Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/l5YxBP66J268QPpOfOKh6pf_dA0.roa
File:                     l5YxBP66J268QPpOfOKh6pf_dA0.roa (raw, json)
Hash identifier:          VfFGld2mgne36x9HBpf5GPD2Bw0k6fbkaTy5yNO7fDc=
Subject key identifier:   97:96:31:04:FE:BA:27:6E:BC:40:FA:4E:7C:E2:A1:EA:97:FF:74:0D
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       019427478A242A88E7A5A67790ABF0C832CC
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/l5YxBP66J268QPpOfOKh6pf_dA0.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59253
IP address blocks:        185.129.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8a:24:2a:88:e7:a5:a6:77:90:ab:f0:c8:32:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97963104feba276ebc40fa4e7ce2a1ea97ff740d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f7:47:8f:37:1f:3b:a0:a6:a4:6e:36:8a:7e:
                    28:56:68:5b:b3:55:ca:8f:27:47:13:e7:0d:7e:af:
                    c7:46:cc:03:b9:d2:e9:ec:e2:f9:5a:c6:0b:d2:53:
                    4a:7a:bc:9f:06:cb:d1:59:46:17:6e:54:c2:06:6b:
                    1a:25:ac:cf:82:74:b6:12:7a:39:b4:b9:ef:08:63:
                    56:d8:80:78:16:58:ae:9d:fb:78:f4:2e:72:97:ee:
                    7a:ae:60:39:c9:63:53:71:10:b1:7c:2a:44:b0:25:
                    5c:12:fd:79:aa:d8:09:ab:24:0a:51:00:51:bc:d6:
                    8c:95:d0:77:90:83:3e:02:8e:31:ea:ac:4a:c0:d0:
                    53:a2:1c:b4:92:f2:f2:99:f5:68:fd:b6:30:64:ad:
                    a8:8c:46:02:e6:57:66:f1:68:42:6f:7a:85:20:28:
                    dd:38:12:45:fd:c0:c9:02:02:90:d3:f2:4f:16:60:
                    de:78:49:7a:86:5c:82:8a:78:62:77:0e:82:ff:a5:
                    f8:9c:7b:a1:cc:82:19:ee:c4:88:b6:e7:cf:69:a4:
                    f4:c1:f2:d4:0e:65:47:8e:ab:2e:d0:81:ee:83:a3:
                    46:0a:fb:ef:ed:ca:1e:86:ac:66:7f:53:63:26:c0:
                    77:10:b8:f2:65:1d:49:21:ba:d5:f3:73:a4:d0:73:
                    10:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:96:31:04:FE:BA:27:6E:BC:40:FA:4E:7C:E2:A1:EA:97:FF:74:0D
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/l5YxBP66J268QPpOfOKh6pf_dA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:af:d6:32:c6:4c:95:bc:51:fd:76:0c:8c:69:65:11:ef:5d:
         67:2c:f0:a4:69:5f:a8:c1:93:e4:8e:71:ee:d5:98:57:8a:47:
         48:af:87:52:d7:ec:91:77:a1:db:f4:d8:da:e3:23:45:ec:84:
         9f:ad:05:9e:15:ba:2f:38:e7:78:96:e1:32:94:18:08:aa:7b:
         1b:1e:bb:31:29:55:d4:80:82:93:22:45:bf:65:55:42:c8:8b:
         f5:b4:01:a2:7a:30:40:d2:45:a4:9e:d7:e4:f2:d6:83:05:01:
         96:c0:78:a0:aa:b2:82:50:48:c5:41:12:38:60:bd:7a:9b:b7:
         27:3a:f8:51:36:11:7c:bd:54:fb:25:c9:ab:3c:a4:53:68:ea:
         5a:e9:5d:7a:e1:ca:99:e0:89:fd:b3:98:8d:5b:a9:b0:ef:b2:
         30:c4:1c:52:86:9c:bf:89:24:de:73:e9:eb:96:62:0b:64:19:
         ae:29:83:3a:36:33:d6:0f:35:ed:c5:e3:b8:46:95:0d:e2:a8:
         15:09:c1:f9:2c:f1:52:ae:bf:8c:3e:db:35:62:a3:80:88:44:
         d0:ee:4f:da:30:f6:8c:a4:69:9a:e9:2d:0e:11:14:46:b6:18:
         86:73:1f:a3:6b:eb:75:04:b8:4f:64:6e:75:7d:48:9e:e7:21:
         3b:b0:ce:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4okKojnpaZ3kKvwyDLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzk2MzEwNGZlYmEyNzZlYmM0MGZhNGU3Y2UyYTFlYTk3ZmY3NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufdHjzcfO6CmpG42in4oVmhbs1XK
jydHE+cNfq/HRswDudLp7OL5WsYL0lNKeryfBsvRWUYXblTCBmsaJazPgnS2Eno5
tLnvCGNW2IB4Fliunft49C5yl+56rmA5yWNTcRCxfCpEsCVcEv15qtgJqyQKUQBR
vNaMldB3kIM+Ao4x6qxKwNBTohy0kvLymfVo/bYwZK2ojEYC5ldm8WhCb3qFICjd
OBJF/cDJAgKQ0/JPFmDeeEl6hlyCinhidw6C/6X4nHuhzIIZ7sSItufPaaT0wfLU
DmVHjqsu0IHug6NGCvvv7coehqxmf1NjJsB3ELjyZR1JIbrV83Ok0HMQ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeWMQT+uiduvED6TnzioeqX/3QNMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvbDVZeEJQNjZKMjY4UVBwT2ZPS2g2cGZfZEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF6MA0G
CSqGSIb3DQEBCwUAA4IBAQAYr9YyxkyVvFH9dgyMaWUR711nLPCkaV+owZPkjnHu
1ZhXikdIr4dS1+yRd6Hb9Nja4yNF7ISfrQWeFbovOOd4luEylBgIqnsbHrsxKVXU
gIKTIkW/ZVVCyIv1tAGiejBA0kWkntfk8taDBQGWwHigqrKCUEjFQRI4YL16m7cn
OvhRNhF8vVT7JcmrPKRTaOpa6V164cqZ4In9s5iNW6mw77IwxBxShpy/iSTec+nr
lmILZBmuKYM6NjPWDzXtxeO4RpUN4qgVCcH5LPFSrr+MPts1YqOAiETQ7k/aMPaM
pGma6S0OERRGthiGcx+ja+t1BLhPZG51fUie5yE7sM6T
-----END CERTIFICATE-----