Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/8E6R6Y44D9-qyRI6dYC2IvHdVys.roa
File:                     8E6R6Y44D9-qyRI6dYC2IvHdVys.roa (raw, json)
Hash identifier:          7k1o4N+vAim0gSVRwVbbhvuvzFML/zVM+Z44HbQyM50=
Subject key identifier:   F0:4E:91:E9:8E:38:0F:DF:AA:C9:12:3A:75:80:B6:22:F1:DD:57:2B
Certificate issuer:       /CN=dfb8d9140502c9e035305189bf658234db14f54c
Certificate serial:       0197690FE35EBD70B17FCD2BE0AD00818987
Authority key identifier: DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/8E6R6Y44D9-qyRI6dYC2IvHdVys.roa
Signing time:             Fri 13 Jun 2025 11:32:18 +0000
ROA not before:           Fri 13 Jun 2025 11:32:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50489
IP address blocks:        212.104.134.0/24 maxlen: 24
                          213.254.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:0f:e3:5e:bd:70:b1:7f:cd:2b:e0:ad:00:81:89:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8d9140502c9e035305189bf658234db14f54c
        Validity
            Not Before: Jun 13 11:32:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f04e91e98e380fdfaac9123a7580b622f1dd572b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c4:c3:4b:c0:98:67:5d:34:aa:02:eb:7b:ce:
                    15:3d:92:43:95:32:b3:89:8a:eb:ff:0c:6a:0b:6a:
                    0d:b8:f1:f5:82:95:c7:2b:f1:09:99:4d:bc:b6:da:
                    24:82:ba:6b:b8:ed:86:d1:c9:91:82:bb:96:01:30:
                    fc:b6:c0:d3:ce:86:3a:31:84:a6:a1:f4:a6:14:3e:
                    f0:25:e6:bc:71:22:76:f6:df:55:08:70:35:07:3f:
                    6d:d5:e4:00:e3:1d:8e:78:bf:52:75:c8:17:37:f3:
                    d8:00:47:c1:81:41:97:d7:51:0d:62:2d:28:23:c6:
                    2e:b0:a5:ca:64:74:82:39:7c:28:b0:e7:5a:ed:a0:
                    68:4a:48:0f:b0:d7:7a:5f:e5:ea:7c:15:19:46:17:
                    65:91:47:68:60:90:fe:c8:9b:7f:ba:8a:54:0c:31:
                    cd:b0:b6:97:08:2d:8c:c9:87:77:d6:aa:34:81:57:
                    63:22:bd:26:f0:1b:47:1c:67:8c:f2:b4:cd:3d:90:
                    bb:1e:ce:8f:6c:03:fe:b3:05:8c:f4:55:0c:aa:7a:
                    2d:34:1d:fa:45:a8:98:5b:1f:ad:cc:4a:3f:6c:ea:
                    ef:77:8b:09:56:69:07:a3:9f:2f:50:bd:50:19:4d:
                    53:80:5d:e1:de:8f:01:d6:9f:20:a4:3e:06:87:77:
                    d1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4E:91:E9:8E:38:0F:DF:AA:C9:12:3A:75:80:B6:22:F1:DD:57:2B
            X509v3 Authority Key Identifier:
                keyid:DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/8E6R6Y44D9-qyRI6dYC2IvHdVys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.134.0/24
                  213.254.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:b0:3b:ee:73:d2:39:33:4a:29:d7:a8:81:99:c1:52:30:ad:
         cf:b8:d7:8d:4f:50:4a:2c:4e:5e:29:e6:68:ba:7a:34:f2:a6:
         f6:9c:f1:05:fe:45:2b:7e:38:c5:9a:f2:aa:e5:a3:bc:73:aa:
         bf:b3:74:a7:38:69:93:6a:a0:4f:08:9b:54:22:e6:69:b4:1a:
         f6:08:79:a3:e1:e0:3a:09:95:91:54:da:96:3d:54:53:23:2b:
         03:0e:71:67:b3:0c:9a:14:6b:04:23:5e:98:03:bc:0e:06:03:
         39:b6:67:b7:65:4f:d9:41:65:06:a1:11:73:85:93:d6:d2:04:
         bd:fa:f9:33:99:ee:31:95:fe:ee:21:f2:6e:d1:1f:15:a3:5c:
         8a:ce:0c:6c:b0:ca:74:dc:5b:c5:da:9e:b5:7b:d3:e6:68:1e:
         df:bc:67:b8:05:31:99:ab:c3:69:63:d8:16:28:91:af:e3:64:
         3a:38:79:9d:0b:3e:6e:98:d3:ba:ba:11:9d:45:d5:86:fc:53:
         91:51:65:51:04:11:84:83:43:b4:ea:eb:15:5e:95:ee:ba:f5:
         42:57:b5:7a:64:cf:79:94:a8:02:04:1f:c7:78:ca:cf:42:c9:
         38:bc:84:f0:06:15:84:89:24:3d:21:0c:4e:3e:80:ba:ab:5a:
         9f:15:1a:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdpD+NevXCxf80r4K0AgYmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhkOTE0MDUwMmM5ZTAzNTMwNTE4OWJmNjU4MjM0ZGIx
NGY1NGMwHhcNMjUwNjEzMTEzMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRlOTFlOThlMzgwZmRmYWFjOTEyM2E3NTgwYjYyMmYxZGQ1NzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcTDS8CYZ100qgLre84VPZJDlTKz
iYrr/wxqC2oNuPH1gpXHK/EJmU28ttokgrpruO2G0cmRgruWATD8tsDTzoY6MYSm
ofSmFD7wJea8cSJ29t9VCHA1Bz9t1eQA4x2OeL9SdcgXN/PYAEfBgUGX11ENYi0o
I8YusKXKZHSCOXwosOda7aBoSkgPsNd6X+XqfBUZRhdlkUdoYJD+yJt/uopUDDHN
sLaXCC2MyYd31qo0gVdjIr0m8BtHHGeM8rTNPZC7Hs6PbAP+swWM9FUMqnotNB36
RaiYWx+tzEo/bOrvd4sJVmkHo58vUL1QGU1TgF3h3o8B1p8gpD4Gh3fRMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPBOkemOOA/fqskSOnWAtiLx3VcrMB8GA1UdIwQY
MBaAFN+42RQFAsngNTBRib9lgjTbFPVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgt
NDFlNzNjMWViYWUxLzEvOEU2UjZZNDREOS1xeVJJNmRZQzJJdkhkVnlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgtNDFlNzNjMWViYWUx
LzEvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1GiGAwQA
1f6oMA0GCSqGSIb3DQEBCwUAA4IBAQBLsDvuc9I5M0op16iBmcFSMK3PuNeNT1BK
LE5eKeZouno08qb2nPEF/kUrfjjFmvKq5aO8c6q/s3SnOGmTaqBPCJtUIuZptBr2
CHmj4eA6CZWRVNqWPVRTIysDDnFnswyaFGsEI16YA7wOBgM5tme3ZU/ZQWUGoRFz
hZPW0gS9+vkzme4xlf7uIfJu0R8Vo1yKzgxssMp03FvF2p61e9PmaB7fvGe4BTGZ
q8NpY9gWKJGv42Q6OHmdCz5umNO6uhGdRdWG/FORUWVRBBGEg0O06usVXpXuuvVC
V7V6ZM95lKgCBB/HeMrPQsk4vITwBhWEiSQ9IQxOPoC6q1qfFRob
-----END CERTIFICATE-----