28:f9:b7:0c:58:30:b4:
         6c:e0:07:00:26:32:fd:f4:d3:e2:17:f8:50:fa:6c:81:88:18:
         d4:57:7b:41:46:ae:5e:4b:60:da:c2:2d:46:5a:3d:ff:54:66:
         0b:66:0d:b8:75:b3:7f:04:a3:28:4c:cf:48:e8:37:c3:2d:64:
         09:96:82:cf:6b:12:98:2e:3c:36:46:65:64:64:9a:ae:b5:15:
         26:c3:0d:c4:1f:97:ec:8f:38:b0:b0:c4:56:2f:d1:86:fe:e3:
         56:59:46:5e:13:ac:27:35:f2:29:26:ea:e7:43:d7:36:d6:53:
         82:d7:59:61:c7:57:18:8c:ac:b7:a3:3b:14:1a:1d:91:39:c9:
         1f:8d:76:ed:43:65:f4:29:db:75:a5:37:3c:cd:25:5b:be:24:
         12:b4:21:f0:f4:e2:90:bc:b1:48:d4:da:d4:d8:e0:23:eb:d2:
         b2:cc:64:81:27:30:f8:71:14:0c:e5:9a:8f:f6:f2:f4:54:89:
         df:e8:99:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks7EWBILCeAVvqXipOJyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzJmNDk0NDU5ODAxOTk0NzU1MTJmNTI5NzYwOGY0NWQw
OGJiNWEwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmMwOWE0Njc4MDY4YmZkZjBjZGMyMmRmNGZjY2Y2NzVjMWM5MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA215kqFBdiyVgZ03enOtuFdsu7vCt
ncIdIWiOKPRYomuoifDIy6iJ99U8ctHCAlnfMQUcKd07IZx2XkliVAw4U3r5Gn1c
hYQgrb7+/Erz9prhEUhJZKe8IJ+W4OlwmG1X0q3dSNVEXeNbifVpauaXPnK5UjEl
1Xv++z2h6C9O+JNBDZmS5R387Y7zvNvk0UCvzGjbmrqG+2+Y9u33ghRDRokcG0L/
q2dPf1YsXWbIa9t16hUyCALT/U7l/HgYpOv5z9kGEF36X5T6JxuXXLHGRyiXfXNW
au/DkuW1fLE8LbpmxGmvM5UYeFxAnH5ApX/oSF4IFGGy7u5D9Vkl0mrEywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE/AmkZ4Bov98M3CLfT8z2dcHJIGMB8GA1UdIwQY
MBaAFHPC9JRFmAGZR1US9Sl2CPRdCLtaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhMMGxFV1lBWmxIVlJMMUtYWUk5RjBJdTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy84YTI1MTgtMzlhMC00YTk4LTk1NjIt
Nzg3YjliNTg0YzJkLzEvVDhDYVJuZ0dpXzN3emNJdDlQelBaMXdja2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy84YTI1MTgtMzlhMC00YTk4LTk1NjItNzg3YjliNTg0YzJk
LzEvYzhMMGxFV1lBWmxIVlJMMUtYWUk5RjBJdTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwpggAwQA
w9jsMA0GCSqGSIb3DQEBCwUAA4IBAQB/F1RjW2SmCvmGex997BCN+i90oyJd+Z8x
rhG2dRjT/Inkpcn29T1G1kfBrZGoramkfTaX3dC1HOG0ftvio10oHCj5twxYMLRs
4AcAJjL99NPiF/hQ+myBiBjUV3tBRq5eS2Dawi1GWj3/VGYLZg24dbN/BKMoTM9I
6DfDLWQJloLPaxKYLjw2RmVkZJqutRUmww3EH5fsjziwsMRWL9GG/uNWWUZeE6wn
NfIpJurnQ9c21lOC11lhx1cYjKy3ozsUGh2ROckfjXbtQ2X0Kdt1pTc8zSVbviQS
tCHw9OKQvLFI1NrU2OAj69KyzGSBJzD4cRQM5ZqP9vL0VInf6Jkf
-----END CERTIFICATE-----