Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/C-H7cUZDR8Fn5bAwbFaXEXvgd-E.roa
File:                     C-H7cUZDR8Fn5bAwbFaXEXvgd-E.roa (raw, json)
Hash identifier:          HsvEFF3yXL6NktNRceT9btK/0vgIKnScyehQHmjIyPs=
Subject key identifier:   0B:E1:FB:71:46:43:47:C1:67:E5:B0:30:6C:56:97:11:7B:E0:77:E1
Certificate issuer:       /CN=36bd4a382dae2be5cb98b35e5a048d03b4ccbe2b
Certificate serial:       0194236A091E7541C2048CB580F81590B229
Authority key identifier: 36:BD:4A:38:2D:AE:2B:E5:CB:98:B3:5E:5A:04:8D:03:B4:CC:BE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nr1KOC2uK-XLmLNeWgSNA7TMvis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/C-H7cUZDR8Fn5bAwbFaXEXvgd-E.roa
Signing time:             Wed 01 Jan 2025 19:48:59 +0000
ROA not before:           Wed 01 Jan 2025 19:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.211.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/Nr1KOC2uK-XLmLNeWgSNA7TMvis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/Nr1KOC2uK-XLmLNeWgSNA7TMvis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nr1KOC2uK-XLmLNeWgSNA7TMvis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:09:1e:75:41:c2:04:8c:b5:80:f8:15:90:b2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36bd4a382dae2be5cb98b35e5a048d03b4ccbe2b
        Validity
            Not Before: Jan  1 19:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0be1fb71464347c167e5b0306c5697117be077e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c9:73:4d:f3:6f:36:e4:ea:38:40:c4:e7:74:
                    bd:df:41:c5:b2:cb:7d:8a:4a:51:4a:c3:41:0d:04:
                    7c:4a:08:56:0e:32:e5:0b:67:5f:d3:08:ee:46:35:
                    6a:63:98:61:61:79:36:d2:02:bf:fc:ac:7a:83:ee:
                    06:df:99:1f:e4:d0:dd:ab:08:2a:58:17:0b:2d:93:
                    48:53:08:b6:a8:61:51:9b:7a:75:73:f4:cd:e5:4c:
                    24:d7:a3:6f:c1:c7:98:c9:7b:db:cf:d9:29:47:a5:
                    7f:c6:a9:a6:c3:1e:2a:97:f5:95:a6:2a:59:cb:f3:
                    88:43:74:4b:33:e1:a5:61:3a:70:6b:2b:1f:30:20:
                    a5:88:fb:68:b5:52:c2:24:20:d3:76:c8:86:32:bf:
                    11:09:ae:d6:d2:0e:15:81:94:12:a9:4c:19:e0:42:
                    fb:c7:62:ff:58:7f:bd:ef:75:e1:1b:1f:c6:3a:8b:
                    f1:71:01:d1:13:a4:68:22:4a:62:33:1c:ce:70:f3:
                    54:ce:f6:91:b1:92:fe:ac:2c:93:29:88:15:80:d3:
                    68:55:a2:5b:c7:e9:90:ca:ee:0c:55:03:1f:12:8e:
                    cc:ee:e1:b4:3e:e4:aa:24:a9:ea:e4:3d:47:c4:c5:
                    5d:87:f1:8b:a4:9d:a1:b1:00:52:d6:d8:33:86:aa:
                    04:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E1:FB:71:46:43:47:C1:67:E5:B0:30:6C:56:97:11:7B:E0:77:E1
            X509v3 Authority Key Identifier:
                keyid:36:BD:4A:38:2D:AE:2B:E5:CB:98:B3:5E:5A:04:8D:03:B4:CC:BE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nr1KOC2uK-XLmLNeWgSNA7TMvis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/C-H7cUZDR8Fn5bAwbFaXEXvgd-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e74f5f-75c5-4a75-98b9-9fecbd25d434/1/Nr1KOC2uK-XLmLNeWgSNA7TMvis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:db:b3:6f:3e:db:11:e5:99:7a:a3:01:91:88:9c:14:8b:6d:
         b8:53:1d:f2:21:27:ee:31:73:25:4f:60:1f:d0:92:37:7d:ab:
         86:fc:34:d8:a0:ad:2b:fd:d3:2a:d9:e1:3c:32:06:f1:88:2f:
         84:12:63:d9:4f:3c:d1:d9:ae:94:83:18:83:65:48:4c:60:a4:
         85:62:15:41:98:29:89:d0:da:e7:9a:4b:ba:38:b1:04:95:cd:
         bf:ef:42:d0:88:4d:0c:5b:3b:49:db:19:e2:29:cf:f7:02:89:
         8d:4d:54:cd:a5:4a:54:19:4a:24:43:64:7f:4b:19:85:c2:7b:
         f5:51:39:ee:8e:e3:6d:7d:b9:27:27:56:bb:dc:08:07:cb:fc:
         b5:7c:f9:82:07:86:5d:9b:30:97:ae:eb:b7:94:c2:64:8b:76:
         ed:84:3f:86:a5:fe:43:43:8d:b6:2c:f5:1e:c9:6d:d6:30:b1:
         18:5a:0a:bd:5b:be:5c:4e:2e:1c:14:2a:1b:70:3a:c1:50:fb:
         6f:8f:4c:2f:0d:2e:ab:6a:50:f9:9c:dd:b0:9e:09:dd:a1:fc:
         f3:78:79:6e:ec:5b:93:5f:18:18:6e:23:4d:be:4a:f5:37:81:
         18:67:c4:55:27:b9:75:8b:0f:bf:b1:dc:31:77:e1:4f:f2:1c:
         e5:f6:0e:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagkedUHCBIy1gPgVkLIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YmQ0YTM4MmRhZTJiZTVjYjk4YjM1ZTVhMDQ4ZDAzYjRj
Y2JlMmIwHhcNMjUwMTAxMTk0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmUxZmI3MTQ2NDM0N2MxNjdlNWIwMzA2YzU2OTcxMTdiZTA3N2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxclzTfNvNuTqOEDE53S930HFsst9
ikpRSsNBDQR8SghWDjLlC2df0wjuRjVqY5hhYXk20gK//Kx6g+4G35kf5NDdqwgq
WBcLLZNIUwi2qGFRm3p1c/TN5Uwk16NvwceYyXvbz9kpR6V/xqmmwx4ql/WVpipZ
y/OIQ3RLM+GlYTpwaysfMCCliPtotVLCJCDTdsiGMr8RCa7W0g4VgZQSqUwZ4EL7
x2L/WH+973XhGx/GOovxcQHRE6RoIkpiMxzOcPNUzvaRsZL+rCyTKYgVgNNoVaJb
x+mQyu4MVQMfEo7M7uG0PuSqJKnq5D1HxMVdh/GLpJ2hsQBS1tgzhqoEzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvh+3FGQ0fBZ+WwMGxWlxF74HfhMB8GA1UdIwQY
MBaAFDa9Sjgtrivly5izXloEjQO0zL4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnIxS09DMnVLLVhMbUxOZVdnU05BN1RNdmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9lNzRmNWYtNzVjNS00YTc1LTk4Yjkt
OWZlY2JkMjVkNDM0LzEvQy1IN2NVWkRSOEZuNWJBd2JGYVhFWHZnZC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9lNzRmNWYtNzVjNS00YTc1LTk4YjktOWZlY2JkMjVkNDM0
LzEvTnIxS09DMnVLLVhMbUxOZVdnU05BN1RNdmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAu27NvPtsR5Zl6owGRiJwUi224Ux3yISfuMXMlT2Af
0JI3fauG/DTYoK0r/dMq2eE8MgbxiC+EEmPZTzzR2a6UgxiDZUhMYKSFYhVBmCmJ
0Nrnmku6OLEElc2/70LQiE0MWztJ2xniKc/3AomNTVTNpUpUGUokQ2R/SxmFwnv1
UTnujuNtfbknJ1a73AgHy/y1fPmCB4ZdmzCXruu3lMJki3bthD+Gpf5DQ422LPUe
yW3WMLEYWgq9W75cTi4cFCobcDrBUPtvj0wvDS6ralD5nN2wngndofzzeHlu7FuT
XxgYbiNNvkr1N4EYZ8RVJ7l1iw+/sdwxd+FP8hzl9g7Z
-----END CERTIFICATE-----