Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/7maLWxU6IkDM2FmAqNdy7l2m8vA.roa
File:                     7maLWxU6IkDM2FmAqNdy7l2m8vA.roa (raw, json)
Hash identifier:          hXSJo4W1y0TIt55yVm6o0sEdz9TFsi3M02ghZ52Dqcs=
Subject key identifier:   EE:66:8B:5B:15:3A:22:40:CC:D8:59:80:A8:D7:72:EE:5D:A6:F2:F0
Certificate issuer:       /CN=29085fc534c13e0882e260a895f3cf0c5543ef08
Certificate serial:       0194206808447FF4D5DF87B15F12E9FCA9B9
Authority key identifier: 29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/7maLWxU6IkDM2FmAqNdy7l2m8vA.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.187.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:08:44:7f:f4:d5:df:87:b1:5f:12:e9:fc:a9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29085fc534c13e0882e260a895f3cf0c5543ef08
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee668b5b153a2240ccd85980a8d772ee5da6f2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:dd:f4:0e:9b:ee:11:d2:00:49:f3:3c:6c:c2:
                    84:63:4f:e4:7d:34:af:e2:39:cc:3e:35:57:6a:ca:
                    98:ea:02:da:ce:8e:75:f4:08:a5:18:f7:11:e6:d9:
                    10:45:b1:54:14:e9:f8:5c:3b:aa:e5:50:f2:e1:f1:
                    a8:94:ac:51:50:56:39:d4:33:76:26:40:ef:b7:3f:
                    1a:2c:f0:75:85:4c:99:1a:7a:47:67:e5:78:af:02:
                    f5:96:3c:91:bf:16:31:08:fc:4a:80:f2:4b:ae:14:
                    65:88:8d:30:25:ba:44:a5:1f:eb:32:12:ce:c1:c3:
                    5d:64:22:b0:ca:18:25:8c:42:37:fc:9d:46:cb:52:
                    ff:5f:b5:da:d4:d5:a7:31:23:ef:bd:3a:7d:7e:61:
                    c8:1e:37:23:1f:c7:ce:20:c2:b1:c2:a4:04:9e:9e:
                    20:0c:aa:09:a4:87:78:14:39:9f:c6:7b:24:1a:33:
                    7f:47:ce:03:1d:09:c2:91:53:03:e9:ba:3c:da:1b:
                    95:71:71:49:3e:a8:6f:7a:4c:08:3d:b6:fa:7f:00:
                    ac:d8:7a:42:14:b9:d9:93:77:9f:68:00:2b:f8:b0:
                    53:1f:30:85:c9:f6:27:e3:97:ed:08:90:7e:54:0e:
                    1f:c3:73:c1:22:4d:44:c2:16:d7:69:46:55:08:e7:
                    d0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:66:8B:5B:15:3A:22:40:CC:D8:59:80:A8:D7:72:EE:5D:A6:F2:F0
            X509v3 Authority Key Identifier:
                keyid:29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/7maLWxU6IkDM2FmAqNdy7l2m8vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e6:3e:92:97:96:d6:11:05:03:27:6f:68:72:5d:86:7b:89:
         b2:7b:8e:21:ed:b3:4b:75:96:73:e7:b6:47:57:dd:4b:87:38:
         5d:df:18:dc:44:39:48:4c:6e:e3:39:be:1b:6f:55:4b:26:44:
         a5:4d:ba:01:0e:8e:2d:8e:80:35:fc:d0:82:d0:61:6c:c9:85:
         38:c3:14:7a:ff:ea:5b:29:20:35:0b:36:d0:b5:8f:5d:b7:8c:
         8f:2e:a1:69:52:ac:ce:41:96:79:79:b3:83:3a:a9:0a:77:f0:
         c3:75:3b:54:c1:43:51:11:95:de:54:93:4b:f1:33:3e:34:b4:
         a8:65:c2:f0:a1:32:da:5e:aa:51:f1:d3:23:e9:84:be:05:3b:
         34:f2:66:32:d3:24:46:92:ad:fb:aa:b1:21:5a:cc:29:18:bd:
         b6:9d:ef:a5:96:09:3e:dc:fe:77:be:b6:c0:5a:dc:c7:8e:64:
         a6:89:97:76:92:6c:4e:b1:cf:21:a2:cc:dd:b4:bf:5a:79:33:
         4e:ec:93:31:48:4a:b2:ac:02:4e:18:e0:b5:a4:fa:2c:d9:5a:
         8e:65:c4:29:ce:68:13:61:dd:3e:de:99:8a:8f:13:1b:fb:1d:
         4d:94:50:a6:15:30:7d:9d:8c:ce:cb:76:64:de:7c:16:0e:1a:
         eb:f2:28:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaAhEf/TV34exXxLp/Km5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDg1ZmM1MzRjMTNlMDg4MmUyNjBhODk1ZjNjZjBjNTU0
M2VmMDgwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTY2OGI1YjE1M2EyMjQwY2NkODU5ODBhOGQ3NzJlZTVkYTZmMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1t30DpvuEdIASfM8bMKEY0/kfTSv
4jnMPjVXasqY6gLazo519AilGPcR5tkQRbFUFOn4XDuq5VDy4fGolKxRUFY51DN2
JkDvtz8aLPB1hUyZGnpHZ+V4rwL1ljyRvxYxCPxKgPJLrhRliI0wJbpEpR/rMhLO
wcNdZCKwyhgljEI3/J1Gy1L/X7Xa1NWnMSPvvTp9fmHIHjcjH8fOIMKxwqQEnp4g
DKoJpId4FDmfxnskGjN/R84DHQnCkVMD6bo82huVcXFJPqhvekwIPbb6fwCs2HpC
FLnZk3efaAAr+LBTHzCFyfYn45ftCJB+VA4fw3PBIk1EwhbXaUZVCOfQFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5mi1sVOiJAzNhZgKjXcu5dpvLwMB8GA1UdIwQY
MBaAFCkIX8U0wT4IguJgqJXzzwxVQ+8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWIt
YzMyOTcxMjllNGQzLzEvN21hTFd4VTZJa0RNMkZtQXFOZHk3bDJtOHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWItYzMyOTcxMjllNGQz
LzEvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubs8MA0G
CSqGSIb3DQEBCwUAA4IBAQA35j6Sl5bWEQUDJ29ocl2Ge4mye44h7bNLdZZz57ZH
V91Lhzhd3xjcRDlITG7jOb4bb1VLJkSlTboBDo4tjoA1/NCC0GFsyYU4wxR6/+pb
KSA1CzbQtY9dt4yPLqFpUqzOQZZ5ebODOqkKd/DDdTtUwUNREZXeVJNL8TM+NLSo
ZcLwoTLaXqpR8dMj6YS+BTs08mYy0yRGkq37qrEhWswpGL22ne+llgk+3P53vrbA
WtzHjmSmiZd2kmxOsc8hoszdtL9aeTNO7JMxSEqyrAJOGOC1pPos2VqOZcQpzmgT
Yd0+3pmKjxMb+x1NlFCmFTB9nYzOy3Zk3nwWDhrr8ih6
-----END CERTIFICATE-----