Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/i_8OV4hfwWGXwF9V2zc6PphYPKE.roa
File:                     i_8OV4hfwWGXwF9V2zc6PphYPKE.roa (raw, json)
Hash identifier:          C7CIFHPDYn+G4rh2qeYAbZYKxEJSwAPGvW6pQ9glEwE=
Subject key identifier:   8B:FF:0E:57:88:5F:C1:61:97:C0:5F:55:DB:37:3A:3E:98:58:3C:A1
Certificate issuer:       /CN=8218514aaadfa03846ba1f6d39f1f9e437c63c41
Certificate serial:       0196EDBC0D94081E56D6C08DA54FF71CEA83
Authority key identifier: 82:18:51:4A:AA:DF:A0:38:46:BA:1F:6D:39:F1:F9:E4:37:C6:3C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/i_8OV4hfwWGXwF9V2zc6PphYPKE.roa
Signing time:             Tue 20 May 2025 12:47:26 +0000
ROA not before:           Tue 20 May 2025 12:47:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198743
IP address blocks:        192.68.51.0/24 maxlen: 24
                          2001:67c:2870::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:bc:0d:94:08:1e:56:d6:c0:8d:a5:4f:f7:1c:ea:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8218514aaadfa03846ba1f6d39f1f9e437c63c41
        Validity
            Not Before: May 20 12:47:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bff0e57885fc16197c05f55db373a3e98583ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d8:a7:f3:53:13:04:5f:9e:1f:d4:af:b4:93:
                    bf:b1:13:5f:7a:b4:5c:27:e0:fd:6b:48:e1:9b:b9:
                    29:55:1e:85:50:22:a9:c5:47:9f:e5:41:5c:8f:ef:
                    ad:95:2e:f9:4d:89:e2:65:20:4b:c7:d9:9c:57:cd:
                    eb:a0:3b:87:b4:17:a4:1f:17:47:85:43:95:53:fe:
                    9e:98:b0:31:16:29:14:87:9d:33:6b:55:7c:d0:69:
                    59:bb:92:03:87:06:0b:a6:e3:a4:e8:ec:85:ea:4e:
                    ea:18:55:15:57:43:dd:cc:0f:2e:a3:99:c4:68:8d:
                    22:12:54:00:76:83:15:2d:5f:8f:3b:82:ee:83:bb:
                    42:a8:91:80:69:8a:a3:e1:76:84:f7:63:b7:2f:30:
                    87:15:36:bd:14:b3:62:39:78:d1:fb:18:ca:46:40:
                    25:d1:ef:3f:06:03:35:58:64:cb:b2:b4:4a:3a:7f:
                    d3:ed:17:bb:a8:c7:e8:62:0f:da:88:b8:a1:ff:b5:
                    b7:c4:e5:ec:2b:20:43:68:eb:55:85:80:c1:0e:aa:
                    03:e1:0a:cf:65:27:9e:60:29:c4:a9:6b:fe:d1:23:
                    75:b4:59:03:88:54:c3:fe:d5:1a:7e:a5:a0:64:cb:
                    0e:7f:a0:43:68:ac:0c:f1:14:50:f3:3c:b3:0f:bd:
                    1d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:FF:0E:57:88:5F:C1:61:97:C0:5F:55:DB:37:3A:3E:98:58:3C:A1
            X509v3 Authority Key Identifier:
                keyid:82:18:51:4A:AA:DF:A0:38:46:BA:1F:6D:39:F1:F9:E4:37:C6:3C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ghhRSqrfoDhGuh9tOfH55DfGPEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/i_8OV4hfwWGXwF9V2zc6PphYPKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/37423c-ebdd-4ea8-814c-333896a00e6f/1/ghhRSqrfoDhGuh9tOfH55DfGPEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.68.51.0/24
                IPv6:
                  2001:67c:2870::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:e4:c3:6a:77:cf:b4:0f:56:2a:3b:eb:c5:a0:99:58:5d:76:
         60:0d:6e:d8:52:de:79:f3:1c:68:ce:c2:fb:97:4a:04:9c:18:
         05:c7:f7:68:95:5c:5e:a1:fb:7f:29:7a:60:69:d8:05:8e:ba:
         2b:6f:2c:9a:23:93:3d:60:e0:04:31:07:b2:59:e8:d2:e0:fe:
         8c:d5:41:7f:f6:c5:51:bf:8c:fb:98:b3:8c:42:7f:ba:43:eb:
         96:93:3e:66:3a:04:13:3a:ee:36:d2:40:2b:b0:b6:26:42:cf:
         cb:36:8e:43:55:dd:c8:b1:26:cf:fa:9b:f5:d6:c3:9d:1f:ab:
         46:74:35:a2:b0:bd:0d:f0:bb:27:56:41:94:c8:0d:5b:08:00:
         f7:84:92:8f:f6:20:6b:2e:3c:be:fc:39:ad:9b:b5:19:61:46:
         52:76:25:39:84:f0:d2:b1:60:56:cd:31:c3:c5:1e:0a:02:83:
         ef:a4:3a:3c:ae:94:d9:fe:43:1d:9a:bd:48:18:37:f5:51:cd:
         d8:c7:a9:34:46:3f:73:65:4e:7c:5c:cf:8b:f2:9b:15:b9:8b:
         f7:02:95:20:2d:29:a5:11:3a:68:14:ad:87:e9:12:28:17:2e:
         a0:51:6b:5a:ac:57:8a:ed:08:25:bf:57:a2:cd:a9:4c:41:45:
         4c:bc:76:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZbtvA2UCB5W1sCNpU/3HOqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMTg1MTRhYWFkZmEwMzg0NmJhMWY2ZDM5ZjFmOWU0Mzdj
NjNjNDEwHhcNMjUwNTIwMTI0NzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmZmMGU1Nzg4NWZjMTYxOTdjMDVmNTVkYjM3M2EzZTk4NTgzY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9in81MTBF+eH9SvtJO/sRNferRc
J+D9a0jhm7kpVR6FUCKpxUef5UFcj++tlS75TYniZSBLx9mcV83roDuHtBekHxdH
hUOVU/6emLAxFikUh50za1V80GlZu5IDhwYLpuOk6OyF6k7qGFUVV0PdzA8uo5nE
aI0iElQAdoMVLV+PO4Lug7tCqJGAaYqj4XaE92O3LzCHFTa9FLNiOXjR+xjKRkAl
0e8/BgM1WGTLsrRKOn/T7Re7qMfoYg/aiLih/7W3xOXsKyBDaOtVhYDBDqoD4QrP
ZSeeYCnEqWv+0SN1tFkDiFTD/tUafqWgZMsOf6BDaKwM8RRQ8zyzD70dIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIv/DleIX8Fhl8BfVds3Oj6YWDyhMB8GA1UdIwQY
MBaAFIIYUUqq36A4RrofbTnx+eQ3xjxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hoUlNxcmZvRGhHdWg5dE9mSDU1RGZHUEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8zNzQyM2MtZWJkZC00ZWE4LTgxNGMt
MzMzODk2YTAwZTZmLzEvaV84T1Y0aGZ3V0dYd0Y5VjJ6YzZQcGhZUEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8zNzQyM2MtZWJkZC00ZWE4LTgxNGMtMzMzODk2YTAwZTZm
LzEvZ2hoUlNxcmZvRGhHdWg5dE9mSDU1RGZHUEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwEQzMA8E
AgACMAkDBwAgAQZ8KHAwDQYJKoZIhvcNAQELBQADggEBALLkw2p3z7QPVio768Wg
mVhddmANbthS3nnzHGjOwvuXSgScGAXH92iVXF6h+38pemBp2AWOuitvLJojkz1g
4AQxB7JZ6NLg/ozVQX/2xVG/jPuYs4xCf7pD65aTPmY6BBM67jbSQCuwtiZCz8s2
jkNV3cixJs/6m/XWw50fq0Z0NaKwvQ3wuydWQZTIDVsIAPeEko/2IGsuPL78Oa2b
tRlhRlJ2JTmE8NKxYFbNMcPFHgoCg++kOjyulNn+Qx2avUgYN/VRzdjHqTRGP3Nl
Tnxcz4vymxW5i/cClSAtKaUROmgUrYfpEigXLqBRa1qsV4rtCCW/V6LNqUxBRUy8
djg=
-----END CERTIFICATE-----