Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/8VY2vhHUmkOqKK5riOpbFHHXXkc.roa
File:                     8VY2vhHUmkOqKK5riOpbFHHXXkc.roa (raw, json)
Hash identifier:          Q75iyU7147QSJBEkOoLog1v9LPy6Bs/w3ojoptE4kss=
Subject key identifier:   F1:56:36:BE:11:D4:9A:43:AA:28:AE:6B:88:EA:5B:14:71:D7:5E:47
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01989851F5A2650A959DF38DE49F9793C079
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/8VY2vhHUmkOqKK5riOpbFHHXXkc.roa
Signing time:             Mon 11 Aug 2025 08:49:24 +0000
ROA not before:           Mon 11 Aug 2025 08:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        45.131.162.0/24 maxlen: 24
                          88.214.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:51:f5:a2:65:0a:95:9d:f3:8d:e4:9f:97:93:c0:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 11 08:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f15636be11d49a43aa28ae6b88ea5b1471d75e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:8e:86:c5:a8:ba:79:05:51:d4:83:c7:96:
                    56:a2:37:4e:7a:74:26:33:d3:b4:a8:62:58:c9:87:
                    71:08:af:1d:c6:8d:6d:f7:55:ad:31:e8:35:5a:4a:
                    36:82:c8:63:2e:9d:b2:33:08:11:ba:09:8c:ff:5c:
                    3e:bf:96:12:9d:95:63:e1:d3:43:84:d3:4c:da:ac:
                    3d:39:51:8d:3b:73:79:ff:e4:1f:35:45:d0:3c:7d:
                    a4:a3:fd:51:0f:14:ff:15:4d:70:7b:27:36:6c:d8:
                    5d:c1:34:69:a1:dc:83:cb:2b:36:03:a7:d4:e9:01:
                    54:1c:6c:c2:57:43:ae:77:42:ca:ac:92:c9:0e:da:
                    9b:e7:5b:4a:4e:75:20:f1:ab:bc:39:fc:5e:12:ce:
                    18:ae:95:fc:a6:15:22:f2:93:2d:e5:8e:14:c2:04:
                    6f:fb:79:24:2a:19:e4:1c:a1:78:1e:fa:e9:06:23:
                    81:75:54:68:a2:97:bb:07:01:40:1f:5f:03:33:49:
                    ed:91:d9:95:46:56:d7:90:53:d1:92:d9:4f:67:35:
                    04:3d:21:6e:c6:ab:8f:5c:a9:0b:30:a0:33:58:60:
                    70:c7:ea:e2:7c:1d:4f:21:49:d5:ab:dd:48:72:f0:
                    7f:d7:33:57:62:c8:43:9d:d2:a6:44:c5:4b:86:61:
                    ef:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:56:36:BE:11:D4:9A:43:AA:28:AE:6B:88:EA:5B:14:71:D7:5E:47
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/8VY2vhHUmkOqKK5riOpbFHHXXkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.162.0/24
                  88.214.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ec:b5:59:ea:62:75:d1:45:d4:23:3c:38:85:d7:34:be:0b:
         d1:25:8f:89:78:bd:49:fa:5a:01:29:6d:f0:c7:98:13:7e:63:
         8c:40:be:8a:31:52:46:2f:12:a8:3e:2f:12:b2:bb:db:f5:a8:
         a7:87:cf:fc:41:99:66:57:e8:7f:60:7f:dd:33:73:cf:2e:a4:
         97:d3:67:32:46:68:67:b8:46:9c:5d:7d:48:7f:a1:8e:04:a3:
         2e:83:b8:c1:13:68:df:05:af:9f:94:c8:47:54:d6:52:90:12:
         01:ec:12:25:c5:ae:5a:16:c8:20:46:8a:d1:9f:9d:00:bf:fd:
         a0:23:bd:84:ac:ea:e6:3c:68:c8:5e:6a:3f:e9:5c:18:02:0b:
         bc:c2:88:2b:2e:16:b8:53:f3:a1:14:de:7d:c5:e0:96:6e:9c:
         54:ad:94:6f:ae:2b:4d:8c:f5:be:e1:00:96:07:99:4e:79:c7:
         ec:1b:d4:ca:fe:0a:ee:cf:9c:c7:e2:b9:68:60:74:1b:35:27:
         44:61:64:44:b9:ae:c7:37:fc:22:3e:c6:03:db:3f:6a:07:24:
         e5:19:f2:fc:c4:18:d6:26:36:39:95:48:54:96:e4:24:2f:19:
         48:1b:07:23:22:16:01:15:0b:38:4a:b5:e6:ba:1e:77:14:0d:
         db:07:ea:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiYUfWiZQqVnfON5J+Xk8B5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwODExMDg0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTU2MzZiZTExZDQ5YTQzYWEyOGFlNmI4OGVhNWIxNDcxZDc1ZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh2OhsWounkFUdSDx5ZWojdOenQm
M9O0qGJYyYdxCK8dxo1t91WtMeg1Wko2gshjLp2yMwgRugmM/1w+v5YSnZVj4dND
hNNM2qw9OVGNO3N5/+QfNUXQPH2ko/1RDxT/FU1weyc2bNhdwTRpodyDyys2A6fU
6QFUHGzCV0Oud0LKrJLJDtqb51tKTnUg8au8OfxeEs4YrpX8phUi8pMt5Y4UwgRv
+3kkKhnkHKF4HvrpBiOBdVRoope7BwFAH18DM0ntkdmVRlbXkFPRktlPZzUEPSFu
xquPXKkLMKAzWGBwx+rifB1PIUnVq91IcvB/1zNXYshDndKmRMVLhmHvsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPFWNr4R1JpDqiiua4jqWxRx115HMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvOFZZMnZoSFVta09xS0s1cmlPcGJGSEhYWGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYOiAwQA
WNYzMA0GCSqGSIb3DQEBCwUAA4IBAQAv7LVZ6mJ10UXUIzw4hdc0vgvRJY+JeL1J
+loBKW3wx5gTfmOMQL6KMVJGLxKoPi8Ssrvb9ainh8/8QZlmV+h/YH/dM3PPLqSX
02cyRmhnuEacXX1If6GOBKMug7jBE2jfBa+flMhHVNZSkBIB7BIlxa5aFsggRorR
n50Av/2gI72ErOrmPGjIXmo/6VwYAgu8wogrLha4U/OhFN59xeCWbpxUrZRvritN
jPW+4QCWB5lOecfsG9TK/gruz5zH4rloYHQbNSdEYWREua7HN/wiPsYD2z9qByTl
GfL8xBjWJjY5lUhUluQkLxlIGwcjIhYBFQs4SrXmuh53FA3bB+oh
-----END CERTIFICATE-----