Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ckan5dvz7J1ZSK30Drxlo4PWhMs.roa
File:                     ckan5dvz7J1ZSK30Drxlo4PWhMs.roa (raw, json)
Hash identifier:          F1BRb89WpgPtx0JUztwDXeDnh4+IrOFx75odNR04usQ=
Subject key identifier:   72:46:A7:E5:DB:F3:EC:9D:59:48:AD:F4:0E:BC:65:A3:83:D6:84:CB
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019427485F22C72A1BE421FDBA992BEEF8B7
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ckan5dvz7J1ZSK30Drxlo4PWhMs.roa
Signing time:             Thu 02 Jan 2025 13:50:41 +0000
ROA not before:           Thu 02 Jan 2025 13:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59799
IP address blocks:        185.71.24.0/22 maxlen: 24
                          2a01:b280::/36 maxlen: 36
                          2a0a:fd80:5000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5f:22:c7:2a:1b:e4:21:fd:ba:99:2b:ee:f8:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 13:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7246a7e5dbf3ec9d5948adf40ebc65a383d684cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b6:c4:e4:ec:d5:34:40:e3:5d:63:a1:c4:95:
                    52:87:2d:db:8a:1c:46:70:63:f8:0a:3a:a4:c2:e8:
                    51:14:4b:29:84:ee:db:4c:6a:c3:33:73:ca:6f:c3:
                    fa:e2:f0:97:b2:87:29:19:47:4c:c6:2d:b4:4b:aa:
                    0f:95:3a:4c:65:50:d4:ec:4a:b3:d5:ec:f7:17:8c:
                    9c:c5:cf:a8:39:ce:52:a0:af:ba:fb:4a:c5:d2:03:
                    10:53:e1:72:d6:8e:59:56:67:22:3b:a6:c0:73:d4:
                    de:40:f3:71:6b:cb:df:ce:ac:27:48:a4:3a:95:ad:
                    d9:98:42:17:46:eb:48:21:27:1a:e9:51:fe:0a:43:
                    db:d4:e5:1e:6f:4b:42:92:09:b7:3a:fd:6e:bb:c2:
                    33:20:54:61:73:98:2a:bb:8d:d2:a5:86:29:11:d0:
                    72:11:9a:97:7d:07:f8:0c:3f:dd:34:7a:05:38:f8:
                    70:fe:4f:81:42:d6:e3:d3:fe:68:ed:c7:d2:a9:1d:
                    4b:cb:82:6f:6b:8a:aa:9d:81:5a:2e:d4:9e:ca:5d:
                    fa:60:8b:a8:c2:0e:11:34:61:f7:01:1f:f3:6d:4d:
                    39:21:f7:f4:0a:2a:ea:02:86:9f:42:4b:9e:8d:30:
                    b9:d5:a9:e8:8c:8c:30:3a:97:b2:7d:28:d7:0b:be:
                    4a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:46:A7:E5:DB:F3:EC:9D:59:48:AD:F4:0E:BC:65:A3:83:D6:84:CB
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ckan5dvz7J1ZSK30Drxlo4PWhMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.24.0/22
                IPv6:
                  2a01:b280::/36
                  2a0a:fd80:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3a:54:28:bc:0b:91:5c:8e:f7:48:9e:9e:29:b6:5c:08:a9:c5:
         88:d8:fb:3f:ca:a8:b3:04:fe:fb:1a:b9:bc:11:fe:1c:82:4c:
         6c:dd:4f:de:fc:a5:21:14:f2:2d:cf:a7:5c:aa:e5:3d:ae:71:
         d0:ff:c9:04:61:0c:81:75:93:2a:18:35:f6:2f:19:95:bd:05:
         2a:00:d1:35:34:7c:f2:b1:59:6c:9e:a6:d3:48:c9:be:d0:27:
         c7:bc:16:73:ae:e7:88:5c:50:f0:30:52:33:04:97:93:f6:31:
         f1:70:8a:df:b0:e4:4f:61:76:a1:9a:93:2f:d4:c2:29:08:66:
         eb:3f:b7:fe:ec:5d:b6:89:29:1b:b0:33:8a:cb:eb:25:49:d2:
         52:64:e2:f8:38:30:46:51:1b:c8:2c:e8:e5:3e:1a:0b:51:ec:
         eb:af:a8:54:5d:73:51:2b:ef:3e:24:65:86:ef:92:07:6b:e3:
         39:de:ca:be:11:da:f6:d5:c8:19:2e:d5:8f:57:04:33:ce:b4:
         49:c6:f9:e1:66:96:fc:47:5a:98:8b:7a:04:a5:28:ae:b8:1c:
         3b:8e:b7:b8:09:a5:f5:dc:5c:d9:76:cd:19:26:dd:6d:b6:ab:
         b2:3e:00:0a:3c:ac:b4:02:e5:4f:30:37:46:f0:7a:50:42:fe:
         6e:a6:b7:6f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQnSF8ixyob5CH9upkr7vi3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjUwMTAyMTM1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQ2YTdlNWRiZjNlYzlkNTk0OGFkZjQwZWJjNjVhMzgzZDY4NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rbE5OzVNEDjXWOhxJVShy3bihxG
cGP4CjqkwuhRFEsphO7bTGrDM3PKb8P64vCXsocpGUdMxi20S6oPlTpMZVDU7Eqz
1ez3F4ycxc+oOc5SoK+6+0rF0gMQU+Fy1o5ZVmciO6bAc9TeQPNxa8vfzqwnSKQ6
la3ZmEIXRutIISca6VH+CkPb1OUeb0tCkgm3Ov1uu8IzIFRhc5gqu43SpYYpEdBy
EZqXfQf4DD/dNHoFOPhw/k+BQtbj0/5o7cfSqR1Ly4Jva4qqnYFaLtSeyl36YIuo
wg4RNGH3AR/zbU05Iff0CirqAoafQkuejTC51anojIwwOpeyfSjXC75K8wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHJGp+Xb8+ydWUit9A68ZaOD1oTLMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvY2thbjVkdno3SjFaU0szMERyeGxvNFBXaE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuUcYMBYE
AgACMBADBgQqAbKAAAMGBCoK/YBQMA0GCSqGSIb3DQEBCwUAA4IBAQA6VCi8C5Fc
jvdInp4ptlwIqcWI2Ps/yqizBP77Grm8Ef4cgkxs3U/e/KUhFPItz6dcquU9rnHQ
/8kEYQyBdZMqGDX2LxmVvQUqANE1NHzysVlsnqbTSMm+0CfHvBZzrueIXFDwMFIz
BJeT9jHxcIrfsORPYXahmpMv1MIpCGbrP7f+7F22iSkbsDOKy+slSdJSZOL4ODBG
URvILOjlPhoLUezrr6hUXXNRK+8+JGWG75IHa+M53sq+Edr21cgZLtWPVwQzzrRJ
xvnhZpb8R1qYi3oEpSiuuBw7jre4CaX13FzZds0ZJt1ttquyPgAKPKy0AuVPMDdG
8HpQQv5uprdv
-----END CERTIFICATE-----