Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/x87acQDfo7zGs3qirjlrzwnM_hA.roa
File:                     x87acQDfo7zGs3qirjlrzwnM_hA.roa (raw, json)
Hash identifier:          U4EKqslx/+4i2YtDzAzEmDv7ojb2iGPFBdKGnVtkCzE=
Subject key identifier:   C7:CE:DA:71:00:DF:A3:BC:C6:B3:7A:A2:AE:39:6B:CF:09:CC:FE:10
Certificate issuer:       /CN=d9601efb3f0cfdaa2295187d2b0456494110e157
Certificate serial:       019424B270F48C99B43EF2D0F69ECF133F22
Authority key identifier: D9:60:1E:FB:3F:0C:FD:AA:22:95:18:7D:2B:04:56:49:41:10:E1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/x87acQDfo7zGs3qirjlrzwnM_hA.roa
Signing time:             Thu 02 Jan 2025 01:47:41 +0000
ROA not before:           Thu 02 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50304
IP address blocks:        185.12.72.0/22 maxlen: 24
                          2a02:e340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:70:f4:8c:99:b4:3e:f2:d0:f6:9e:cf:13:3f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9601efb3f0cfdaa2295187d2b0456494110e157
        Validity
            Not Before: Jan  2 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7ceda7100dfa3bcc6b37aa2ae396bcf09ccfe10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:1c:5a:df:cf:51:01:26:04:6a:9a:8a:c2:
                    b1:6e:72:2e:46:a8:dd:2d:c3:4d:25:4d:3a:77:ab:
                    a9:fd:52:5d:5e:26:71:b1:3c:a1:ee:44:6e:73:f0:
                    90:d1:45:a4:1e:91:f8:5c:ab:da:4c:d8:53:dd:90:
                    e1:7a:c0:1e:bd:11:35:91:7a:5d:19:87:f5:15:3a:
                    f9:11:b6:f7:ae:cb:b6:fb:f7:2a:ea:4f:8a:d3:32:
                    13:a0:3a:0b:f1:84:ab:c6:4d:5d:04:d4:f7:b7:92:
                    8e:51:41:d6:79:48:e1:2d:3e:4f:0e:1b:7f:7a:bc:
                    f0:e2:17:ab:aa:da:9d:c2:36:a6:63:56:ff:d0:70:
                    6f:cb:c6:32:83:4b:18:ce:f3:d7:0a:2c:be:3c:ab:
                    ae:84:03:e3:21:17:af:42:fb:45:a5:8f:48:5c:11:
                    35:e3:fd:e4:c2:7d:67:41:49:88:b7:d5:eb:a6:b1:
                    d1:57:ea:f6:93:c1:32:03:51:2f:8a:90:dd:95:b4:
                    29:b2:f2:e4:63:82:73:e0:50:4d:22:58:18:10:66:
                    70:df:3f:a5:76:5a:a8:68:eb:49:6e:de:40:da:f9:
                    d4:f0:ff:4c:d9:7f:c1:c5:04:67:ef:c1:a4:bc:3a:
                    b6:a0:26:0c:8e:42:20:0c:bc:a9:d1:9c:2c:77:3d:
                    fc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:CE:DA:71:00:DF:A3:BC:C6:B3:7A:A2:AE:39:6B:CF:09:CC:FE:10
            X509v3 Authority Key Identifier:
                keyid:D9:60:1E:FB:3F:0C:FD:AA:22:95:18:7D:2B:04:56:49:41:10:E1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/x87acQDfo7zGs3qirjlrzwnM_hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b08eef-a34a-4572-a9f8-690a88586870/1/2WAe-z8M_aoilRh9KwRWSUEQ4Vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.72.0/22
                IPv6:
                  2a02:e340::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:e5:ff:71:5c:e8:77:a1:75:26:77:08:85:3f:d2:a0:9f:f5:
         e7:99:6d:f4:b9:6e:5c:11:73:9d:5e:b5:42:2e:d3:b3:17:4f:
         3f:07:03:6d:8c:41:f6:68:c7:c1:69:22:43:2a:59:d4:5c:53:
         98:dd:07:a9:e4:82:5c:f5:ff:e5:f0:dd:b3:b1:c8:c8:df:72:
         a9:51:16:cc:04:72:f3:f6:ef:42:19:26:8d:86:01:34:04:cd:
         03:f8:15:5a:f2:c7:bc:e7:cf:f8:39:ce:fd:00:5e:73:84:88:
         02:b7:94:ce:7a:02:67:87:13:ec:20:3b:16:c4:48:59:18:d6:
         67:2b:51:13:a4:6c:71:95:e6:8e:71:20:b6:64:c3:1b:15:fe:
         3e:d4:2a:87:e2:86:4f:eb:c5:94:f0:7e:42:23:71:19:fc:52:
         ed:dc:5b:91:4e:ee:a7:56:72:04:8d:27:3b:c9:18:d2:91:fb:
         25:0e:c7:66:b3:8b:b6:3b:f6:c9:5a:57:6d:79:3f:cc:a7:bf:
         b0:7d:b4:10:0d:64:94:15:7c:f1:ec:50:de:7e:36:64:d6:49:
         a7:85:a5:31:4e:d6:73:aa:2a:e2:eb:e1:29:03:13:37:be:74:
         03:68:85:b1:24:40:9d:34:02:dd:7d:d2:f7:9b:4b:c7:e1:70:
         34:c8:5a:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQksnD0jJm0PvLQ9p7PEz8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NjAxZWZiM2YwY2ZkYWEyMjk1MTg3ZDJiMDQ1NjQ5NDEx
MGUxNTcwHhcNMjUwMTAyMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2NlZGE3MTAwZGZhM2JjYzZiMzdhYTJhZTM5NmJjZjA5Y2NmZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW8cWt/PUQEmBGqaisKxbnIuRqjd
LcNNJU06d6up/VJdXiZxsTyh7kRuc/CQ0UWkHpH4XKvaTNhT3ZDhesAevRE1kXpd
GYf1FTr5Ebb3rsu2+/cq6k+K0zIToDoL8YSrxk1dBNT3t5KOUUHWeUjhLT5PDht/
erzw4herqtqdwjamY1b/0HBvy8Yyg0sYzvPXCiy+PKuuhAPjIRevQvtFpY9IXBE1
4/3kwn1nQUmIt9XrprHRV+r2k8EyA1EvipDdlbQpsvLkY4Jz4FBNIlgYEGZw3z+l
dlqoaOtJbt5A2vnU8P9M2X/BxQRn78GkvDq2oCYMjkIgDLyp0Zwsdz38cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfO2nEA36O8xrN6oq45a88JzP4QMB8GA1UdIwQY
MBaAFNlgHvs/DP2qIpUYfSsEVklBEOFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMldBZS16OE1fYW9pbFJoOUt3UldTVUVRNFZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDhlZWYtYTM0YS00NTcyLWE5Zjgt
NjkwYTg4NTg2ODcwLzEveDg3YWNRRGZvN3pHczNxaXJqbHJ6d25NX2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDhlZWYtYTM0YS00NTcyLWE5ZjgtNjkwYTg4NTg2ODcw
LzEvMldBZS16OE1fYW9pbFJoOUt3UldTVUVRNFZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQxIMA0E
AgACMAcDBQMqAuNAMA0GCSqGSIb3DQEBCwUAA4IBAQBN5f9xXOh3oXUmdwiFP9Kg
n/XnmW30uW5cEXOdXrVCLtOzF08/BwNtjEH2aMfBaSJDKlnUXFOY3Qep5IJc9f/l
8N2zscjI33KpURbMBHLz9u9CGSaNhgE0BM0D+BVa8se858/4Oc79AF5zhIgCt5TO
egJnhxPsIDsWxEhZGNZnK1ETpGxxleaOcSC2ZMMbFf4+1CqH4oZP68WU8H5CI3EZ
/FLt3FuRTu6nVnIEjSc7yRjSkfslDsdms4u2O/bJWldteT/Mp7+wfbQQDWSUFXzx
7FDefjZk1kmnhaUxTtZzqiri6+EpAxM3vnQDaIWxJECdNALdfdL3m0vH4XA0yFoF
-----END CERTIFICATE-----