Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8SJ-TISvgTFpGpVKy7_2AF7cH5s.roa
File:                     8SJ-TISvgTFpGpVKy7_2AF7cH5s.roa (raw, json)
Hash identifier:          G8ujt9rwmNIYzZ6nwmnpiAg0S+DLpc0+vGOT12Fgv+M=
Subject key identifier:   F1:22:7E:4C:84:AF:81:31:69:1A:95:4A:CB:BF:F6:00:5E:DC:1F:9B
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0194228E466D5860EB053942E842F8709FFE
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8SJ-TISvgTFpGpVKy7_2AF7cH5s.roa
Signing time:             Wed 01 Jan 2025 15:48:57 +0000
ROA not before:           Wed 01 Jan 2025 15:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205175
IP address blocks:        213.145.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:46:6d:58:60:eb:05:39:42:e8:42:f8:70:9f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 15:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1227e4c84af8131691a954acbbff6005edc1f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:33:cb:ad:5e:a4:7b:29:c0:4c:a5:f1:9d:ec:
                    c1:c8:48:90:f7:14:76:5f:5e:c6:30:cb:4e:86:b3:
                    f2:59:35:ef:69:4d:2b:a7:1f:ce:fe:db:6d:16:d4:
                    b3:38:ba:4f:2a:6d:71:15:98:ed:e8:f2:be:c7:d2:
                    cd:e0:22:02:69:d0:07:57:5c:15:16:3c:f0:5d:aa:
                    45:a2:3e:8e:36:12:b0:da:d5:89:a5:55:c9:80:51:
                    18:f8:54:bb:f2:28:90:08:5e:ce:04:84:4a:9b:f0:
                    da:f7:f2:4e:2e:ba:c5:ea:ee:c9:9d:4c:ad:0f:07:
                    ea:9e:8a:14:f8:cd:6f:54:37:2e:e1:8d:c2:56:82:
                    85:f2:6b:4f:b7:4e:59:8a:08:9e:1e:54:05:51:cc:
                    79:6a:4d:50:95:b9:42:c4:95:c6:5c:70:44:56:85:
                    f9:58:8d:a7:be:a7:8f:f5:48:5c:d3:81:43:5c:c6:
                    b7:07:10:27:1c:7f:91:99:0e:37:51:0d:63:d5:51:
                    0f:02:2a:76:8e:f4:31:8e:c5:c6:fa:c1:19:3c:c2:
                    81:df:6d:e5:d1:da:02:98:57:6f:30:d6:37:30:7f:
                    3c:4c:d9:45:ae:6c:49:5e:a2:41:b0:33:a5:07:3f:
                    53:8f:7e:d9:d6:60:7d:5e:87:b3:c1:6c:41:6e:63:
                    04:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:22:7E:4C:84:AF:81:31:69:1A:95:4A:CB:BF:F6:00:5E:DC:1F:9B
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8SJ-TISvgTFpGpVKy7_2AF7cH5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:8b:6a:d7:d3:46:1b:d9:c9:aa:cb:00:87:6b:5c:22:5f:86:
         f3:70:3c:6b:ce:e8:d4:66:47:12:bd:05:ee:b5:08:d0:30:e2:
         af:ce:33:e1:0e:fc:9e:fb:8d:f5:b8:56:1c:4e:dd:1e:46:0e:
         8f:73:93:a6:ae:0c:68:e4:49:a4:4d:2e:c4:98:17:51:c0:7f:
         aa:08:44:29:a0:5d:ed:e0:09:de:97:43:5c:a9:8a:9b:fb:b0:
         81:e3:11:9a:ed:51:2b:bd:01:74:d6:ef:a3:37:7e:bf:57:03:
         bd:72:e4:6b:31:f8:e7:ea:3d:95:1e:0c:63:eb:ab:b7:48:5e:
         e1:de:62:cd:2c:b9:59:c6:ea:f8:a8:4a:47:3f:39:51:a8:63:
         54:ee:e0:b1:76:7e:b0:3e:97:cb:4a:dc:bc:0e:2e:10:b6:59:
         c1:55:bf:6a:91:06:27:e0:e1:c6:1a:6c:d8:9d:9c:34:5d:e9:
         24:c2:e0:11:90:27:d9:c7:58:85:a7:fb:3c:3a:26:1f:28:e2:
         bd:8b:a7:e7:21:75:45:9f:94:0c:df:ed:d6:8e:fc:5e:b6:2d:
         7d:a3:92:2c:f1:89:e4:20:e6:8b:0c:18:b2:ae:59:56:29:49:
         7f:ae:3b:63:dd:dc:cf:a8:fb:3e:d0:cc:ed:ae:f2:fd:17:fd:
         67:6c:0a:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkZtWGDrBTlC6EL4cJ/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwMTAxMTU0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTIyN2U0Yzg0YWY4MTMxNjkxYTk1NGFjYmJmZjYwMDVlZGMxZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DPLrV6keynATKXxnezByEiQ9xR2
X17GMMtOhrPyWTXvaU0rpx/O/tttFtSzOLpPKm1xFZjt6PK+x9LN4CICadAHV1wV
FjzwXapFoj6ONhKw2tWJpVXJgFEY+FS78iiQCF7OBIRKm/Da9/JOLrrF6u7JnUyt
DwfqnooU+M1vVDcu4Y3CVoKF8mtPt05ZigieHlQFUcx5ak1QlblCxJXGXHBEVoX5
WI2nvqeP9Uhc04FDXMa3BxAnHH+RmQ43UQ1j1VEPAip2jvQxjsXG+sEZPMKB323l
0doCmFdvMNY3MH88TNlFrmxJXqJBsDOlBz9Tj37Z1mB9XoezwWxBbmME/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEifkyEr4ExaRqVSsu/9gBe3B+bMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvOFNKLVRJU3ZnVEZwR3BWS3k3XzJBRjdjSDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFCMA0G
CSqGSIb3DQEBCwUAA4IBAQCri2rX00Yb2cmqywCHa1wiX4bzcDxrzujUZkcSvQXu
tQjQMOKvzjPhDvye+431uFYcTt0eRg6Pc5Omrgxo5EmkTS7EmBdRwH+qCEQpoF3t
4Anel0NcqYqb+7CB4xGa7VErvQF01u+jN36/VwO9cuRrMfjn6j2VHgxj66u3SF7h
3mLNLLlZxur4qEpHPzlRqGNU7uCxdn6wPpfLSty8Di4QtlnBVb9qkQYn4OHGGmzY
nZw0XekkwuARkCfZx1iFp/s8OiYfKOK9i6fnIXVFn5QM3+3Wjvxeti19o5Is8Ynk
IOaLDBiyrllWKUl/rjtj3dzPqPs+0MztrvL9F/1nbApH
-----END CERTIFICATE-----