Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/592QE4e5wcWss3bcgpe0118a4o8.roa
File:                     592QE4e5wcWss3bcgpe0118a4o8.roa (raw, json)
Hash identifier:          yC3/nLVWBZfIP94drGS0GWcqBe2jUht68itw5CKk0vc=
Subject key identifier:   E7:DD:90:13:87:B9:C1:C5:AC:B3:76:DC:82:97:B4:D7:5F:1A:E2:8F
Certificate issuer:       /CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
Certificate serial:       0194258F23FE642BC2953CBDEF4F9B5245EB
Authority key identifier: 7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/592QE4e5wcWss3bcgpe0118a4o8.roa
Signing time:             Thu 02 Jan 2025 05:48:45 +0000
ROA not before:           Thu 02 Jan 2025 05:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64433
IP address blocks:        185.117.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:23:fe:64:2b:c2:95:3c:bd:ef:4f:9b:52:45:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
        Validity
            Not Before: Jan  2 05:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7dd901387b9c1c5acb376dc8297b4d75f1ae28f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cc:a8:35:90:1b:15:55:3e:a5:b3:50:af:26:
                    3e:57:db:1f:fd:23:86:e3:aa:05:f5:29:45:25:de:
                    27:e5:ae:f2:88:d8:37:da:02:74:11:3b:6b:e7:d1:
                    db:b3:f5:41:b8:30:c6:e8:f3:e5:15:21:03:9b:b2:
                    f6:34:f9:ba:69:40:aa:cb:5f:ce:12:00:1a:27:24:
                    ed:8c:52:90:d7:be:c0:5c:82:45:dc:91:eb:c1:dd:
                    7a:c9:5b:66:a8:db:f0:b1:5b:aa:be:9c:c8:8f:74:
                    72:6a:2e:fa:9f:8f:ac:04:8a:03:bb:68:12:5a:19:
                    db:6d:f8:ce:eb:c7:5c:bf:34:e0:0d:62:7f:cd:85:
                    1e:5a:0a:40:32:fd:99:39:7a:b3:e3:97:df:5e:ed:
                    f0:fb:79:95:3d:21:63:cc:3f:07:82:a3:6f:2c:23:
                    2a:32:c8:0e:62:1c:8e:37:a2:1c:76:18:37:b7:06:
                    c2:42:65:75:29:ef:cd:7d:da:1f:d4:4b:2f:ee:0e:
                    fd:b0:9e:db:66:f9:77:47:10:2c:29:f0:fb:ae:37:
                    50:14:6e:0e:7e:d3:65:b4:2d:3c:bb:56:0b:55:d6:
                    30:ac:0b:57:97:2a:20:a5:3b:e1:5d:6b:53:a4:6d:
                    76:e7:63:9b:d2:26:e5:68:4d:53:b0:eb:17:3e:c2:
                    e4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:DD:90:13:87:B9:C1:C5:AC:B3:76:DC:82:97:B4:D7:5F:1A:E2:8F
            X509v3 Authority Key Identifier:
                keyid:7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/592QE4e5wcWss3bcgpe0118a4o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:fd:e3:e5:f9:44:b1:08:7e:17:04:ea:27:aa:99:de:e9:d4:
         92:a7:2e:1e:60:2d:3e:3b:d7:51:07:6c:cd:4a:59:d6:06:42:
         70:6b:17:e6:9d:8b:59:f9:bb:cd:a1:4b:0d:02:1c:cc:24:74:
         ce:40:91:17:47:06:c9:3c:27:b2:5a:92:e0:3e:a6:27:70:24:
         e3:ff:47:c1:5e:bc:74:71:44:35:a6:03:74:5a:98:62:00:ff:
         a6:cd:eb:31:e4:e9:d9:4a:4e:fc:e2:71:df:22:c7:30:43:3f:
         0c:15:7a:49:02:ea:09:20:09:0d:d5:11:ef:e6:86:87:7c:8a:
         92:3f:b1:82:f6:1c:25:28:09:9a:ef:cc:4e:79:9a:8f:53:f0:
         0e:92:af:e0:0a:f3:81:61:a1:ab:9d:10:2e:98:63:23:45:e1:
         fb:19:05:15:cb:57:88:d5:84:e3:eb:ff:2c:11:18:90:8e:9d:
         e4:48:96:e3:16:4e:f8:f8:7c:1c:6a:bb:94:78:fa:ee:8a:dd:
         33:98:6d:b7:bf:c1:5b:00:16:2f:b8:42:05:9f:42:84:b7:18:
         dc:67:8f:5d:7a:3c:52:ac:01:db:40:68:8b:ef:84:86:03:5a:
         87:a4:5d:ae:e1:4c:9d:ac:6f:9b:f8:0e:ef:a4:21:9e:f7:8f:
         e4:b0:77:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljyP+ZCvClTy970+bUkXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTVjMGY5NWFiN2JlOGI4NWY3MTFmYTQzMzY2NWMxNGU2
ZTkzNTkwHhcNMjUwMTAyMDU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2RkOTAxMzg3YjljMWM1YWNiMzc2ZGM4Mjk3YjRkNzVmMWFlMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8yoNZAbFVU+pbNQryY+V9sf/SOG
46oF9SlFJd4n5a7yiNg32gJ0ETtr59Hbs/VBuDDG6PPlFSEDm7L2NPm6aUCqy1/O
EgAaJyTtjFKQ177AXIJF3JHrwd16yVtmqNvwsVuqvpzIj3Ryai76n4+sBIoDu2gS
WhnbbfjO68dcvzTgDWJ/zYUeWgpAMv2ZOXqz45ffXu3w+3mVPSFjzD8HgqNvLCMq
MsgOYhyON6Icdhg3twbCQmV1Ke/Nfdof1Esv7g79sJ7bZvl3RxAsKfD7rjdQFG4O
ftNltC08u1YLVdYwrAtXlyogpTvhXWtTpG1252Ob0iblaE1TsOsXPsLk6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfdkBOHucHFrLN23IKXtNdfGuKPMB8GA1UdIwQY
MBaAFH7lwPlat76LhfcR+kM2ZcFObpNZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEt
OTAxOTRiZDY4NDI4LzEvNTkyUUU0ZTV3Y1dzczNiY2dwZTAxMThhNG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEtOTAxOTRiZDY4NDI4
LzEvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXUdMA0G
CSqGSIb3DQEBCwUAA4IBAQBn/ePl+USxCH4XBOonqpne6dSSpy4eYC0+O9dRB2zN
SlnWBkJwaxfmnYtZ+bvNoUsNAhzMJHTOQJEXRwbJPCeyWpLgPqYncCTj/0fBXrx0
cUQ1pgN0WphiAP+mzesx5OnZSk784nHfIscwQz8MFXpJAuoJIAkN1RHv5oaHfIqS
P7GC9hwlKAma78xOeZqPU/AOkq/gCvOBYaGrnRAumGMjReH7GQUVy1eI1YTj6/8s
ERiQjp3kSJbjFk74+HwcaruUePruit0zmG23v8FbABYvuEIFn0KEtxjcZ49dejxS
rAHbQGiL74SGA1qHpF2u4UydrG+b+A7vpCGe94/ksHc2
-----END CERTIFICATE-----