Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/f7reVcrHhHE-i0os8pjDmr_KSH4.roa
File:                     f7reVcrHhHE-i0os8pjDmr_KSH4.roa (raw, json)
Hash identifier:          jXh5JkKzxulogW8DJqArisPnpXo5ZeSQOy/vsvzYL7E=
Subject key identifier:   7F:BA:DE:55:CA:C7:84:71:3E:8B:4A:2C:F2:98:C3:9A:BF:CA:48:7E
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       01942747964C7E09D54259199DE8E29769AE
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/f7reVcrHhHE-i0os8pjDmr_KSH4.roa
Signing time:             Thu 02 Jan 2025 13:49:50 +0000
ROA not before:           Thu 02 Jan 2025 13:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205086
IP address blocks:        109.234.86.0/24 maxlen: 24
                          185.33.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:96:4c:7e:09:d5:42:59:19:9d:e8:e2:97:69:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 13:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fbade55cac784713e8b4a2cf298c39abfca487e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c9:a5:d0:3d:e0:5e:5c:b9:9d:26:16:e3:8f:
                    f9:d5:c1:8a:07:36:f3:0e:69:c7:a2:05:63:5e:56:
                    a0:b0:00:90:d7:28:23:f7:3d:2b:27:e5:19:c5:7b:
                    ad:00:62:9b:83:be:86:b4:05:d9:0d:b4:a2:ad:89:
                    6c:e5:3d:96:73:dd:ee:ab:5e:d5:e8:45:18:51:f6:
                    9e:b9:87:bb:47:0f:f7:19:8f:1f:8a:eb:67:72:82:
                    6d:ab:ee:08:6c:14:27:39:a2:d8:60:c2:dd:2e:7a:
                    05:0d:82:99:1c:9a:aa:27:80:1d:32:10:ad:96:e9:
                    32:09:d7:45:ee:51:6a:12:48:a9:5d:68:a5:0a:34:
                    37:2f:93:9c:98:72:c2:55:f2:5f:7f:38:1e:da:bb:
                    10:fd:7d:53:b4:72:1b:93:4a:33:9d:03:eb:e5:18:
                    1a:28:d7:ce:f2:a6:1b:1e:ff:c9:ee:36:ff:3f:d1:
                    50:c9:5e:a4:77:27:80:a1:ff:5e:7e:75:62:99:40:
                    66:0f:1e:6f:d1:45:fb:4a:3a:03:0d:49:8a:c1:47:
                    e8:ae:a9:7a:7e:ad:6a:a4:7b:69:71:3a:05:2d:ce:
                    ca:a6:ef:86:8d:0b:a5:07:a5:08:68:15:dd:9a:e4:
                    f2:ec:56:cc:0e:28:5b:a5:c0:d6:e4:fe:6d:63:b3:
                    c2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BA:DE:55:CA:C7:84:71:3E:8B:4A:2C:F2:98:C3:9A:BF:CA:48:7E
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/f7reVcrHhHE-i0os8pjDmr_KSH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.86.0/24
                  185.33.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b8:00:2e:74:4a:01:d6:58:ea:7e:72:37:0b:5e:c6:76:f6:
         a1:49:af:db:ba:cc:46:18:a8:5c:ba:b6:19:05:f1:65:93:4f:
         00:c7:96:03:06:31:19:5e:fb:83:17:cb:d8:6b:a1:82:e7:30:
         b2:96:72:f5:4a:68:98:9c:39:97:a6:8d:88:a9:f5:83:34:21:
         5e:2c:34:53:00:9d:0b:84:84:fb:55:63:49:ef:8c:46:c2:66:
         fe:eb:ee:a4:52:51:04:b3:fb:22:c3:6f:20:28:2a:c1:8b:21:
         2f:b0:58:0f:80:93:6e:58:d7:32:86:49:c3:73:b1:19:e0:e1:
         c0:c2:1f:aa:8b:90:7b:a6:ff:e5:dc:4e:01:06:e1:ae:94:a4:
         dd:ef:2b:19:e3:e5:6f:19:4d:6e:5e:f4:27:c4:01:9f:1d:0d:
         cb:03:2b:dd:9a:c0:55:8b:dc:52:ab:3f:82:a7:d1:cc:ba:86:
         84:80:c9:b5:1d:9b:cb:d9:6e:dd:ef:b1:06:30:9e:a5:fc:54:
         fa:6b:d9:47:fc:fb:d7:cd:57:03:32:7a:49:0f:b4:d7:68:7e:
         9a:ea:cb:1a:3c:b9:be:dd:12:e5:35:d6:b3:e8:44:a7:63:fb:
         d9:46:d6:4b:b3:15:7b:86:9d:c4:5a:be:2c:af:18:65:5e:bd:
         45:28:ee:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR5ZMfgnVQlkZnejil2muMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJhZGU1NWNhYzc4NDcxM2U4YjRhMmNmMjk4YzM5YWJmY2E0ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscml0D3gXly5nSYW44/51cGKBzbz
DmnHogVjXlagsACQ1ygj9z0rJ+UZxXutAGKbg76GtAXZDbSirYls5T2Wc93uq17V
6EUYUfaeuYe7Rw/3GY8fiutncoJtq+4IbBQnOaLYYMLdLnoFDYKZHJqqJ4AdMhCt
lukyCddF7lFqEkipXWilCjQ3L5OcmHLCVfJffzge2rsQ/X1TtHIbk0oznQPr5Rga
KNfO8qYbHv/J7jb/P9FQyV6kdyeAof9efnVimUBmDx5v0UX7SjoDDUmKwUforql6
fq1qpHtpcToFLc7Kpu+GjQulB6UIaBXdmuTy7FbMDihbpcDW5P5tY7PCEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH+63lXKx4RxPotKLPKYw5q/ykh+MB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvZjdyZVZjckhoSEUtaTBvczhwakRtcl9LU0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbepWAwQA
uSFCMA0GCSqGSIb3DQEBCwUAA4IBAQBsuAAudEoB1ljqfnI3C17GdvahSa/busxG
GKhcurYZBfFlk08Ax5YDBjEZXvuDF8vYa6GC5zCylnL1SmiYnDmXpo2IqfWDNCFe
LDRTAJ0LhIT7VWNJ74xGwmb+6+6kUlEEs/siw28gKCrBiyEvsFgPgJNuWNcyhknD
c7EZ4OHAwh+qi5B7pv/l3E4BBuGulKTd7ysZ4+VvGU1uXvQnxAGfHQ3LAyvdmsBV
i9xSqz+Cp9HMuoaEgMm1HZvL2W7d77EGMJ6l/FT6a9lH/PvXzVcDMnpJD7TXaH6a
6ssaPLm+3RLlNdaz6ESnY/vZRtZLsxV7hp3EWr4srxhlXr1FKO5h
-----END CERTIFICATE-----