Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/4SJUH7W4ejICjEKktk38NQNcB4Q.roa
File:                     4SJUH7W4ejICjEKktk38NQNcB4Q.roa (raw, json)
Hash identifier:          2qwbbCMLxypAlAiGN2fpQYPHWTBbWd8fpkq/6FE+imI=
Subject key identifier:   E1:22:54:1F:B5:B8:7A:32:02:8C:42:A4:B6:4D:FC:35:03:5C:07:84
Certificate issuer:       /CN=8c714b6cb2bad4e7639a8aa271028f5aa1bc6ac2
Certificate serial:       01989376AB5F4845780786D9481282F095CA
Authority key identifier: 8C:71:4B:6C:B2:BA:D4:E7:63:9A:8A:A2:71:02:8F:5A:A1:BC:6A:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jHFLbLK61OdjmoqicQKPWqG8asI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/4SJUH7W4ejICjEKktk38NQNcB4Q.roa
Signing time:             Sun 10 Aug 2025 10:11:24 +0000
ROA not before:           Sun 10 Aug 2025 10:11:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211408
IP address blocks:        217.26.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/jHFLbLK61OdjmoqicQKPWqG8asI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/jHFLbLK61OdjmoqicQKPWqG8asI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jHFLbLK61OdjmoqicQKPWqG8asI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Aug 2025 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:93:76:ab:5f:48:45:78:07:86:d9:48:12:82:f0:95:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c714b6cb2bad4e7639a8aa271028f5aa1bc6ac2
        Validity
            Not Before: Aug 10 10:11:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e122541fb5b87a32028c42a4b64dfc35035c0784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d3:db:e6:05:40:1e:6d:92:95:a1:80:90:ed:
                    f3:20:20:88:bf:61:bc:01:13:f5:8d:b5:e5:9a:cd:
                    94:83:a1:b7:ec:93:c7:bc:58:ee:77:ce:e9:57:e4:
                    c3:ed:ad:0c:35:dc:3b:3a:12:32:6b:17:3c:bc:3d:
                    33:40:9e:97:ca:97:bd:b4:66:c4:e5:7d:69:c5:d6:
                    3e:6f:29:18:b2:cf:fa:c8:89:25:ee:75:f1:35:93:
                    fe:16:20:11:f3:ad:12:84:e8:5d:c1:1f:ab:80:84:
                    44:de:cc:62:1e:ea:86:5e:8e:a7:8c:48:6d:d7:9f:
                    62:93:09:bb:2c:e8:6b:91:12:3a:23:bf:ff:bd:77:
                    9e:b3:4f:a4:33:2c:aa:07:d4:9d:67:51:68:a2:b3:
                    6c:58:3e:3a:31:a9:7f:0a:2c:13:07:a2:8f:96:f4:
                    bd:62:86:c6:2e:30:5f:1c:cc:ba:d0:af:89:91:1a:
                    21:3b:93:c1:eb:3c:fc:2d:fa:3f:fc:0c:00:f5:13:
                    c0:b5:5d:ae:a1:89:24:b6:1d:a7:ed:68:88:8c:44:
                    f0:6e:42:93:46:be:c8:88:64:b1:cf:14:fc:f0:8e:
                    f0:c5:22:2e:83:42:9f:a5:db:72:df:36:43:74:a8:
                    0c:8d:11:8f:e1:a0:ad:8a:c8:91:2c:66:12:6f:3c:
                    ee:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:22:54:1F:B5:B8:7A:32:02:8C:42:A4:B6:4D:FC:35:03:5C:07:84
            X509v3 Authority Key Identifier:
                keyid:8C:71:4B:6C:B2:BA:D4:E7:63:9A:8A:A2:71:02:8F:5A:A1:BC:6A:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jHFLbLK61OdjmoqicQKPWqG8asI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/4SJUH7W4ejICjEKktk38NQNcB4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/02a8d6-9158-4aeb-a750-78753a104226/1/jHFLbLK61OdjmoqicQKPWqG8asI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:8f:f2:28:78:e4:f9:41:b5:60:fc:ae:de:aa:bf:0e:36:b6:
         83:75:29:86:7b:6e:e3:aa:a0:28:2a:0a:ac:c5:52:da:3d:f4:
         14:2e:30:00:c9:a6:88:b8:d9:31:c0:6a:9f:57:56:7e:70:1b:
         7d:08:5c:37:ef:d3:b5:85:24:7b:7f:7e:0e:0b:84:75:6e:cd:
         a9:6c:ed:c0:89:da:67:da:38:17:a2:ad:f4:b6:66:ad:22:7c:
         34:5d:6e:16:08:54:78:0e:f0:17:43:2b:d9:01:2f:cf:71:07:
         2d:c4:25:58:d8:29:85:a4:61:35:73:8e:45:b0:d0:a1:b8:96:
         bf:cd:79:aa:3c:b6:6a:39:96:52:db:cd:f6:e0:c0:83:da:ec:
         ad:94:45:da:ac:b1:b7:b6:dd:8a:72:2d:f0:f9:0f:0d:4f:be:
         09:15:87:2b:28:38:cf:f7:fb:1c:ab:d5:90:18:a3:75:08:15:
         7d:43:b8:87:c7:12:42:74:8f:ef:cb:06:bc:da:1c:cf:82:07:
         ba:5e:c9:a4:04:5a:59:21:30:1b:77:35:97:1c:5c:57:4e:fd:
         ed:fc:42:73:58:2e:ff:54:51:4d:9e:4f:d2:8d:e8:92:7d:85:
         79:42:7c:dc:93:81:ad:c3:fc:4b:a5:e7:6e:be:5b:84:5c:6a:
         4c:f8:0d:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiTdqtfSEV4B4bZSBKC8JXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjNzE0YjZjYjJiYWQ0ZTc2MzlhOGFhMjcxMDI4ZjVhYTFi
YzZhYzIwHhcNMjUwODEwMTAxMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTIyNTQxZmI1Yjg3YTMyMDI4YzQyYTRiNjRkZmMzNTAzNWMwNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtPb5gVAHm2SlaGAkO3zICCIv2G8
ARP1jbXlms2Ug6G37JPHvFjud87pV+TD7a0MNdw7OhIyaxc8vD0zQJ6Xype9tGbE
5X1pxdY+bykYss/6yIkl7nXxNZP+FiAR860ShOhdwR+rgIRE3sxiHuqGXo6njEht
159ikwm7LOhrkRI6I7//vXees0+kMyyqB9SdZ1FoorNsWD46Mal/CiwTB6KPlvS9
YobGLjBfHMy60K+JkRohO5PB6zz8Lfo//AwA9RPAtV2uoYkkth2n7WiIjETwbkKT
Rr7IiGSxzxT88I7wxSIug0Kfpdty3zZDdKgMjRGP4aCtisiRLGYSbzzunQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEiVB+1uHoyAoxCpLZN/DUDXAeEMB8GA1UdIwQY
MBaAFIxxS2yyutTnY5qKonECj1qhvGrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakhGTGJMSzYxT2RqbW9xaWNRS1BXcUc4YXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8wMmE4ZDYtOTE1OC00YWViLWE3NTAt
Nzg3NTNhMTA0MjI2LzEvNFNKVUg3VzRlaklDakVLa3RrMzhOUU5jQjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8wMmE4ZDYtOTE1OC00YWViLWE3NTAtNzg3NTNhMTA0MjI2
LzEvakhGTGJMSzYxT2RqbW9xaWNRS1BXcUc4YXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RreMA0G
CSqGSIb3DQEBCwUAA4IBAQAej/IoeOT5QbVg/K7eqr8ONraDdSmGe27jqqAoKgqs
xVLaPfQULjAAyaaIuNkxwGqfV1Z+cBt9CFw379O1hSR7f34OC4R1bs2pbO3Aidpn
2jgXoq30tmatInw0XW4WCFR4DvAXQyvZAS/PcQctxCVY2CmFpGE1c45FsNChuJa/
zXmqPLZqOZZS28324MCD2uytlEXarLG3tt2Kci3w+Q8NT74JFYcrKDjP9/scq9WQ
GKN1CBV9Q7iHxxJCdI/vywa82hzPgge6XsmkBFpZITAbdzWXHFxXTv3t/EJzWC7/
VFFNnk/SjeiSfYV5Qnzck4Gtw/xLpeduvluEXGpM+A2l
-----END CERTIFICATE-----