Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/FsU8rSGyQb0kGFvbxmQ4nDDUBg4.roa
File:                     FsU8rSGyQb0kGFvbxmQ4nDDUBg4.roa (raw, json)
Hash identifier:          xmWHpgYL9RCJue+qrtt+Eau987wbwxVuh1gIf8HMA3I=
Subject key identifier:   16:C5:3C:AD:21:B2:41:BD:24:18:5B:DB:C6:64:38:9C:30:D4:06:0E
Certificate issuer:       /CN=8f7e425b9980de3e6d4d556b69abbff1254867b1
Certificate serial:       01961A4C54C809EC8B238C77E88EB6FFDA06
Authority key identifier: 8F:7E:42:5B:99:80:DE:3E:6D:4D:55:6B:69:AB:BF:F1:25:48:67:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j35CW5mA3j5tTVVraau_8SVIZ7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/FsU8rSGyQb0kGFvbxmQ4nDDUBg4.roa
Signing time:             Wed 09 Apr 2025 11:25:32 +0000
ROA not before:           Wed 09 Apr 2025 11:25:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205149
IP address blocks:        185.170.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/j35CW5mA3j5tTVVraau_8SVIZ7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/j35CW5mA3j5tTVVraau_8SVIZ7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j35CW5mA3j5tTVVraau_8SVIZ7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1a:4c:54:c8:09:ec:8b:23:8c:77:e8:8e:b6:ff:da:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f7e425b9980de3e6d4d556b69abbff1254867b1
        Validity
            Not Before: Apr  9 11:25:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16c53cad21b241bd24185bdbc664389c30d4060e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:02:ae:1d:8f:33:5b:da:13:72:c5:09:25:5a:
                    a5:79:2d:35:34:c3:9e:d2:ba:8c:62:cb:d4:38:09:
                    39:22:65:f3:23:49:fa:6a:c7:ba:de:d3:e6:2d:d1:
                    76:67:9d:31:84:12:89:81:f1:ab:bb:fd:e0:ff:95:
                    9a:72:10:22:96:ae:1b:e5:9a:08:cd:07:fd:62:3c:
                    85:a4:d5:2d:99:69:7a:c1:ef:9f:15:90:65:72:21:
                    29:24:f5:af:c8:d1:76:26:a1:47:c8:53:5f:cc:20:
                    84:6c:e6:d5:09:c6:eb:8c:2b:83:9b:88:90:44:fe:
                    dd:08:78:cf:27:b5:cf:77:00:f8:e2:94:0e:7f:2b:
                    7b:e1:75:5b:72:c0:58:53:fb:5f:41:ed:01:3c:df:
                    d2:d3:ca:5a:42:52:45:ad:23:bf:2f:34:49:db:98:
                    c0:0c:b8:1b:c0:61:65:6b:42:b3:14:bf:bc:d1:d9:
                    1a:c6:e4:0a:7c:19:71:95:8b:e0:b6:ad:eb:44:e3:
                    01:dd:8f:6b:34:3b:4b:9b:c3:d5:7b:5e:16:0f:a8:
                    b2:71:f3:fd:be:6d:ad:49:e9:4d:6d:06:ef:db:d6:
                    dc:f4:1e:52:2c:5c:5c:58:d0:cf:5b:53:24:f0:53:
                    05:99:ce:6f:2a:e5:01:7d:d2:6e:38:ba:09:be:f9:
                    49:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C5:3C:AD:21:B2:41:BD:24:18:5B:DB:C6:64:38:9C:30:D4:06:0E
            X509v3 Authority Key Identifier:
                keyid:8F:7E:42:5B:99:80:DE:3E:6D:4D:55:6B:69:AB:BF:F1:25:48:67:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j35CW5mA3j5tTVVraau_8SVIZ7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/FsU8rSGyQb0kGFvbxmQ4nDDUBg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/608cb8-2d21-4177-95b2-914754807314/1/j35CW5mA3j5tTVVraau_8SVIZ7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:e4:72:d3:4b:b6:09:99:14:9d:ae:c1:55:d6:26:d4:5c:b4:
         5c:90:07:68:e8:78:53:01:f6:19:f6:3e:3a:6f:ee:68:1d:9b:
         1b:b3:86:36:79:1b:38:ee:9f:16:e0:93:e0:1c:82:26:53:3f:
         87:01:02:ea:c8:1f:f8:c1:f7:5b:00:9c:62:a0:a1:87:7b:a4:
         58:ab:52:48:1f:86:88:9f:35:69:75:41:fc:c5:97:f1:ca:55:
         0b:22:df:52:e9:56:51:a7:4f:58:7e:9b:1e:38:de:7c:26:b0:
         24:62:d2:41:86:1b:e6:86:0c:51:b9:1d:77:7e:e1:9b:50:18:
         12:7e:cb:89:3c:50:14:ce:d2:25:ca:77:85:21:b4:9e:72:ed:
         81:19:b6:e2:91:ef:5d:7c:c5:eb:c9:d6:12:43:27:ca:98:32:
         5d:e3:7e:e6:0b:ae:e1:99:c5:74:20:b7:2b:09:87:a6:44:e3:
         0f:5f:75:1b:0e:01:db:e2:cc:32:e7:e6:79:7b:ed:c3:53:0d:
         9f:6a:0f:3d:17:c4:60:67:f7:16:63:43:f7:b5:7c:ff:82:4d:
         99:56:43:93:7e:71:04:9d:e0:30:6c:2a:ab:38:95:24:cf:24:
         53:7c:ae:54:a9:1e:73:8b:86:60:90:02:73:e3:66:75:7a:c9:
         04:c9:27:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYaTFTICeyLI4x36I62/9oGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmN2U0MjViOTk4MGRlM2U2ZDRkNTU2YjY5YWJiZmYxMjU0
ODY3YjEwHhcNMjUwNDA5MTEyNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmM1M2NhZDIxYjI0MWJkMjQxODViZGJjNjY0Mzg5YzMwZDQwNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAKuHY8zW9oTcsUJJVqleS01NMOe
0rqMYsvUOAk5ImXzI0n6ase63tPmLdF2Z50xhBKJgfGru/3g/5WachAilq4b5ZoI
zQf9YjyFpNUtmWl6we+fFZBlciEpJPWvyNF2JqFHyFNfzCCEbObVCcbrjCuDm4iQ
RP7dCHjPJ7XPdwD44pQOfyt74XVbcsBYU/tfQe0BPN/S08paQlJFrSO/LzRJ25jA
DLgbwGFla0KzFL+80dkaxuQKfBlxlYvgtq3rROMB3Y9rNDtLm8PVe14WD6iycfP9
vm2tSelNbQbv29bc9B5SLFxcWNDPW1Mk8FMFmc5vKuUBfdJuOLoJvvlJFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbFPK0hskG9JBhb28ZkOJww1AYOMB8GA1UdIwQY
MBaAFI9+QluZgN4+bU1Va2mrv/ElSGexMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajM1Q1c1bUEzajV0VFZWcmFhdV84U1ZJWjdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82MDhjYjgtMmQyMS00MTc3LTk1YjIt
OTE0NzU0ODA3MzE0LzEvRnNVOHJTR3lRYjBrR0Z2YnhtUTRuRERVQmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82MDhjYjgtMmQyMS00MTc3LTk1YjItOTE0NzU0ODA3MzE0
LzEvajM1Q1c1bUEzajV0VFZWcmFhdV84U1ZJWjdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuapAMA0G
CSqGSIb3DQEBCwUAA4IBAQCq5HLTS7YJmRSdrsFV1ibUXLRckAdo6HhTAfYZ9j46
b+5oHZsbs4Y2eRs47p8W4JPgHIImUz+HAQLqyB/4wfdbAJxioKGHe6RYq1JIH4aI
nzVpdUH8xZfxylULIt9S6VZRp09YfpseON58JrAkYtJBhhvmhgxRuR13fuGbUBgS
fsuJPFAUztIlyneFIbSecu2BGbbike9dfMXrydYSQyfKmDJd437mC67hmcV0ILcr
CYemROMPX3UbDgHb4swy5+Z5e+3DUw2fag89F8RgZ/cWY0P3tXz/gk2ZVkOTfnEE
neAwbCqrOJUkzyRTfK5UqR5zi4ZgkAJz42Z1eskEySfT
-----END CERTIFICATE-----