Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/yI_RXXqJUefuh1flF2oTn9wC4DI.roa
File:                     yI_RXXqJUefuh1flF2oTn9wC4DI.roa (raw, json)
Hash identifier:          j2h6Y5w4TEDmVG2v4OM8fOFhUfhpchqy4oEvpRV83t4=
Subject key identifier:   C8:8F:D1:5D:7A:89:51:E7:EE:87:57:E5:17:6A:13:9F:DC:02:E0:32
Certificate issuer:       /CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
Certificate serial:       019423D7DB913BD99995DA5338AB2B0471EC
Authority key identifier: 4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/yI_RXXqJUefuh1flF2oTn9wC4DI.roa
Signing time:             Wed 01 Jan 2025 21:48:56 +0000
ROA not before:           Wed 01 Jan 2025 21:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50056
IP address blocks:        185.217.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 06:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:db:91:3b:d9:99:95:da:53:38:ab:2b:04:71:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
        Validity
            Not Before: Jan  1 21:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c88fd15d7a8951e7ee8757e5176a139fdc02e032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5f:8d:23:08:ba:1c:6d:2e:56:a6:b9:f5:38:
                    06:f8:78:3c:88:ba:21:ed:92:e8:03:28:a2:f4:49:
                    fe:27:82:4e:9d:b8:1e:b1:0a:a3:e7:71:e9:50:3e:
                    35:92:65:b8:44:10:b3:0a:0c:94:17:53:53:12:6f:
                    aa:9e:dd:bb:e7:1e:71:34:da:d5:3c:bf:91:a0:81:
                    cd:56:1a:3b:1a:8e:11:c6:6f:4a:ad:bd:d7:b6:dc:
                    95:a4:be:61:e5:e6:e9:15:9b:e3:80:f0:60:9e:59:
                    08:c7:22:c4:4b:34:7d:6f:39:8a:d6:ed:a8:c7:b5:
                    e4:b6:d5:01:bc:ee:8e:18:ab:ed:a1:64:df:47:70:
                    8c:5a:c4:53:87:d4:0d:f9:80:28:16:1c:56:42:63:
                    9d:c2:b9:4d:80:8f:96:94:39:da:18:ba:f4:bf:31:
                    11:fe:7d:a1:7a:6f:17:46:b5:68:83:4e:81:84:11:
                    d4:36:75:d1:ec:38:d3:7b:a5:48:02:83:1f:26:49:
                    40:6f:37:cf:ff:71:1c:ec:5b:48:80:11:a5:2d:56:
                    27:4f:03:14:7e:66:bf:60:aa:84:26:d8:e5:03:46:
                    72:c9:33:12:43:62:d0:3d:fe:34:6d:15:91:d8:94:
                    a3:29:60:47:e0:ed:a8:8a:76:17:18:6f:f7:cf:2e:
                    bb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8F:D1:5D:7A:89:51:E7:EE:87:57:E5:17:6A:13:9F:DC:02:E0:32
            X509v3 Authority Key Identifier:
                keyid:4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/yI_RXXqJUefuh1flF2oTn9wC4DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:e3:53:99:74:78:12:5f:d2:e4:42:94:bb:6c:04:c0:3a:54:
         8a:7e:41:cf:29:6c:f1:be:c1:76:f7:a4:60:d9:ed:b9:13:c3:
         b9:83:70:f1:35:33:ad:66:9e:18:5e:77:c5:a9:04:c4:50:38:
         b2:51:8f:a9:1c:1a:36:83:68:92:d3:06:6c:c3:eb:f2:7a:4d:
         ba:45:52:e5:64:c7:d9:f1:8d:21:c3:1f:a2:3a:74:41:f6:a0:
         0b:b1:ca:e5:0e:42:f4:2a:e3:1e:6e:5c:fc:f1:20:cc:b0:86:
         cd:0e:bb:df:29:f7:9f:89:11:40:a5:1a:8c:67:2a:4f:e4:14:
         66:8a:e3:f0:d6:b7:f9:05:8f:b0:6f:e0:53:a3:f1:45:9f:22:
         78:fa:8f:0d:9c:4b:5b:c8:dd:27:e0:57:f9:c1:54:33:94:3b:
         86:46:3e:83:78:59:44:c8:e7:b5:63:04:07:6c:a1:ff:96:56:
         ab:e5:58:a2:50:79:08:0a:99:bb:75:3d:be:d3:5e:f7:ac:27:
         80:ab:18:8e:ea:49:12:2c:23:1c:47:af:43:ce:91:f9:44:53:
         9e:7b:c7:3c:17:14:b3:17:40:7c:be:0d:22:09:59:7f:c9:ab:
         d2:25:56:8c:b8:0f:74:5e:f0:e0:44:3c:4c:63:5f:c5:08:5c:
         31:ed:26:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj19uRO9mZldpTOKsrBHHsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYmQwYjEzNWE3ZGZkNmI2YWExYjE4NDllYjE2MzQwMmRl
OGUxYjEwHhcNMjUwMTAxMjE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhmZDE1ZDdhODk1MWU3ZWU4NzU3ZTUxNzZhMTM5ZmRjMDJlMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF+NIwi6HG0uVqa59TgG+Hg8iLoh
7ZLoAyii9En+J4JOnbgesQqj53HpUD41kmW4RBCzCgyUF1NTEm+qnt275x5xNNrV
PL+RoIHNVho7Go4Rxm9Krb3XttyVpL5h5ebpFZvjgPBgnlkIxyLESzR9bzmK1u2o
x7XkttUBvO6OGKvtoWTfR3CMWsRTh9QN+YAoFhxWQmOdwrlNgI+WlDnaGLr0vzER
/n2hem8XRrVog06BhBHUNnXR7DjTe6VIAoMfJklAbzfP/3Ec7FtIgBGlLVYnTwMU
fma/YKqEJtjlA0ZyyTMSQ2LQPf40bRWR2JSjKWBH4O2oinYXGG/3zy676QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiP0V16iVHn7odX5RdqE5/cAuAyMB8GA1UdIwQY
MBaAFE29CxNaff1raqGxhJ6xY0At6OGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2Yt
ZmVmYTFhYmFlZGNmLzEveUlfUlhYcUpVZWZ1aDFmbEYyb1RuOXdDNERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2YtZmVmYTFhYmFlZGNm
LzEvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmlMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ41OZdHgSX9LkQpS7bATAOlSKfkHPKWzxvsF296Rg
2e25E8O5g3DxNTOtZp4YXnfFqQTEUDiyUY+pHBo2g2iS0wZsw+vyek26RVLlZMfZ
8Y0hwx+iOnRB9qALscrlDkL0KuMeblz88SDMsIbNDrvfKfefiRFApRqMZypP5BRm
iuPw1rf5BY+wb+BTo/FFnyJ4+o8NnEtbyN0n4Ff5wVQzlDuGRj6DeFlEyOe1YwQH
bKH/llar5ViiUHkICpm7dT2+0173rCeAqxiO6kkSLCMcR69DzpH5RFOee8c8FxSz
F0B8vg0iCVl/yavSJVaMuA90XvDgRDxMY1/FCFwx7SZe
-----END CERTIFICATE-----