Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Phmx9blLQ7v5rgeNAupIAeVATYQ.roa
File:                     Phmx9blLQ7v5rgeNAupIAeVATYQ.roa (raw, json)
Hash identifier:          ql8UKx0lpekuzUNBWqBQ1mqh/lL/DJd1b7ik/nG/cD4=
Subject key identifier:   3E:19:B1:F5:B9:4B:43:BB:F9:AE:07:8D:02:EA:48:01:E5:40:4D:84
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       019425FDE2E86642209C0A90DEF4F1D2F9D1
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Phmx9blLQ7v5rgeNAupIAeVATYQ.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51500
IP address blocks:        185.17.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e2:e8:66:42:20:9c:0a:90:de:f4:f1:d2:f9:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e19b1f5b94b43bbf9ae078d02ea4801e5404d84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:19:c5:cc:66:1e:df:c3:ca:26:ad:bb:dd:a8:
                    f0:89:4f:0a:3c:b8:fc:a9:2f:f4:b0:39:01:ff:b0:
                    43:19:52:28:99:8d:1f:87:df:d0:c5:5c:80:dc:b1:
                    df:8b:35:ab:0d:ec:bb:a7:da:b7:35:eb:3f:fb:7e:
                    08:9b:54:ec:4d:09:95:c9:50:f5:18:40:ed:e5:7d:
                    a0:6a:d5:82:67:ad:f1:ec:f7:56:ea:f4:77:c8:8d:
                    8b:4a:a1:20:f8:2d:dc:da:43:e6:07:de:26:67:2f:
                    e7:30:77:c7:09:2d:18:ef:98:4e:b7:9a:d1:fc:9d:
                    a7:64:68:9c:68:8e:97:ca:32:48:ef:cd:7b:c9:d9:
                    5b:1b:64:f7:cd:cc:e0:d0:d5:c4:4a:69:60:d8:70:
                    a1:9d:41:5b:3f:f0:8d:c9:bb:73:05:28:e1:b1:a7:
                    11:e1:f7:70:9c:c9:64:3f:7f:03:e2:13:53:34:cf:
                    45:3d:e2:8c:2a:2a:a8:05:44:f5:eb:97:33:84:c8:
                    5d:f1:52:33:0c:77:e8:00:67:d5:56:34:3a:73:43:
                    b7:fa:6c:ac:7a:e9:19:fe:d2:4e:1f:6c:0c:7c:ad:
                    81:15:f6:e7:94:2c:97:88:27:d1:24:13:7e:1a:5b:
                    5d:bf:94:75:a8:b7:f8:96:99:9f:70:18:65:fe:f6:
                    ee:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:19:B1:F5:B9:4B:43:BB:F9:AE:07:8D:02:EA:48:01:E5:40:4D:84
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/Phmx9blLQ7v5rgeNAupIAeVATYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:ec:fd:fe:81:ee:f2:84:17:cd:50:7a:d5:7b:5a:bd:fd:8c:
         4e:9b:68:74:a1:c7:2c:ca:05:33:4c:f8:2e:cc:04:05:26:00:
         50:4d:19:24:d9:9c:98:2a:b2:4e:46:bd:1d:f8:6f:d0:0e:7d:
         44:5a:36:04:90:e6:3a:0f:27:98:3a:8c:ef:48:24:f1:ca:7c:
         8a:e5:8c:c2:06:c2:b6:f7:84:8b:16:a8:94:f2:48:c9:6d:3f:
         58:93:72:77:8b:f7:2c:4a:6d:5c:e5:f9:af:0e:68:52:b4:13:
         85:63:f6:1f:7a:60:6e:4b:3d:d4:f9:ec:b3:95:15:fb:7a:da:
         03:2a:6b:79:62:61:23:bf:46:ab:3f:23:e8:1b:1c:8c:07:29:
         1a:a2:27:01:ed:5a:57:e0:18:53:e0:b1:10:24:a9:b2:d7:8d:
         ae:64:5e:86:1d:ec:24:07:51:67:7c:ba:90:91:14:30:22:5c:
         12:85:18:2a:8d:32:e4:80:37:04:16:e4:6d:b6:4e:bf:04:c0:
         d2:62:0d:74:c5:1b:bc:19:dd:1a:2a:e6:55:1e:b0:78:73:b2:
         dd:c1:b6:de:9d:59:68:f1:c4:99:60:7d:b7:dd:9b:61:be:eb:
         57:a2:8a:6b:01:c7:cd:e1:b2:5d:14:be:94:e4:42:fa:63:38:
         8c:26:c6:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eLoZkIgnAqQ3vTx0vnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTE5YjFmNWI5NGI0M2JiZjlhZTA3OGQwMmVhNDgwMWU1NDA0ZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxnFzGYe38PKJq273ajwiU8KPLj8
qS/0sDkB/7BDGVIomY0fh9/QxVyA3LHfizWrDey7p9q3Nes/+34Im1TsTQmVyVD1
GEDt5X2gatWCZ63x7PdW6vR3yI2LSqEg+C3c2kPmB94mZy/nMHfHCS0Y75hOt5rR
/J2nZGicaI6XyjJI7817ydlbG2T3zczg0NXESmlg2HChnUFbP/CNybtzBSjhsacR
4fdwnMlkP38D4hNTNM9FPeKMKiqoBUT165czhMhd8VIzDHfoAGfVVjQ6c0O3+mys
eukZ/tJOH2wMfK2BFfbnlCyXiCfRJBN+Gltdv5R1qLf4lpmfcBhl/vbuGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4ZsfW5S0O7+a4HjQLqSAHlQE2EMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvUGhteDlibExRN3Y1cmdlTkF1cElBZVZBVFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRF/MA0G
CSqGSIb3DQEBCwUAA4IBAQBQ7P3+ge7yhBfNUHrVe1q9/YxOm2h0occsygUzTPgu
zAQFJgBQTRkk2ZyYKrJORr0d+G/QDn1EWjYEkOY6DyeYOozvSCTxynyK5YzCBsK2
94SLFqiU8kjJbT9Yk3J3i/csSm1c5fmvDmhStBOFY/YfemBuSz3U+eyzlRX7etoD
Kmt5YmEjv0arPyPoGxyMBykaoicB7VpX4BhT4LEQJKmy142uZF6GHewkB1FnfLqQ
kRQwIlwShRgqjTLkgDcEFuRttk6/BMDSYg10xRu8Gd0aKuZVHrB4c7LdwbbenVlo
8cSZYH233ZthvutXooprAcfN4bJdFL6U5EL6YziMJsbZ
-----END CERTIFICATE-----