Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/P8SdjgL8ZDRD9dCtV019i5iHb24.roa
File:                     P8SdjgL8ZDRD9dCtV019i5iHb24.roa (raw, json)
Hash identifier:          CoeDwI0txm8Gy2K05IA/CNWDcRLrTXgP9de+lbPwdzQ=
Subject key identifier:   3F:C4:9D:8E:02:FC:64:34:43:F5:D0:AD:57:4D:7D:8B:98:87:6F:6E
Certificate issuer:       /CN=2588b1b560f998eccd3a6eff40543b59204d67b8
Certificate serial:       0196B5D09E9DEEDB22F4860DE39075E9CB8B
Authority key identifier: 25:88:B1:B5:60:F9:98:EC:CD:3A:6E:FF:40:54:3B:59:20:4D:67:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/P8SdjgL8ZDRD9dCtV019i5iHb24.roa
Signing time:             Fri 09 May 2025 16:11:10 +0000
ROA not before:           Fri 09 May 2025 16:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202371
IP address blocks:        94.185.119.0/24 maxlen: 24
                          94.185.120.0/24 maxlen: 24
                          94.185.121.0/24 maxlen: 24
                          94.185.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b5:d0:9e:9d:ee:db:22:f4:86:0d:e3:90:75:e9:cb:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2588b1b560f998eccd3a6eff40543b59204d67b8
        Validity
            Not Before: May  9 16:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fc49d8e02fc643443f5d0ad574d7d8b98876f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:08:84:37:f6:f5:5a:ec:3f:ee:8d:d6:6f:
                    ae:d6:ed:c3:ad:28:81:70:c7:ee:19:57:b3:ab:cd:
                    25:35:77:41:44:32:e1:db:db:57:6e:4b:41:4d:7f:
                    57:d9:de:d1:fe:f4:e6:44:44:03:26:0c:15:9d:76:
                    26:97:5a:99:58:4c:58:f2:5a:ab:07:8a:e9:09:ce:
                    f0:41:cd:bf:7f:99:dd:c5:39:ae:c1:63:21:28:78:
                    68:f5:3d:7c:bc:54:95:08:e6:87:ee:13:75:92:da:
                    cf:0b:80:1c:d9:85:eb:d8:73:9d:65:87:03:94:64:
                    c7:f1:11:01:c6:0c:58:16:c6:e7:ef:a3:06:dc:57:
                    33:84:11:5e:59:d2:bf:1b:08:3c:46:86:88:bc:21:
                    15:e8:c5:73:4c:cb:3a:88:47:4d:d2:0d:79:57:88:
                    9d:41:61:11:58:c9:f6:01:0d:2f:ba:3f:99:81:8b:
                    9f:c3:fd:0f:17:17:37:43:0d:db:68:26:7c:6f:5d:
                    c3:4d:0f:88:e8:c8:a6:03:0d:13:1b:01:bb:71:68:
                    96:cc:35:5a:34:14:b6:aa:d3:cd:f2:36:47:28:6a:
                    71:ce:27:81:9c:9f:2d:29:61:23:b4:24:7e:84:e2:
                    5d:e4:08:bc:91:e9:39:b6:2e:2b:27:2d:08:e1:a0:
                    88:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C4:9D:8E:02:FC:64:34:43:F5:D0:AD:57:4D:7D:8B:98:87:6F:6E
            X509v3 Authority Key Identifier:
                keyid:25:88:B1:B5:60:F9:98:EC:CD:3A:6E:FF:40:54:3B:59:20:4D:67:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/P8SdjgL8ZDRD9dCtV019i5iHb24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.185.119.0-94.185.122.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:62:7e:71:e0:dd:49:ff:77:36:f9:03:fd:f5:69:ad:2a:4c:
         60:c6:1e:f2:fb:c8:0c:3d:65:83:31:ad:26:98:60:5b:4c:cc:
         ff:8b:bc:d4:9c:a3:1f:15:fb:08:7e:88:7c:56:84:f8:99:a5:
         a0:aa:06:8a:6a:11:69:4f:8e:49:da:ce:8b:db:e9:66:a4:4f:
         ca:24:2c:18:f4:73:93:73:38:06:90:18:b2:1b:b0:3a:c6:93:
         b3:f8:8a:81:fc:a0:7c:48:b6:a4:94:51:88:03:63:00:3d:ee:
         01:77:23:62:91:bb:27:a6:44:90:cb:f8:74:cb:a4:9d:14:d0:
         c5:a7:c3:03:8f:44:23:00:b8:2a:3a:ec:c9:16:79:32:f9:bb:
         fb:50:c2:d0:e8:93:cb:fe:cd:29:fd:9f:cc:db:2f:1f:71:de:
         eb:ed:6d:db:8f:68:b6:71:54:5e:6e:78:86:89:85:68:e6:d3:
         a5:77:2f:2a:b0:86:d0:fa:b9:af:46:74:70:df:6a:67:92:86:
         4d:ba:cb:47:5c:c3:13:6c:13:70:9d:3e:d5:f0:35:69:d4:49:
         9e:6e:ea:bf:7a:af:55:47:f4:55:30:ba:33:1d:20:cb:66:6e:
         c7:bc:66:05:98:ec:1c:bd:5c:42:9f:6f:d2:19:cd:72:69:dc:
         12:68:08:d9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZa10J6d7tsi9IYN45B16cuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODhiMWI1NjBmOTk4ZWNjZDNhNmVmZjQwNTQzYjU5MjA0
ZDY3YjgwHhcNMjUwNTA5MTYxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmM0OWQ4ZTAyZmM2NDM0NDNmNWQwYWQ1NzRkN2Q4Yjk4ODc2ZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr48IhDf29VrsP+6N1m+u1u3DrSiB
cMfuGVezq80lNXdBRDLh29tXbktBTX9X2d7R/vTmREQDJgwVnXYml1qZWExY8lqr
B4rpCc7wQc2/f5ndxTmuwWMhKHho9T18vFSVCOaH7hN1ktrPC4Ac2YXr2HOdZYcD
lGTH8REBxgxYFsbn76MG3FczhBFeWdK/Gwg8RoaIvCEV6MVzTMs6iEdN0g15V4id
QWERWMn2AQ0vuj+ZgYufw/0PFxc3Qw3baCZ8b13DTQ+I6MimAw0TGwG7cWiWzDVa
NBS2qtPN8jZHKGpxzieBnJ8tKWEjtCR+hOJd5Ai8kek5ti4rJy0I4aCIBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD/EnY4C/GQ0Q/XQrVdNfYuYh29uMB8GA1UdIwQY
MBaAFCWIsbVg+ZjszTpu/0BUO1kgTWe4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllpeHRXRDVtT3pOT203X1FGUTdXU0JOWjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8xOGQ2ZDUtNmM4Ni00MmMxLTg0ZjEt
OTlhMDE4OTg4OGI1LzEvUDhTZGpnTDhaRFJEOWRDdFYwMTlpNWlIYjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8xOGQ2ZDUtNmM4Ni00MmMxLTg0ZjEtOTlhMDE4OTg4OGI1
LzEvSllpeHRXRDVtT3pOT203X1FGUTdXU0JOWjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABeuXcD
BABeuXowDQYJKoZIhvcNAQELBQADggEBAJpifnHg3Un/dzb5A/31aa0qTGDGHvL7
yAw9ZYMxrSaYYFtMzP+LvNScox8V+wh+iHxWhPiZpaCqBopqEWlPjknazovb6Wak
T8okLBj0c5NzOAaQGLIbsDrGk7P4ioH8oHxItqSUUYgDYwA97gF3I2KRuyemRJDL
+HTLpJ0U0MWnwwOPRCMAuCo67MkWeTL5u/tQwtDok8v+zSn9n8zbLx9x3uvtbduP
aLZxVF5ueIaJhWjm06V3LyqwhtD6ua9GdHDfameShk26y0dcwxNsE3CdPtXwNWnU
SZ5u6r96r1VH9FUwujMdIMtmbse8ZgWY7By9XEKfb9IZzXJp3BJoCNk=
-----END CERTIFICATE-----