Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/8JHdroSmFbW7TogZWDAIS298pfo.roa
File:                     8JHdroSmFbW7TogZWDAIS298pfo.roa (raw, json)
Hash identifier:          goVtVxuEC9QAmF+Kz0vzUzxl+/V8u83qUjrsL0jlHNw=
Subject key identifier:   F0:91:DD:AE:84:A6:15:B5:BB:4E:88:19:58:30:08:4B:6F:7C:A5:FA
Certificate issuer:       /CN=74a8d8472906c2038aaec84c7b3e56c2096be860
Certificate serial:       019423D73C0D4BF2779EE25ECE67FD58BD2D
Authority key identifier: 74:A8:D8:47:29:06:C2:03:8A:AE:C8:4C:7B:3E:56:C2:09:6B:E8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/8JHdroSmFbW7TogZWDAIS298pfo.roa
Signing time:             Wed 01 Jan 2025 21:48:15 +0000
ROA not before:           Wed 01 Jan 2025 21:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212493
IP address blocks:        193.163.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:3c:0d:4b:f2:77:9e:e2:5e:ce:67:fd:58:bd:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74a8d8472906c2038aaec84c7b3e56c2096be860
        Validity
            Not Before: Jan  1 21:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f091ddae84a615b5bb4e88195830084b6f7ca5fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:81:b3:20:5a:a0:f8:96:a4:15:e8:c3:ae:78:
                    f1:6e:e6:0c:8f:6f:5a:8d:ca:ec:df:24:0a:e9:a7:
                    17:80:60:d1:dd:3b:5a:fd:2e:cd:5b:ad:a9:ad:39:
                    a6:3a:0b:5d:45:af:75:f6:62:72:5f:f8:7d:aa:4b:
                    79:f7:85:71:8d:cf:1d:26:f3:03:59:ef:b5:1f:ef:
                    a6:e1:db:36:2d:be:98:a3:fa:98:6c:2d:63:50:71:
                    ba:2e:01:53:af:0a:4f:30:1d:48:97:14:50:e7:80:
                    83:36:94:84:66:78:e3:7f:aa:7d:9d:b4:55:67:55:
                    cf:91:f9:20:b3:44:b4:62:0d:53:44:d8:69:0f:7c:
                    a2:92:41:e2:d9:16:7c:0a:4f:9f:f2:ff:7a:98:40:
                    54:5e:19:a7:e2:39:76:9d:39:44:2f:ea:3b:02:b2:
                    28:d3:4f:bf:82:bc:24:f8:1d:92:9b:66:fd:b9:b7:
                    b8:22:52:e7:df:17:60:c9:11:e2:6c:0c:09:22:2d:
                    a6:b9:a6:12:55:81:37:6f:6f:d6:57:07:bd:c6:35:
                    1f:65:43:4a:5f:30:49:d0:25:2e:11:0f:93:e6:7a:
                    a3:bf:fe:b5:d4:4d:18:e3:52:f3:18:23:e1:f3:cd:
                    e7:54:76:88:c9:e1:87:44:1a:a7:12:b2:7c:ac:32:
                    b5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:91:DD:AE:84:A6:15:B5:BB:4E:88:19:58:30:08:4B:6F:7C:A5:FA
            X509v3 Authority Key Identifier:
                keyid:74:A8:D8:47:29:06:C2:03:8A:AE:C8:4C:7B:3E:56:C2:09:6B:E8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKjYRykGwgOKrshMez5Wwglr6GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/8JHdroSmFbW7TogZWDAIS298pfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d4d519-e774-415a-93ab-3956e56c1835/1/dKjYRykGwgOKrshMez5Wwglr6GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:99:83:38:3f:5c:55:6c:52:7d:b2:81:4b:e0:d1:e0:ce:44:
         f9:38:58:4e:c0:7a:e3:71:b2:f0:ab:d7:86:a7:98:db:38:24:
         bf:4d:88:9e:39:79:8f:34:19:e6:de:7e:0b:77:62:07:be:f2:
         ab:74:77:4a:0e:29:5b:f7:6f:fa:27:ec:ee:b8:56:96:73:5f:
         1c:1c:ae:f9:0e:ca:f5:d8:34:be:c1:62:15:99:10:d4:dc:e9:
         12:13:03:ae:51:4e:a6:84:2b:97:fb:f2:db:8d:59:4b:34:89:
         1e:5f:de:bb:ca:aa:a9:2b:90:09:31:6b:b6:fd:c6:c7:10:45:
         20:66:8e:4e:15:05:b2:cb:ba:43:b4:02:4e:ff:e2:d6:b7:f2:
         b4:dc:f5:76:b5:fe:15:a8:a8:8a:c9:e4:5a:76:1a:e7:d5:2d:
         60:f2:a3:cf:1e:dc:cf:d3:de:c7:92:21:3b:0c:86:d2:fa:d0:
         2d:95:0f:2f:bf:cc:10:37:53:a0:6f:1c:b1:c7:65:d5:78:b6:
         3d:dc:99:0f:c1:06:17:ab:73:ae:62:7a:00:0b:cc:f5:72:17:
         bc:4a:6b:ad:f5:8c:4d:cd:c6:87:a3:13:c7:c0:b1:66:44:7b:
         fd:1f:78:8f:c9:42:2b:d0:b2:ea:5d:33:26:01:3b:64:5d:82:
         a8:1d:b7:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zwNS/J3nuJezmf9WL0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YThkODQ3MjkwNmMyMDM4YWFlYzg0YzdiM2U1NmMyMDk2
YmU4NjAwHhcNMjUwMTAxMjE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDkxZGRhZTg0YTYxNWI1YmI0ZTg4MTk1ODMwMDg0YjZmN2NhNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14GzIFqg+JakFejDrnjxbuYMj29a
jcrs3yQK6acXgGDR3Tta/S7NW62prTmmOgtdRa919mJyX/h9qkt594Vxjc8dJvMD
We+1H++m4ds2Lb6Yo/qYbC1jUHG6LgFTrwpPMB1IlxRQ54CDNpSEZnjjf6p9nbRV
Z1XPkfkgs0S0Yg1TRNhpD3yikkHi2RZ8Ck+f8v96mEBUXhmn4jl2nTlEL+o7ArIo
00+/grwk+B2Sm2b9ube4IlLn3xdgyRHibAwJIi2muaYSVYE3b2/WVwe9xjUfZUNK
XzBJ0CUuEQ+T5nqjv/611E0Y41LzGCPh883nVHaIyeGHRBqnErJ8rDK1EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCR3a6EphW1u06IGVgwCEtvfKX6MB8GA1UdIwQY
MBaAFHSo2EcpBsIDiq7ITHs+VsIJa+hgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtqWVJ5a0d3Z09LcnNoTWV6NVd3Z2xyNkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kNGQ1MTktZTc3NC00MTVhLTkzYWIt
Mzk1NmU1NmMxODM1LzEvOEpIZHJvU21GYlc3VG9nWldEQUlTMjk4cGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kNGQ1MTktZTc3NC00MTVhLTkzYWItMzk1NmU1NmMxODM1
LzEvZEtqWVJ5a0d3Z09LcnNoTWV6NVd3Z2xyNkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMxMA0G
CSqGSIb3DQEBCwUAA4IBAQCImYM4P1xVbFJ9soFL4NHgzkT5OFhOwHrjcbLwq9eG
p5jbOCS/TYieOXmPNBnm3n4Ld2IHvvKrdHdKDilb92/6J+zuuFaWc18cHK75Dsr1
2DS+wWIVmRDU3OkSEwOuUU6mhCuX+/LbjVlLNIkeX967yqqpK5AJMWu2/cbHEEUg
Zo5OFQWyy7pDtAJO/+LWt/K03PV2tf4VqKiKyeRadhrn1S1g8qPPHtzP097HkiE7
DIbS+tAtlQ8vv8wQN1Ogbxyxx2XVeLY93JkPwQYXq3OuYnoAC8z1che8Smut9YxN
zcaHoxPHwLFmRHv9H3iPyUIr0LLqXTMmATtkXYKoHbew
-----END CERTIFICATE-----