Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/8nLoMcIcsiOT94ggaJIYQQl2oRM.roa
File:                     8nLoMcIcsiOT94ggaJIYQQl2oRM.roa (raw, json)
Hash identifier:          qT9FeEnewJoNeBMjY4zbOI1Gsyx72sYu0a6uEXjvmkY=
Subject key identifier:   F2:72:E8:31:C2:1C:B2:23:93:F7:88:20:68:92:18:41:09:76:A1:13
Certificate issuer:       /CN=2aa8202b4d0c5c111d374f1e98b73db4924d64b1
Certificate serial:       01963373A799E32F9917C0E126598FECE681
Authority key identifier: 2A:A8:20:2B:4D:0C:5C:11:1D:37:4F:1E:98:B7:3D:B4:92:4D:64:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/8nLoMcIcsiOT94ggaJIYQQl2oRM.roa
Signing time:             Mon 14 Apr 2025 08:38:59 +0000
ROA not before:           Mon 14 Apr 2025 08:38:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50531
IP address blocks:        185.53.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:73:a7:99:e3:2f:99:17:c0:e1:26:59:8f:ec:e6:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa8202b4d0c5c111d374f1e98b73db4924d64b1
        Validity
            Not Before: Apr 14 08:38:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f272e831c21cb22393f78820689218410976a113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5a:8f:78:41:c9:39:ef:88:5d:18:a8:a0:18:
                    cc:12:c4:e0:2c:1e:e5:ac:ed:4c:87:ed:7a:00:2b:
                    cd:e8:22:b5:00:19:82:17:6d:35:c6:5f:4c:6b:cd:
                    3a:d4:3a:cb:a8:91:3e:fb:e3:5b:d0:12:b1:80:aa:
                    34:83:84:ae:df:32:f9:53:03:05:2c:07:fd:e4:4d:
                    bf:73:82:37:07:d8:79:3e:1b:9e:51:8b:fa:29:87:
                    8d:56:dd:de:e3:8e:de:a2:93:17:d0:1b:fa:87:33:
                    83:6c:d7:c6:cd:25:c5:9c:1d:dd:00:49:46:1a:e4:
                    ac:5f:04:0a:b1:aa:eb:a0:50:a7:ed:dd:29:b9:05:
                    51:c6:e0:6b:e9:66:cf:91:84:13:8d:28:ef:d0:7a:
                    5a:d8:31:39:4a:b8:06:6c:ce:03:a4:24:73:30:f3:
                    1f:2f:2d:cc:54:0e:1f:1e:cc:3f:66:2d:d8:55:b0:
                    55:4d:4e:a0:6b:04:07:2e:11:cb:8d:de:f6:d2:bc:
                    18:2f:2c:3e:14:77:f9:02:e2:d1:20:04:53:ee:f3:
                    2e:33:35:31:86:d9:4d:29:7c:86:68:d0:a6:9b:f0:
                    98:d7:66:66:46:13:8a:4d:c6:1f:8a:16:24:3a:11:
                    95:11:42:f1:f1:99:a8:4f:eb:44:57:9b:37:c2:f8:
                    40:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:72:E8:31:C2:1C:B2:23:93:F7:88:20:68:92:18:41:09:76:A1:13
            X509v3 Authority Key Identifier:
                keyid:2A:A8:20:2B:4D:0C:5C:11:1D:37:4F:1E:98:B7:3D:B4:92:4D:64:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/8nLoMcIcsiOT94ggaJIYQQl2oRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:f5:55:a5:81:89:36:3d:8e:40:1c:42:9d:77:8f:08:9e:1b:
         7a:02:bc:45:09:bd:28:b0:a9:f1:7d:f0:24:64:43:e4:88:b8:
         78:04:69:07:99:18:31:53:c9:15:b6:a2:02:0c:96:a1:21:c1:
         ec:98:f4:5c:5d:e5:45:19:2f:e4:f1:d1:bd:ef:d4:58:63:7d:
         f7:c6:ec:fa:d0:96:5e:ad:b0:9f:fb:12:41:05:75:80:c7:72:
         94:7e:61:b7:73:cb:6b:ef:ac:2a:a2:91:cb:06:71:f0:17:11:
         d3:d2:d4:87:9b:38:0b:93:d4:cb:fe:d2:d4:06:6e:ce:7c:ec:
         af:02:5c:fd:db:9f:da:d8:42:39:71:80:50:e5:ec:76:43:56:
         e5:72:b0:a5:51:c7:a1:a1:6b:01:5e:d6:b3:4a:b8:d3:e6:33:
         01:36:79:69:b9:27:b3:bd:3f:b0:4e:72:14:a0:2a:59:0f:8f:
         2d:dc:3e:24:32:42:4e:62:7c:74:39:75:cc:c6:c7:5c:ff:5d:
         18:01:45:f2:ba:9c:44:6a:98:a3:34:e5:3c:0b:a8:93:4f:0e:
         53:3d:23:66:36:2f:42:04:da:6e:70:dc:c2:33:76:3a:81:01:
         ff:02:b7:a8:63:9a:79:3b:17:63:e9:27:78:f7:e6:8b:cf:dd:
         2a:6b:71:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzc6eZ4y+ZF8DhJlmP7OaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTgyMDJiNGQwYzVjMTExZDM3NGYxZTk4YjczZGI0OTI0
ZDY0YjEwHhcNMjUwNDE0MDgzODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjcyZTgzMWMyMWNiMjIzOTNmNzg4MjA2ODkyMTg0MTA5NzZhMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlqPeEHJOe+IXRiooBjMEsTgLB7l
rO1Mh+16ACvN6CK1ABmCF201xl9Ma8061DrLqJE+++Nb0BKxgKo0g4Su3zL5UwMF
LAf95E2/c4I3B9h5PhueUYv6KYeNVt3e447eopMX0Bv6hzODbNfGzSXFnB3dAElG
GuSsXwQKsarroFCn7d0puQVRxuBr6WbPkYQTjSjv0Hpa2DE5SrgGbM4DpCRzMPMf
Ly3MVA4fHsw/Zi3YVbBVTU6gawQHLhHLjd720rwYLyw+FHf5AuLRIART7vMuMzUx
htlNKXyGaNCmm/CY12ZmRhOKTcYfihYkOhGVEULx8ZmoT+tEV5s3wvhAJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJy6DHCHLIjk/eIIGiSGEEJdqETMB8GA1UdIwQY
MBaAFCqoICtNDFwRHTdPHpi3PbSSTWSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FnZ0swME1YQkVkTjA4ZW1MYzl0SkpOWkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8yN2IzYjMtNGIyMi00NzQwLWE2NWEt
NmU3YmFlNWZmODk4LzEvOG5Mb01jSWNzaU9UOTRnZ2FKSVlRUWwyb1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8yN2IzYjMtNGIyMi00NzQwLWE2NWEtNmU3YmFlNWZmODk4
LzEvS3FnZ0swME1YQkVkTjA4ZW1MYzl0SkpOWkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTW/MA0G
CSqGSIb3DQEBCwUAA4IBAQA79VWlgYk2PY5AHEKdd48Inht6ArxFCb0osKnxffAk
ZEPkiLh4BGkHmRgxU8kVtqICDJahIcHsmPRcXeVFGS/k8dG979RYY333xuz60JZe
rbCf+xJBBXWAx3KUfmG3c8tr76wqopHLBnHwFxHT0tSHmzgLk9TL/tLUBm7OfOyv
Alz925/a2EI5cYBQ5ex2Q1blcrClUcehoWsBXtazSrjT5jMBNnlpuSezvT+wTnIU
oCpZD48t3D4kMkJOYnx0OXXMxsdc/10YAUXyupxEapijNOU8C6iTTw5TPSNmNi9C
BNpucNzCM3Y6gQH/AreoY5p5Oxdj6Sd49+aLz90qa3F5
-----END CERTIFICATE-----