Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/sExC59C2viDQKDDYj8CusH8J5Lg.roa
File:                     sExC59C2viDQKDDYj8CusH8J5Lg.roa (raw, json)
Hash identifier:          cOWFAprr/QGP2vQ6eCaPmf7CyWdmOoqQ/ISFnDFZTmU=
Subject key identifier:   B0:4C:42:E7:D0:B6:BE:20:D0:28:30:D8:8F:C0:AE:B0:7F:09:E4:B8
Certificate issuer:       /CN=8d3402eae027abcd926090cc0ddeff80aab92c35
Certificate serial:       019616DF414CD5B65FFBD4461DE8EAE7B2CF
Authority key identifier: 8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/sExC59C2viDQKDDYj8CusH8J5Lg.roa
Signing time:             Tue 08 Apr 2025 19:27:32 +0000
ROA not before:           Tue 08 Apr 2025 19:27:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136258
IP address blocks:        86.54.82.0/24 maxlen: 24
                          185.186.76.0/24 maxlen: 24
                          185.186.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:16:df:41:4c:d5:b6:5f:fb:d4:46:1d:e8:ea:e7:b2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3402eae027abcd926090cc0ddeff80aab92c35
        Validity
            Not Before: Apr  8 19:27:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b04c42e7d0b6be20d02830d88fc0aeb07f09e4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:00:2d:d3:03:70:5e:d7:bd:00:92:42:f7:1a:
                    1e:a8:05:fa:66:64:05:66:fc:80:00:43:39:17:bd:
                    03:ed:88:60:86:c5:e4:4c:f2:e4:52:35:f5:43:a2:
                    98:41:11:76:ba:94:15:19:7f:09:33:71:c6:18:32:
                    79:60:00:f1:5e:0f:e1:b0:c7:b9:0b:8f:21:3c:8b:
                    66:f0:85:a5:75:43:6e:91:0d:ab:1e:99:b1:bb:2e:
                    32:07:97:b9:bf:b8:11:20:11:77:a0:8a:3e:56:94:
                    5e:21:24:5b:5d:2b:d1:ce:f6:e1:e9:92:c0:99:f7:
                    85:52:76:54:fc:8b:61:1e:f2:d6:fc:8c:2d:9a:95:
                    bb:88:e9:c4:23:2e:93:2e:ab:30:a0:4f:1b:88:c7:
                    e8:6e:a7:e0:e2:21:81:3c:b3:dd:99:86:4a:70:82:
                    62:91:16:ee:00:96:27:95:a7:7a:1d:83:1a:29:ce:
                    cc:57:53:59:77:27:ef:5c:a4:52:95:6a:2a:49:55:
                    37:5d:7a:1d:32:0f:f7:56:64:b4:af:51:4f:65:2a:
                    d0:b6:a8:4d:77:ae:b5:76:e5:ea:d8:ca:c5:29:f2:
                    6e:d5:c0:89:32:d6:47:5a:33:db:f2:cf:ab:e6:2d:
                    84:b1:fe:7e:44:46:cf:c5:3c:c1:a0:0a:29:74:c0:
                    75:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:4C:42:E7:D0:B6:BE:20:D0:28:30:D8:8F:C0:AE:B0:7F:09:E4:B8
            X509v3 Authority Key Identifier:
                keyid:8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/sExC59C2viDQKDDYj8CusH8J5Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.82.0/24
                  185.186.76.0/24
                  185.186.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:7e:8d:50:fc:06:84:d0:ed:21:30:7f:ae:ed:f6:13:68:1b:
         f5:1b:e9:7e:8e:86:77:8b:03:8a:6f:a9:70:2b:a3:40:31:74:
         81:4c:da:88:2e:a1:2f:35:88:50:e2:fc:c2:39:f7:b9:36:37:
         a3:0a:e1:ba:61:58:e8:6d:d6:c9:ef:18:57:50:25:68:93:1a:
         85:2a:de:ee:cb:3a:a4:d6:b8:b4:25:9e:d6:c1:87:b9:c9:37:
         a5:a1:49:7f:68:f9:cb:46:b2:a1:14:54:f6:27:da:ff:b2:65:
         ab:d6:00:cf:f5:28:00:06:73:63:bd:83:9a:f5:26:8e:b2:b7:
         38:16:0f:d0:70:d8:c9:e5:e9:e2:fd:25:4b:9c:d6:9d:46:2a:
         ef:a2:78:b2:5e:77:7b:0a:7d:99:69:4b:b9:28:50:87:3c:36:
         0d:bb:be:52:97:2d:bf:2d:e5:38:80:8a:c5:1b:35:4f:82:87:
         d1:51:9e:88:c7:6f:be:b3:56:f7:6a:26:36:d8:bc:55:2e:87:
         0c:a3:aa:e0:cd:38:bc:40:6e:55:d0:46:5e:98:fa:9e:b6:36:
         a9:d2:12:5d:ba:07:3a:51:90:71:f0:6f:c2:3b:09:0f:5a:39:
         76:fe:51:65:f4:de:44:8a:7f:06:40:57:ca:cd:09:f2:ee:cc:
         c5:fc:ff:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYW30FM1bZf+9RGHejq57LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzQwMmVhZTAyN2FiY2Q5MjYwOTBjYzBkZGVmZjgwYWFi
OTJjMzUwHhcNMjUwNDA4MTkyNzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDRjNDJlN2QwYjZiZTIwZDAyODMwZDg4ZmMwYWViMDdmMDllNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAAt0wNwXte9AJJC9xoeqAX6ZmQF
ZvyAAEM5F70D7YhghsXkTPLkUjX1Q6KYQRF2upQVGX8JM3HGGDJ5YADxXg/hsMe5
C48hPItm8IWldUNukQ2rHpmxuy4yB5e5v7gRIBF3oIo+VpReISRbXSvRzvbh6ZLA
mfeFUnZU/IthHvLW/IwtmpW7iOnEIy6TLqswoE8biMfobqfg4iGBPLPdmYZKcIJi
kRbuAJYnlad6HYMaKc7MV1NZdyfvXKRSlWoqSVU3XXodMg/3VmS0r1FPZSrQtqhN
d661duXq2MrFKfJu1cCJMtZHWjPb8s+r5i2Esf5+REbPxTzBoAopdMB1pQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLBMQufQtr4g0Cgw2I/ArrB/CeS4MB8GA1UdIwQY
MBaAFI00AurgJ6vNkmCQzA3e/4CquSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgt
ZjkyZDdkYzM3ZDJlLzEvc0V4QzU5QzJ2aURRS0REWWo4Q3VzSDhKNUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgtZjkyZDdkYzM3ZDJl
LzEvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVjZSAwQA
ubpMAwQAubpOMA0GCSqGSIb3DQEBCwUAA4IBAQDVfo1Q/AaE0O0hMH+u7fYTaBv1
G+l+joZ3iwOKb6lwK6NAMXSBTNqILqEvNYhQ4vzCOfe5NjejCuG6YVjobdbJ7xhX
UCVokxqFKt7uyzqk1ri0JZ7WwYe5yTeloUl/aPnLRrKhFFT2J9r/smWr1gDP9SgA
BnNjvYOa9SaOsrc4Fg/QcNjJ5eni/SVLnNadRirvoniyXnd7Cn2ZaUu5KFCHPDYN
u75Sly2/LeU4gIrFGzVPgofRUZ6Ix2++s1b3aiY22LxVLocMo6rgzTi8QG5V0EZe
mPqetjap0hJdugc6UZBx8G/COwkPWjl2/lFl9N5Ein8GQFfKzQny7szF/P8o
-----END CERTIFICATE-----