Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qr_n8MjhhqF-PheYayDwdG5D0M.roa
File:                     8qr_n8MjhhqF-PheYayDwdG5D0M.roa (raw, json)
Hash identifier:          9wtPraHF3ErgOYtkMxXe9gT8u16i2d+mL8N9UZEu6YU=
Subject key identifier:   F2:AA:FF:9F:C3:23:86:1A:85:F8:F8:5E:61:AC:83:C1:D1:B9:0F:43
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01968660293055B9469D8A3AE3F1E2751A85
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qr_n8MjhhqF-PheYayDwdG5D0M.roa
Signing time:             Wed 30 Apr 2025 11:06:11 +0000
ROA not before:           Wed 30 Apr 2025 11:06:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48014
IP address blocks:        80.76.51.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          93.123.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:60:29:30:55:b9:46:9d:8a:3a:e3:f1:e2:75:1a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 30 11:06:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2aaff9fc323861a85f8f85e61ac83c1d1b90f43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5f:06:83:69:96:b6:8f:88:5d:22:0e:34:34:
                    f9:28:4c:6c:06:83:23:9e:49:21:21:e9:b8:e8:22:
                    da:f7:cc:fa:9d:a8:ec:e9:8b:d2:b6:29:33:25:c5:
                    02:94:f5:b9:97:60:9a:62:17:f3:50:7c:ce:fc:dd:
                    35:48:7d:80:58:d1:f2:9c:49:28:e6:58:29:9a:2a:
                    19:29:52:a5:33:02:68:31:43:ab:1a:28:63:c5:7d:
                    01:29:f0:4d:21:e9:a1:b5:1c:94:4e:5e:33:73:86:
                    8b:34:f3:e4:f0:44:1b:f8:9d:8b:70:0e:89:30:52:
                    4e:31:5a:f0:4e:8c:a4:e6:1d:81:2d:16:f0:60:1c:
                    36:f1:90:30:a2:0b:a0:bf:30:f1:7e:83:41:26:29:
                    21:52:8c:85:92:b7:90:54:1a:7a:f0:3c:91:14:ab:
                    05:b8:50:0a:86:e5:83:42:a4:27:3f:0a:5a:5c:65:
                    33:39:c7:9a:e4:69:0d:b4:b1:71:84:bf:12:b5:0f:
                    cb:61:d0:a8:75:7f:f0:87:59:3a:27:7e:8c:9c:bc:
                    e9:f9:fa:d7:32:c4:8d:b5:24:8c:84:8b:30:d1:9f:
                    96:76:a7:34:01:26:ba:ec:5d:b9:56:6e:73:95:60:
                    a0:09:3a:7d:4f:a1:75:01:8f:4b:9a:34:47:3c:8d:
                    c4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:AA:FF:9F:C3:23:86:1A:85:F8:F8:5E:61:AC:83:C1:D1:B9:0F:43
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qr_n8MjhhqF-PheYayDwdG5D0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.51.0/24
                  87.121.162.0/24
                  93.123.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:51:45:97:08:39:fd:7b:8d:54:82:04:02:a7:97:55:c8:c0:
         94:90:d9:f6:fb:a3:5e:4a:c9:de:f8:f0:f4:d8:f6:c9:11:61:
         56:5f:46:d5:76:fe:c3:c9:b3:81:b8:c5:47:e7:f0:f3:1c:5a:
         2a:6f:5b:a4:4a:42:54:4a:6f:70:48:94:8d:73:57:73:78:09:
         2b:14:15:14:77:17:38:a0:ff:eb:1a:36:22:13:75:f2:7a:2b:
         b1:d3:3a:bb:99:c0:1d:81:d9:89:66:8a:c3:83:1a:d5:ea:8b:
         5e:40:99:4d:44:2c:8a:c7:9a:92:7c:6f:ef:a8:18:78:d6:cc:
         b4:fe:29:7f:1c:28:36:cb:e3:68:6a:60:76:db:9d:60:d2:66:
         41:00:73:2e:02:92:2b:d3:2f:c8:8d:4b:4b:7d:2d:53:86:b2:
         78:94:54:37:11:5d:24:a6:c5:6c:00:99:99:0a:18:a3:8f:95:
         99:01:40:fa:8a:33:04:40:54:0a:80:4c:e6:3c:81:e7:f4:b2:
         31:96:ec:db:20:5a:cd:d7:14:be:e9:58:39:47:ed:88:cc:61:
         0d:8c:1f:7f:62:47:48:9a:13:12:33:a4:86:31:ba:82:d3:4e:
         b7:e8:3e:fe:b1:f9:53:3b:1e:dd:53:e8:3e:8c:10:85:13:1a:
         b9:c4:83:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaGYCkwVblGnYo64/HidRqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDMwMTEwNjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmFhZmY5ZmMzMjM4NjFhODVmOGY4NWU2MWFjODNjMWQxYjkwZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2F8Gg2mWto+IXSIONDT5KExsBoMj
nkkhIem46CLa98z6najs6YvStikzJcUClPW5l2CaYhfzUHzO/N01SH2AWNHynEko
5lgpmioZKVKlMwJoMUOrGihjxX0BKfBNIemhtRyUTl4zc4aLNPPk8EQb+J2LcA6J
MFJOMVrwToyk5h2BLRbwYBw28ZAwogugvzDxfoNBJikhUoyFkreQVBp68DyRFKsF
uFAKhuWDQqQnPwpaXGUzOcea5GkNtLFxhL8StQ/LYdCodX/wh1k6J36MnLzp+frX
MsSNtSSMhIsw0Z+Wdqc0ASa67F25Vm5zlWCgCTp9T6F1AY9LmjRHPI3EMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPKq/5/DI4Yahfj4XmGsg8HRuQ9DMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOHFyX244TWpoaHFGLVBoZVlheUR3ZEc1RDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEwzAwQA
V3miAwQAXXsuMA0GCSqGSIb3DQEBCwUAA4IBAQCbUUWXCDn9e41UggQCp5dVyMCU
kNn2+6NeSsne+PD02PbJEWFWX0bVdv7DybOBuMVH5/DzHFoqb1ukSkJUSm9wSJSN
c1dzeAkrFBUUdxc4oP/rGjYiE3Xyeiux0zq7mcAdgdmJZorDgxrV6oteQJlNRCyK
x5qSfG/vqBh41sy0/il/HCg2y+NoamB2251g0mZBAHMuApIr0y/IjUtLfS1ThrJ4
lFQ3EV0kpsVsAJmZChijj5WZAUD6ijMEQFQKgEzmPIHn9LIxluzbIFrN1xS+6Vg5
R+2IzGENjB9/YkdImhMSM6SGMbqC00636D7+sflTOx7dU+g+jBCFExq5xIPp
-----END CERTIFICATE-----