Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/8nQwwbTKR2QHt6Bol-B0GBvbksM.roa
File:                     8nQwwbTKR2QHt6Bol-B0GBvbksM.roa (raw, json)
Hash identifier:          SHforER0sbIvAI5iADwv0gU7LdmKAhXUjkcLwpFZRTE=
Subject key identifier:   F2:74:30:C1:B4:CA:47:64:07:B7:A0:68:97:E0:74:18:1B:DB:92:C3
Certificate issuer:       /CN=f920755bf67ba7d7b4d3d001027604ea29b23ed1
Certificate serial:       0194228D8A7DC3B47E79D2EF937AC1A6BA24
Authority key identifier: F9:20:75:5B:F6:7B:A7:D7:B4:D3:D0:01:02:76:04:EA:29:B2:3E:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-SB1W_Z7p9e009ABAnYE6imyPtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/8nQwwbTKR2QHt6Bol-B0GBvbksM.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204179
IP address blocks:        109.74.24.0/23 maxlen: 23
                          2a0d:41c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/1-SB1W_Z7p9e009ABAnYE6imyPtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/1-SB1W_Z7p9e009ABAnYE6imyPtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-SB1W_Z7p9e009ABAnYE6imyPtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8a:7d:c3:b4:7e:79:d2:ef:93:7a:c1:a6:ba:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f920755bf67ba7d7b4d3d001027604ea29b23ed1
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f27430c1b4ca476407b7a06897e074181bdb92c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ee:45:0b:37:5a:e9:64:8e:da:9e:36:d4:d4:
                    92:06:01:a1:25:cc:f8:d7:3a:8d:2f:a3:ec:be:05:
                    58:c6:4f:a3:10:ca:90:b5:c5:92:67:5d:d5:91:d8:
                    e3:b1:95:e5:0d:14:35:ca:de:38:44:30:be:90:63:
                    d0:3e:4d:1d:f3:67:ea:9a:45:16:96:20:6a:cc:bf:
                    61:d0:34:9c:86:91:bf:16:eb:8e:fe:20:22:d5:07:
                    4b:14:79:95:78:9b:7d:66:af:05:9a:0a:61:8c:28:
                    59:68:1d:1a:3b:ac:37:f8:14:bd:7c:45:12:a0:1a:
                    6a:6f:79:16:c8:48:02:68:28:b3:62:1c:c0:34:e2:
                    05:61:f5:ea:f2:08:84:27:b5:a7:4c:13:3a:20:c7:
                    eb:56:8c:3e:05:81:7d:44:9b:32:66:08:e0:14:0c:
                    7c:26:2e:d0:f1:23:11:6a:02:6d:77:20:42:da:7a:
                    44:9f:f3:87:b5:1d:31:aa:3a:4b:83:d7:03:a8:fe:
                    47:0f:fb:cb:e0:6c:67:92:5f:1f:30:47:c2:8a:94:
                    a9:5c:9f:85:87:91:ec:d3:7c:e6:26:99:04:46:89:
                    07:c6:1c:85:12:1d:dd:56:b5:8f:6f:5e:dd:9e:ee:
                    76:24:1c:cf:e8:dd:58:23:1b:40:1d:ae:86:41:b1:
                    ed:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:74:30:C1:B4:CA:47:64:07:B7:A0:68:97:E0:74:18:1B:DB:92:C3
            X509v3 Authority Key Identifier:
                keyid:F9:20:75:5B:F6:7B:A7:D7:B4:D3:D0:01:02:76:04:EA:29:B2:3E:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-SB1W_Z7p9e009ABAnYE6imyPtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/8nQwwbTKR2QHt6Bol-B0GBvbksM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6b7c3d-84cc-4c70-bc6f-9e544d246fd7/1/1-SB1W_Z7p9e009ABAnYE6imyPtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.24.0/23
                IPv6:
                  2a0d:41c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:77:db:d2:59:6f:29:89:b1:e8:04:7c:31:b3:7a:8d:fd:eb:
         0d:82:9e:e3:b1:48:ae:ad:0e:e6:99:d1:65:14:a7:b1:51:6b:
         25:ef:68:75:a5:b1:31:b8:c7:06:49:61:e9:e3:86:a1:f6:bb:
         67:be:be:2f:91:a8:ab:77:75:ee:dc:a6:ec:a8:8a:f7:c2:49:
         c0:ef:9d:ec:ef:0f:a2:fb:98:e7:84:3a:c1:b0:2c:7c:6e:6b:
         1b:a6:b7:8a:5f:54:a3:57:71:82:ab:aa:78:fa:82:d9:de:11:
         69:3a:2d:88:e8:3a:3b:1f:78:21:e6:ce:0e:89:06:a8:90:ac:
         51:2f:b9:90:f8:6c:f1:50:bf:87:a6:89:c9:33:c6:32:0e:09:
         b7:f9:6e:f7:43:68:ea:2f:fa:8a:bf:a7:73:bc:b4:16:77:a3:
         f5:9a:20:32:8d:51:09:93:b6:4c:f8:c5:cf:a2:f2:7e:d2:8d:
         02:8d:91:75:4c:c2:90:c7:a2:f9:c2:db:5f:79:26:4d:2d:02:
         29:60:31:7e:92:bf:70:b0:ae:c6:f4:37:89:e9:8b:75:8c:64:
         fc:61:3e:e6:5d:2f:08:02:71:da:0a:9b:23:a5:34:d4:04:84:
         fa:f7:d0:01:04:52:8b:36:c1:ee:d7:c4:ab:00:de:fb:73:f9:
         07:e2:94:26
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijYp9w7R+edLvk3rBprokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MjA3NTViZjY3YmE3ZDdiNGQzZDAwMTAyNzYwNGVhMjli
MjNlZDEwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc0MzBjMWI0Y2E0NzY0MDdiN2EwNjg5N2UwNzQxODFiZGI5MmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte5FCzda6WSO2p421NSSBgGhJcz4
1zqNL6PsvgVYxk+jEMqQtcWSZ13VkdjjsZXlDRQ1yt44RDC+kGPQPk0d82fqmkUW
liBqzL9h0DSchpG/FuuO/iAi1QdLFHmVeJt9Zq8FmgphjChZaB0aO6w3+BS9fEUS
oBpqb3kWyEgCaCizYhzANOIFYfXq8giEJ7WnTBM6IMfrVow+BYF9RJsyZgjgFAx8
Ji7Q8SMRagJtdyBC2npEn/OHtR0xqjpLg9cDqP5HD/vL4Gxnkl8fMEfCipSpXJ+F
h5Hs03zmJpkERokHxhyFEh3dVrWPb17dnu52JBzP6N1YIxtAHa6GQbHt5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJ0MMG0ykdkB7egaJfgdBgb25LDMB8GA1UdIwQY
MBaAFPkgdVv2e6fXtNPQAQJ2BOopsj7RMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1TQjFXX1o3cDllMDA5QUJBbllFNmlteVB0RS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvNmI3YzNkLTg0Y2MtNGM3MC1iYzZm
LTllNTQ0ZDI0NmZkNy8xLzhuUXd3YlRLUjJRSHQ2Qm9sLUIwR0J2YmtzTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjQvNmI3YzNkLTg0Y2MtNGM3MC1iYzZmLTllNTQ0ZDI0NmZk
Ny8xLzEtU0IxV19aN3A5ZTAwOUFCQW5ZRTZpbXlQdEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAFtShgw
DQQCAAIwBwMFACoNQcAwDQYJKoZIhvcNAQELBQADggEBAI5329JZbymJsegEfDGz
eo396w2CnuOxSK6tDuaZ0WUUp7FRayXvaHWlsTG4xwZJYenjhqH2u2e+vi+RqKt3
de7cpuyoivfCScDvnezvD6L7mOeEOsGwLHxuaxumt4pfVKNXcYKrqnj6gtneEWk6
LYjoOjsfeCHmzg6JBqiQrFEvuZD4bPFQv4emickzxjIOCbf5bvdDaOov+oq/p3O8
tBZ3o/WaIDKNUQmTtkz4xc+i8n7SjQKNkXVMwpDHovnC2195Jk0tAilgMX6Sv3Cw
rsb0N4npi3WMZPxhPuZdLwgCcdoKmyOlNNQEhPr30AEEUos2we7XxKsA3vtz+Qfi
lCY=
-----END CERTIFICATE-----