Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/nie0Mmy1gieDJiKDb3rzMQ7GKsE.roa
File:                     nie0Mmy1gieDJiKDb3rzMQ7GKsE.roa (raw, json)
Hash identifier:          yfewYdidxvBmXesHwdrJgftWGHYEK1CBv49h98D7XZY=
Subject key identifier:   9E:27:B4:32:6C:B5:82:27:83:26:22:83:6F:7A:F3:31:0E:C6:2A:C1
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       01941FFA2888AEAF23F75A6D95B6074F8C5F
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/nie0Mmy1gieDJiKDb3rzMQ7GKsE.roa
Signing time:             Wed 01 Jan 2025 03:47:55 +0000
ROA not before:           Wed 01 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        185.114.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 00:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:28:88:ae:af:23:f7:5a:6d:95:b6:07:4f:8c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e27b4326cb58227832622836f7af3310ec62ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2c:1b:33:be:3d:c0:8c:bb:a4:da:3e:34:77:
                    3c:0a:19:9c:0a:81:cf:bf:51:a8:35:a5:e3:5b:36:
                    0b:1c:70:13:6f:65:03:ba:ec:54:be:c7:06:56:87:
                    f8:04:63:9f:c2:94:9a:55:48:09:92:6b:fd:93:16:
                    c8:4c:7c:24:d9:c2:b4:ad:17:bb:de:a6:3f:ca:02:
                    10:00:21:25:68:4d:6f:c8:66:55:45:47:cd:7b:6c:
                    ac:03:25:ad:0e:e9:30:f6:30:85:70:52:6a:4d:65:
                    71:0e:47:3e:10:f5:8b:ef:47:d8:38:e2:08:f9:46:
                    4e:95:ed:25:c7:f6:e2:16:c2:72:95:be:2b:01:d0:
                    e6:5c:0a:d4:a3:5a:97:8b:54:8d:50:8e:06:a2:b4:
                    70:b9:5b:2e:65:63:45:25:34:9b:eb:0c:94:e4:4d:
                    bf:d1:ef:2f:c6:81:a5:38:e2:96:bb:e1:1a:fa:0e:
                    f3:d3:80:d1:d5:64:3c:44:30:5d:52:33:e6:f6:05:
                    69:ee:d6:5c:74:84:56:a8:0d:72:5c:0b:60:a7:21:
                    75:68:b6:bd:99:de:36:90:d4:7a:c6:39:05:31:24:
                    cf:26:97:c3:27:cf:89:01:90:1a:9c:a1:39:be:ef:
                    4b:35:ea:6f:ea:29:75:16:59:a0:de:ee:ee:69:99:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:27:B4:32:6C:B5:82:27:83:26:22:83:6F:7A:F3:31:0E:C6:2A:C1
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/nie0Mmy1gieDJiKDb3rzMQ7GKsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:fe:c7:0a:50:8f:11:c8:85:09:8f:78:96:f7:77:c7:11:49:
         ea:f6:ef:5a:79:78:39:5f:7c:ca:a4:4b:57:90:e9:34:13:db:
         54:c9:b6:27:b0:07:cd:81:92:0c:b1:70:48:63:e7:fb:d5:ed:
         d1:a3:83:a3:b9:0a:4e:6c:80:94:ed:71:b3:92:ec:2f:43:39:
         68:37:37:3d:6f:09:40:36:83:85:de:18:58:c0:e2:31:bb:63:
         dc:26:79:46:11:6d:b8:eb:0b:4f:b7:64:76:b6:6f:cf:0c:1d:
         bf:a9:e6:7a:fc:93:ab:4e:bb:7a:04:03:94:6d:74:75:bf:86:
         a6:41:8c:49:6c:57:c5:4e:d0:44:c9:fd:66:7d:f9:1b:8d:1e:
         b2:a2:7e:cf:de:5e:4c:2c:53:f5:4f:3b:da:2e:b7:06:47:69:
         8a:6b:38:26:74:1c:01:f5:81:95:a3:75:0c:05:2a:be:b8:07:
         d0:e6:29:d0:13:28:64:f4:eb:6a:88:ab:0a:52:df:f9:bc:9b:
         22:66:df:f9:ef:96:e9:9f:08:52:30:1d:53:00:73:2f:45:4e:
         73:ce:84:dc:aa:c8:a6:30:bf:64:c8:62:0a:38:e2:09:1c:81:
         16:4e:49:53:9c:a9:04:3a:aa:4a:8e:e0:41:e4:7e:6e:1b:fd:
         c7:a4:cd:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iiIrq8j91ptlbYHT4xfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjUwMTAxMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI3YjQzMjZjYjU4MjI3ODMyNjIyODM2ZjdhZjMzMTBlYzYyYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCwbM749wIy7pNo+NHc8ChmcCoHP
v1GoNaXjWzYLHHATb2UDuuxUvscGVof4BGOfwpSaVUgJkmv9kxbITHwk2cK0rRe7
3qY/ygIQACElaE1vyGZVRUfNe2ysAyWtDukw9jCFcFJqTWVxDkc+EPWL70fYOOII
+UZOle0lx/biFsJylb4rAdDmXArUo1qXi1SNUI4GorRwuVsuZWNFJTSb6wyU5E2/
0e8vxoGlOOKWu+Ea+g7z04DR1WQ8RDBdUjPm9gVp7tZcdIRWqA1yXAtgpyF1aLa9
md42kNR6xjkFMSTPJpfDJ8+JAZAanKE5vu9LNepv6il1Flmg3u7uaZnv1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4ntDJstYIngyYig2968zEOxirBMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvbmllME1teTFnaWVESmlLRGIzcnpNUTdHS3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIgMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/scKUI8RyIUJj3iW93fHEUnq9u9aeXg5X3zKpEtX
kOk0E9tUybYnsAfNgZIMsXBIY+f71e3Ro4OjuQpObICU7XGzkuwvQzloNzc9bwlA
NoOF3hhYwOIxu2PcJnlGEW246wtPt2R2tm/PDB2/qeZ6/JOrTrt6BAOUbXR1v4am
QYxJbFfFTtBEyf1mffkbjR6yon7P3l5MLFP1TzvaLrcGR2mKazgmdBwB9YGVo3UM
BSq+uAfQ5inQEyhk9OtqiKsKUt/5vJsiZt/575bpnwhSMB1TAHMvRU5zzoTcqsim
ML9kyGIKOOIJHIEWTklTnKkEOqpKjuBB5H5uG/3HpM1F
-----END CERTIFICATE-----