Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/Mf_fXP2jPHVmLONdZ1xYPtuNu7Q.roa
File:                     Mf_fXP2jPHVmLONdZ1xYPtuNu7Q.roa (raw, json)
Hash identifier:          LOr2gDDIVLXiBV/jZXlGLfpc3s69N4tqrkcfM7qBuoA=
Subject key identifier:   31:FF:DF:5C:FD:A3:3C:75:66:2C:E3:5D:67:5C:58:3E:DB:8D:BB:B4
Certificate issuer:       /CN=8b4db87a497a15ba79a706d12ee904c4449d1b55
Certificate serial:       0196FC2525043421726ADC42C4B00C2259BD
Authority key identifier: 8B:4D:B8:7A:49:7A:15:BA:79:A7:06:D1:2E:E9:04:C4:44:9D:1B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/Mf_fXP2jPHVmLONdZ1xYPtuNu7Q.roa
Signing time:             Fri 23 May 2025 07:56:54 +0000
ROA not before:           Fri 23 May 2025 07:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198115
IP address blocks:        194.126.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:25:25:04:34:21:72:6a:dc:42:c4:b0:0c:22:59:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b4db87a497a15ba79a706d12ee904c4449d1b55
        Validity
            Not Before: May 23 07:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31ffdf5cfda33c75662ce35d675c583edb8dbbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:02:5d:70:7c:8b:6a:60:f0:50:29:00:26:
                    7f:b3:74:12:57:90:eb:ff:41:a9:a6:00:1c:59:21:
                    92:a2:2d:57:de:41:4d:ba:1e:c0:de:0a:d4:0a:d9:
                    34:42:2f:0c:39:e9:8b:32:c7:23:a7:93:c8:41:f4:
                    62:8e:3b:07:b4:f7:2d:3e:c7:79:8f:43:d6:58:29:
                    bd:9c:d0:d1:01:9f:ff:58:4f:49:d5:2c:94:88:cf:
                    57:c1:70:83:cc:f9:3b:8f:3b:50:6d:f4:60:81:90:
                    3c:77:59:10:af:32:5e:e3:42:72:1e:c5:d7:79:ff:
                    7a:cc:c2:7d:cc:87:fa:ba:fe:98:4d:f5:80:bb:61:
                    26:92:b9:32:0d:07:6b:b9:4a:d4:1d:33:17:ba:dc:
                    9a:c8:df:4d:eb:f1:17:2b:ab:91:65:57:0d:82:0b:
                    f1:2d:e7:a2:2d:45:b7:c7:43:0b:ee:a1:83:20:fb:
                    0b:33:a2:9b:57:51:4c:fa:c2:e1:92:ad:a4:e6:ed:
                    d7:8f:c1:ea:86:c8:e7:a0:9c:6a:86:a0:c1:d6:d0:
                    b4:32:f4:7e:e7:ce:e5:4c:06:f2:53:af:6e:e7:f4:
                    0f:9d:6e:cd:1d:29:3b:20:c4:10:29:b8:6f:16:cf:
                    5a:c5:5c:99:3b:1b:f2:0d:92:e3:33:4f:ea:10:41:
                    85:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:FF:DF:5C:FD:A3:3C:75:66:2C:E3:5D:67:5C:58:3E:DB:8D:BB:B4
            X509v3 Authority Key Identifier:
                keyid:8B:4D:B8:7A:49:7A:15:BA:79:A7:06:D1:2E:E9:04:C4:44:9D:1B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/Mf_fXP2jPHVmLONdZ1xYPtuNu7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:66:7a:f6:68:08:1d:25:79:b6:bb:86:5d:a3:71:1b:2e:23:
         3f:0c:4e:f3:39:83:a2:7c:85:69:66:6e:50:3e:d5:61:19:94:
         27:5a:72:2a:5c:a1:b8:60:bf:61:4d:78:29:37:e1:9a:82:9f:
         e5:1e:43:e9:8b:17:bc:bb:ef:33:f8:69:c2:ed:44:bc:4d:dd:
         be:88:60:a9:56:84:a5:65:da:30:d6:00:57:bf:17:e9:7c:2a:
         de:e6:88:f9:5c:52:26:c0:b2:16:f0:22:6b:77:41:d4:36:c5:
         10:a8:17:e2:ee:90:43:7c:d0:f1:33:1b:5a:67:8c:2a:6d:d4:
         1b:8a:af:98:6b:ca:8c:9f:e9:f7:b2:7b:61:93:66:2b:ce:3c:
         e5:57:70:f9:53:0e:2e:e4:31:60:83:2b:39:1c:c5:ad:1c:2a:
         a3:72:b7:a8:fc:a4:34:c2:e4:b9:02:08:fb:89:6a:fc:80:29:
         95:21:24:c5:ea:5f:d0:d7:9e:14:47:dd:e5:1a:c7:41:fc:14:
         04:06:6c:86:66:99:30:36:96:95:bc:aa:dc:85:07:ff:76:1e:
         b0:42:64:48:2a:42:7c:98:8f:b4:c5:6c:73:87:76:fa:44:92:
         1a:03:b7:d4:0e:ea:36:9c:ec:9b:f8:5c:0c:bd:2c:6c:c7:67:
         4e:b6:16:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb8JSUENCFyatxCxLAMIlm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNGRiODdhNDk3YTE1YmE3OWE3MDZkMTJlZTkwNGM0NDQ5
ZDFiNTUwHhcNMjUwNTIzMDc1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWZmZGY1Y2ZkYTMzYzc1NjYyY2UzNWQ2NzVjNTgzZWRiOGRiYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAQCXXB8i2pg8FApACZ/s3QSV5Dr
/0GppgAcWSGSoi1X3kFNuh7A3grUCtk0Qi8MOemLMscjp5PIQfRijjsHtPctPsd5
j0PWWCm9nNDRAZ//WE9J1SyUiM9XwXCDzPk7jztQbfRggZA8d1kQrzJe40JyHsXX
ef96zMJ9zIf6uv6YTfWAu2EmkrkyDQdruUrUHTMXutyayN9N6/EXK6uRZVcNggvx
LeeiLUW3x0ML7qGDIPsLM6KbV1FM+sLhkq2k5u3Xj8HqhsjnoJxqhqDB1tC0MvR+
587lTAbyU69u5/QPnW7NHSk7IMQQKbhvFs9axVyZOxvyDZLjM0/qEEGFuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDH/31z9ozx1ZizjXWdcWD7bjbu0MB8GA1UdIwQY
MBaAFItNuHpJehW6eacG0S7pBMREnRtVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTAyNGVrbDZGYnA1cHdiUkx1a0V4RVNkRzFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kODE0YjQtMDJiMS00ZmIzLWFjZWYt
MTYwMWQ0MWZkYzFmLzEvTWZfZlhQMmpQSFZtTE9OZFoxeFlQdHVOdTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kODE0YjQtMDJiMS00ZmIzLWFjZWYtMTYwMWQ0MWZkYzFm
LzEvaTAyNGVrbDZGYnA1cHdiUkx1a0V4RVNkRzFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7oMA0G
CSqGSIb3DQEBCwUAA4IBAQAXZnr2aAgdJXm2u4Zdo3EbLiM/DE7zOYOifIVpZm5Q
PtVhGZQnWnIqXKG4YL9hTXgpN+Gagp/lHkPpixe8u+8z+GnC7US8Td2+iGCpVoSl
Zdow1gBXvxfpfCre5oj5XFImwLIW8CJrd0HUNsUQqBfi7pBDfNDxMxtaZ4wqbdQb
iq+Ya8qMn+n3snthk2YrzjzlV3D5Uw4u5DFggys5HMWtHCqjcreo/KQ0wuS5Agj7
iWr8gCmVISTF6l/Q154UR93lGsdB/BQEBmyGZpkwNpaVvKrchQf/dh6wQmRIKkJ8
mI+0xWxzh3b6RJIaA7fUDuo2nOyb+FwMvSxsx2dOthZ4
-----END CERTIFICATE-----