Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/rkb71IFKmOwHN1Jg5Et0bzsKc_I.roa
File:                     rkb71IFKmOwHN1Jg5Et0bzsKc_I.roa (raw, json)
Hash identifier:          WK/N2S2Y2IN8I1NQby/H/tCVPb7ORwKAQmcCTQ3LUwU=
Subject key identifier:   AE:46:FB:D4:81:4A:98:EC:07:37:52:60:E4:4B:74:6F:3B:0A:73:F2
Certificate issuer:       /CN=6dbd51576b4a93460a465af35e6bf550f5548894
Certificate serial:       019425219115113D0CF577ED04F853E7F032
Authority key identifier: 6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/rkb71IFKmOwHN1Jg5Et0bzsKc_I.roa
Signing time:             Thu 02 Jan 2025 03:49:04 +0000
ROA not before:           Thu 02 Jan 2025 03:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199619
IP address blocks:        185.5.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:91:15:11:3d:0c:f5:77:ed:04:f8:53:e7:f0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd51576b4a93460a465af35e6bf550f5548894
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae46fbd4814a98ec07375260e44b746f3b0a73f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:83:81:2b:92:94:b3:b5:9a:59:51:0e:9c:e7:
                    18:4f:45:95:3a:eb:07:22:07:ee:5b:70:d7:8d:d0:
                    33:17:c5:de:a0:95:b8:0f:1c:35:ee:5d:84:93:7f:
                    c0:3b:06:0f:ce:cb:97:15:f9:ca:7a:74:85:b5:78:
                    f8:01:00:c5:4e:53:d2:05:db:40:71:04:f8:a7:db:
                    42:6e:26:68:74:6d:bd:c0:24:17:22:0c:d9:93:9a:
                    71:9a:98:df:0c:e8:11:83:21:eb:bc:99:7e:7b:fc:
                    71:99:9e:63:75:e8:55:a6:a9:07:21:2b:de:a1:8b:
                    89:19:e6:76:cd:91:3b:19:98:75:c3:02:7e:22:73:
                    cc:ab:ff:61:ed:be:d6:eb:8a:bb:d4:f9:8d:a2:ee:
                    ec:a9:0a:7d:ed:9f:c1:7d:bb:00:90:fb:05:dd:0c:
                    73:39:23:ec:0c:36:35:85:81:4a:d3:4a:99:16:0e:
                    20:02:85:07:ad:f2:2e:f0:b4:f1:13:6f:3b:8e:39:
                    54:15:58:65:17:a5:25:35:95:f8:10:c0:66:05:63:
                    05:1a:d7:24:43:06:d6:61:6d:a2:a0:04:14:5c:8c:
                    2b:6e:c3:46:82:b0:34:e1:44:a1:1a:6c:2f:58:6f:
                    71:4f:f5:3d:9e:18:67:bd:9e:43:5a:8b:21:53:b9:
                    25:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:46:FB:D4:81:4A:98:EC:07:37:52:60:E4:4B:74:6F:3B:0A:73:F2
            X509v3 Authority Key Identifier:
                keyid:6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/rkb71IFKmOwHN1Jg5Et0bzsKc_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:ed:d2:28:c5:32:0c:fe:45:38:51:b0:b9:a4:fb:72:30:db:
         c0:b0:79:76:eb:e9:8d:ec:c8:d3:59:62:a7:c0:6d:12:5c:3f:
         8d:27:b6:48:39:fd:18:12:9c:b9:d9:73:ce:6c:bb:5f:08:d9:
         e6:5b:08:9c:d8:0a:23:86:e1:3b:57:84:e2:8e:2f:4d:a9:51:
         e2:50:ec:74:ef:ec:bf:7d:21:8e:38:7a:86:05:e3:74:95:a2:
         d0:39:f4:71:45:28:00:0c:a8:5b:69:60:c3:20:2d:11:2a:f9:
         e8:b4:ee:8e:5b:aa:e1:8f:1c:94:62:92:b1:5c:87:51:cf:24:
         0d:d5:37:e8:11:b4:46:8b:16:19:a1:8b:8b:20:da:83:95:8b:
         23:66:87:d5:16:6b:33:99:55:b8:31:6b:93:b0:00:7f:cc:33:
         83:4f:65:28:07:0e:35:1c:64:24:2e:78:83:9d:39:3e:21:ad:
         de:81:2f:81:b7:12:0e:72:c5:d3:f2:84:61:ac:c7:29:f3:92:
         fd:8b:c5:9a:8f:a9:e7:04:39:38:36:e5:df:2e:67:50:f1:95:
         a5:fa:ba:54:10:97:9e:70:c1:98:76:7a:ee:65:b7:ad:d6:04:
         11:da:ad:0c:ea:25:51:8f:d9:d7:11:29:10:d9:28:b6:5e:57:
         e4:7d:2f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZEVET0M9XftBPhT5/AyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1MTU3NmI0YTkzNDYwYTQ2NWFmMzVlNmJmNTUwZjU1
NDg4OTQwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQ2ZmJkNDgxNGE5OGVjMDczNzUyNjBlNDRiNzQ2ZjNiMGE3M2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YOBK5KUs7WaWVEOnOcYT0WVOusH
IgfuW3DXjdAzF8XeoJW4Dxw17l2Ek3/AOwYPzsuXFfnKenSFtXj4AQDFTlPSBdtA
cQT4p9tCbiZodG29wCQXIgzZk5pxmpjfDOgRgyHrvJl+e/xxmZ5jdehVpqkHISve
oYuJGeZ2zZE7GZh1wwJ+InPMq/9h7b7W64q71PmNou7sqQp97Z/BfbsAkPsF3Qxz
OSPsDDY1hYFK00qZFg4gAoUHrfIu8LTxE287jjlUFVhlF6UlNZX4EMBmBWMFGtck
QwbWYW2ioAQUXIwrbsNGgrA04UShGmwvWG9xT/U9nhhnvZ5DWoshU7klmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5G+9SBSpjsBzdSYORLdG87CnPyMB8GA1UdIwQY
MBaAFG29UVdrSpNGCkZa815r9VD1VIiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUt
MWVmN2VmMTdmYTQzLzEvcmtiNzFJRkttT3dITjFKZzVFdDBienNLY19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUtMWVmN2VmMTdmYTQz
LzEvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQWPMA0G
CSqGSIb3DQEBCwUAA4IBAQC57dIoxTIM/kU4UbC5pPtyMNvAsHl26+mN7MjTWWKn
wG0SXD+NJ7ZIOf0YEpy52XPObLtfCNnmWwic2AojhuE7V4Tiji9NqVHiUOx07+y/
fSGOOHqGBeN0laLQOfRxRSgADKhbaWDDIC0RKvnotO6OW6rhjxyUYpKxXIdRzyQN
1TfoEbRGixYZoYuLINqDlYsjZofVFmszmVW4MWuTsAB/zDODT2UoBw41HGQkLniD
nTk+Ia3egS+BtxIOcsXT8oRhrMcp85L9i8Waj6nnBDk4NuXfLmdQ8ZWl+rpUEJee
cMGYdnruZbet1gQR2q0M6iVRj9nXESkQ2Si2XlfkfS/H
-----END CERTIFICATE-----