Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8InrSjJqHerI0qpvpIQ4EtKzVE8.roa
File:                     8InrSjJqHerI0qpvpIQ4EtKzVE8.roa (raw, json)
Hash identifier:          Al/3RCJe3O9CPqawGuhEl7HFu9K4ju66moVDRYMuqA0=
Subject key identifier:   F0:89:EB:4A:32:6A:1D:EA:C8:D2:AA:6F:A4:84:38:12:D2:B3:54:4F
Certificate issuer:       /CN=f3e36222ccbc6c7221360540bab3a9dba9f237a0
Certificate serial:       0196B0C5B9CF8F12D6AB44B0BE129FA7BECC
Authority key identifier: F3:E3:62:22:CC:BC:6C:72:21:36:05:40:BA:B3:A9:DB:A9:F2:37:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8InrSjJqHerI0qpvpIQ4EtKzVE8.roa
Signing time:             Thu 08 May 2025 16:41:10 +0000
ROA not before:           Thu 08 May 2025 16:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21396
IP address blocks:        193.223.78.0/24 maxlen: 24
                          194.180.187.0/24 maxlen: 24
                          2a13:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:c5:b9:cf:8f:12:d6:ab:44:b0:be:12:9f:a7:be:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3e36222ccbc6c7221360540bab3a9dba9f237a0
        Validity
            Not Before: May  8 16:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f089eb4a326a1deac8d2aa6fa4843812d2b3544f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:37:90:fa:d2:b8:62:b0:11:d8:03:b7:39:13:
                    12:b0:93:9e:17:eb:1f:6a:d5:fd:19:ca:e6:a3:66:
                    ce:76:8c:38:f8:6a:3d:bc:22:86:27:86:da:78:2b:
                    4e:21:25:12:79:28:33:e0:9f:91:32:05:c9:dd:4e:
                    4f:f8:4f:35:2b:16:cc:1d:d7:09:1d:8a:ce:33:06:
                    82:0f:ae:f6:09:52:f2:8b:41:e3:b0:a0:b6:88:4c:
                    69:48:fa:74:0c:24:7e:16:41:f5:6d:da:cf:07:07:
                    f2:3e:78:54:0c:59:d2:eb:ba:93:c3:af:c4:84:6c:
                    ef:37:8e:fc:d3:47:29:46:22:a5:12:3e:49:49:63:
                    a9:0d:eb:52:6c:9c:41:4e:d5:54:2e:eb:f9:56:05:
                    92:6d:b4:c2:fb:0d:37:df:9b:6d:bb:45:d1:f3:f4:
                    77:a5:ad:8a:28:46:a9:f8:95:c3:31:51:6e:c5:7b:
                    18:bd:6d:c7:6a:95:d8:16:e2:90:b6:6f:a7:06:f4:
                    92:7a:46:2b:c8:0b:82:83:6f:d3:57:b6:7b:00:59:
                    13:9c:c8:64:c8:1c:02:c7:7a:99:a0:1f:ec:1c:9c:
                    17:5a:13:1a:42:88:b5:07:52:83:08:cf:ff:ea:0f:
                    e4:b0:1f:83:1a:91:be:5e:6e:3a:1c:66:2c:e7:37:
                    74:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:89:EB:4A:32:6A:1D:EA:C8:D2:AA:6F:A4:84:38:12:D2:B3:54:4F
            X509v3 Authority Key Identifier:
                keyid:F3:E3:62:22:CC:BC:6C:72:21:36:05:40:BA:B3:A9:DB:A9:F2:37:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8InrSjJqHerI0qpvpIQ4EtKzVE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.223.78.0/24
                  194.180.187.0/24
                IPv6:
                  2a13:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:08:92:ed:cd:39:c6:eb:da:28:39:4d:4b:e2:d6:cc:76:85:
         ec:9e:73:18:4e:cc:d0:09:07:9f:36:b3:ed:42:d3:75:b5:f8:
         17:6f:98:54:26:f3:11:9b:a1:66:51:b5:0f:36:8f:b0:e9:8e:
         29:5a:e4:1e:88:f3:a0:9e:0b:9c:61:a5:47:ca:1b:12:c6:af:
         62:de:df:bb:cf:a7:b7:c0:6c:7f:89:1b:ec:26:ad:ca:67:56:
         54:31:68:27:bd:16:b7:1c:5a:e4:31:5d:90:3d:04:10:b8:0f:
         87:58:fe:b2:58:63:2f:87:1e:d7:8a:65:93:a0:2b:50:e2:66:
         27:67:ad:f4:e9:21:f8:5c:ae:07:51:90:01:12:ae:43:b3:24:
         57:c4:81:68:d9:8b:67:8c:83:e8:a7:56:8d:bd:fe:e6:fd:ad:
         10:d7:e4:76:42:ee:b3:b6:1c:f7:5e:49:8b:40:75:aa:98:10:
         0a:11:0d:a0:31:74:16:82:b2:69:a9:14:05:e0:e4:ec:03:b5:
         d0:ea:cf:87:e5:66:b2:77:8b:67:00:17:7d:e6:33:85:e9:de:
         f0:86:04:05:e3:b7:f3:de:be:16:11:90:21:f6:e8:dd:ad:88:
         3e:9b:dc:5e:c2:5d:d7:1f:e2:38:4c:3f:af:61:4a:3f:9e:7b:
         d2:40:47:0e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZawxbnPjxLWq0SwvhKfp77MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZTM2MjIyY2NiYzZjNzIyMTM2MDU0MGJhYjNhOWRiYTlm
MjM3YTAwHhcNMjUwNTA4MTY0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDg5ZWI0YTMyNmExZGVhYzhkMmFhNmZhNDg0MzgxMmQyYjM1NDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDeQ+tK4YrAR2AO3ORMSsJOeF+sf
atX9Gcrmo2bOdow4+Go9vCKGJ4baeCtOISUSeSgz4J+RMgXJ3U5P+E81KxbMHdcJ
HYrOMwaCD672CVLyi0HjsKC2iExpSPp0DCR+FkH1bdrPBwfyPnhUDFnS67qTw6/E
hGzvN47800cpRiKlEj5JSWOpDetSbJxBTtVULuv5VgWSbbTC+w0335ttu0XR8/R3
pa2KKEap+JXDMVFuxXsYvW3HapXYFuKQtm+nBvSSekYryAuCg2/TV7Z7AFkTnMhk
yBwCx3qZoB/sHJwXWhMaQoi1B1KDCM//6g/ksB+DGpG+Xm46HGYs5zd0qQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPCJ60oyah3qyNKqb6SEOBLSs1RPMB8GA1UdIwQY
MBaAFPPjYiLMvGxyITYFQLqzqdup8jegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOC1OaUlzeThiSEloTmdWQXVyT3AyNm55TjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jYzQ4ZjQtMGQ5My00YjY5LThhNGYt
ODcyNGVkNWU5MDNhLzEvOEluclNqSnFIZXJJMHFwdnBJUTRFdEt6VkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jYzQ4ZjQtMGQ5My00YjY5LThhNGYtODcyNGVkNWU5MDNh
LzEvOC1OaUlzeThiSEloTmdWQXVyT3AyNm55TjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwd9OAwQA
wrS7MA0EAgACMAcDBQMqE/BAMA0GCSqGSIb3DQEBCwUAA4IBAQA7CJLtzTnG69oo
OU1L4tbMdoXsnnMYTszQCQefNrPtQtN1tfgXb5hUJvMRm6FmUbUPNo+w6Y4pWuQe
iPOgngucYaVHyhsSxq9i3t+7z6e3wGx/iRvsJq3KZ1ZUMWgnvRa3HFrkMV2QPQQQ
uA+HWP6yWGMvhx7XimWToCtQ4mYnZ6306SH4XK4HUZABEq5DsyRXxIFo2YtnjIPo
p1aNvf7m/a0Q1+R2Qu6zthz3XkmLQHWqmBAKEQ2gMXQWgrJpqRQF4OTsA7XQ6s+H
5Wayd4tnABd95jOF6d7whgQF47fz3r4WEZAh9ujdrYg+m9xewl3XH+I4TD+vYUo/
nnvSQEcO
-----END CERTIFICATE-----