Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/9fWa2lfLkLJ8sCmivN6TQyBLwDA.roa
File:                     9fWa2lfLkLJ8sCmivN6TQyBLwDA.roa (raw, json)
Hash identifier:          IPb2Fry6AFROnpqPDxpsLGmfQRyiCcADkUuNtSOH1vw=
Subject key identifier:   F5:F5:9A:DA:57:CB:90:B2:7C:B0:29:A2:BC:DE:93:43:20:4B:C0:30
Certificate issuer:       /CN=f04d278485ffaea79e910a262533a80b5ab91c8a
Certificate serial:       01941FFA95343793A1AE1300A22D2DF49F28
Authority key identifier: F0:4D:27:84:85:FF:AE:A7:9E:91:0A:26:25:33:A8:0B:5A:B9:1C:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/9fWa2lfLkLJ8sCmivN6TQyBLwDA.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60068
IP address blocks:        185.253.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:95:34:37:93:a1:ae:13:00:a2:2d:2d:f4:9f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04d278485ffaea79e910a262533a80b5ab91c8a
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5f59ada57cb90b27cb029a2bcde9343204bc030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:80:4c:0e:cf:f4:d3:c6:21:27:39:94:59:ab:
                    63:81:95:00:c9:53:0d:bc:22:15:6c:7d:25:28:50:
                    ba:ba:db:13:4c:85:bf:6f:a0:0b:8f:08:1d:d9:4d:
                    6a:39:b4:f8:b7:dd:11:14:e7:a6:9d:d5:fe:3b:da:
                    33:02:75:f1:1c:fb:0c:7c:8d:cf:25:00:3f:84:4b:
                    21:88:40:d0:7f:2d:f6:38:fe:b8:06:bb:91:a9:bb:
                    d4:1c:12:0c:37:0c:3b:40:ca:04:5e:0c:ad:30:c1:
                    6c:4b:91:28:c9:e3:8d:5b:b6:ac:16:d7:a6:bf:a6:
                    b5:d4:c9:5c:ad:ed:a4:b3:90:92:62:47:69:fa:a0:
                    9b:e7:e8:32:ce:2b:d7:85:73:30:55:00:b6:31:28:
                    59:9d:36:8c:6d:59:df:6e:bf:5f:87:52:1d:df:99:
                    5e:05:a2:6b:97:3f:6e:9f:a8:97:da:43:b3:de:b4:
                    df:b1:ae:35:91:f0:5e:0f:64:b5:99:b9:4d:5b:b4:
                    49:8e:b3:43:29:54:26:44:f3:53:3c:46:27:84:9c:
                    82:09:ac:1d:15:32:54:49:b1:2c:83:f0:fc:f9:50:
                    e2:3e:d2:45:5a:89:24:14:32:d4:dc:ec:c9:2c:10:
                    17:7b:0f:99:e9:84:65:93:c7:ad:50:47:58:a5:0f:
                    18:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F5:9A:DA:57:CB:90:B2:7C:B0:29:A2:BC:DE:93:43:20:4B:C0:30
            X509v3 Authority Key Identifier:
                keyid:F0:4D:27:84:85:FF:AE:A7:9E:91:0A:26:25:33:A8:0B:5A:B9:1C:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E0nhIX_rqeekQomJTOoC1q5HIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/9fWa2lfLkLJ8sCmivN6TQyBLwDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/aa7426-711d-4f3e-8df9-5c0e316d28b8/1/8E0nhIX_rqeekQomJTOoC1q5HIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:81:3d:6c:a9:6a:9f:22:ea:06:bf:ca:41:f8:7f:83:39:5a:
         8d:3c:b1:4d:09:75:fc:91:5c:43:52:52:49:fc:3c:07:45:a7:
         6f:fc:ec:55:54:11:23:b2:3a:40:23:1f:60:31:bd:57:1f:4a:
         76:85:b2:af:62:2e:26:4e:15:36:64:f4:ae:55:df:2b:b5:c3:
         c6:80:03:7c:a6:0a:55:f7:a1:f9:03:32:98:75:9a:bf:d3:f8:
         ac:ca:cb:26:e0:89:59:7e:98:94:c7:9a:24:83:76:3a:85:8e:
         bd:d6:18:48:2c:aa:5a:bc:db:c7:54:e0:e1:61:98:53:54:21:
         fe:2b:7b:7b:ff:3d:31:5c:98:2d:51:7c:4c:72:6e:8c:79:f4:
         22:e1:46:aa:ed:e4:4c:ef:32:2b:e8:df:f6:e9:da:2b:76:43:
         38:bc:5e:09:27:6f:3d:4f:bc:8e:65:e4:35:c9:79:69:95:db:
         f2:fc:e7:a6:e4:d1:dd:fe:be:04:db:ac:f6:c6:60:bb:65:1f:
         0d:75:87:6d:57:07:fb:34:00:4d:58:f5:5f:aa:81:3f:14:20:
         8f:17:df:f4:17:61:3d:18:d3:87:3e:9c:3b:fe:f1:c4:d1:99:
         61:af:19:83:99:cc:ce:11:d5:3d:11:ef:db:66:cc:38:91:8b:
         14:52:f4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pU0N5OhrhMAoi0t9J8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGQyNzg0ODVmZmFlYTc5ZTkxMGEyNjI1MzNhODBiNWFi
OTFjOGEwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY1OWFkYTU3Y2I5MGIyN2NiMDI5YTJiY2RlOTM0MzIwNGJjMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IBMDs/008YhJzmUWatjgZUAyVMN
vCIVbH0lKFC6utsTTIW/b6ALjwgd2U1qObT4t90RFOemndX+O9ozAnXxHPsMfI3P
JQA/hEshiEDQfy32OP64BruRqbvUHBIMNww7QMoEXgytMMFsS5EoyeONW7asFtem
v6a11Mlcre2ks5CSYkdp+qCb5+gyzivXhXMwVQC2MShZnTaMbVnfbr9fh1Id35le
BaJrlz9un6iX2kOz3rTfsa41kfBeD2S1mblNW7RJjrNDKVQmRPNTPEYnhJyCCawd
FTJUSbEsg/D8+VDiPtJFWokkFDLU3OzJLBAXew+Z6YRlk8etUEdYpQ8YrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPX1mtpXy5CyfLAporzek0MgS8AwMB8GA1UdIwQY
MBaAFPBNJ4SF/66nnpEKJiUzqAtauRyKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEUwbmhJWF9ycWVla1FvbUpUT29DMXE1SElvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9hYTc0MjYtNzExZC00ZjNlLThkZjkt
NWMwZTMxNmQyOGI4LzEvOWZXYTJsZkxrTEo4c0NtaXZONlRReUJMd0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9hYTc0MjYtNzExZC00ZjNlLThkZjktNWMwZTMxNmQyOGI4
LzEvOEUwbmhJWF9ycWVla1FvbUpUT29DMXE1SElvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf1sMA0G
CSqGSIb3DQEBCwUAA4IBAQAagT1sqWqfIuoGv8pB+H+DOVqNPLFNCXX8kVxDUlJJ
/DwHRadv/OxVVBEjsjpAIx9gMb1XH0p2hbKvYi4mThU2ZPSuVd8rtcPGgAN8pgpV
96H5AzKYdZq/0/isyssm4IlZfpiUx5okg3Y6hY691hhILKpavNvHVODhYZhTVCH+
K3t7/z0xXJgtUXxMcm6MefQi4Uaq7eRM7zIr6N/26dordkM4vF4JJ289T7yOZeQ1
yXlpldvy/Oem5NHd/r4E26z2xmC7ZR8NdYdtVwf7NABNWPVfqoE/FCCPF9/0F2E9
GNOHPpw7/vHE0ZlhrxmDmczOEdU9Ee/bZsw4kYsUUvRl
-----END CERTIFICATE-----