Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/27QIFK3RME4zastoZr-Aqup92E4.roa
File:                     27QIFK3RME4zastoZr-Aqup92E4.roa (raw, json)
Hash identifier:          AP5Zl89w4EnvvkKDLE1wTCUl3HvQyebnmKUtnCiGMTg=
Subject key identifier:   DB:B4:08:14:AD:D1:30:4E:33:6A:CB:68:66:BF:80:AA:EA:7D:D8:4E
Certificate issuer:       /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial:       019633A258652FEC1BDDCEEAD3717A72664A
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/27QIFK3RME4zastoZr-Aqup92E4.roa
Signing time:             Mon 14 Apr 2025 09:29:59 +0000
ROA not before:           Mon 14 Apr 2025 09:29:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39455
IP address blocks:        185.85.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:a2:58:65:2f:ec:1b:dd:ce:ea:d3:71:7a:72:66:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
        Validity
            Not Before: Apr 14 09:29:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbb40814add1304e336acb6866bf80aaea7dd84e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b9:33:ec:0f:16:48:16:e7:89:6c:2b:e3:f0:
                    01:4f:0c:5c:40:c9:61:53:be:b5:1a:2f:d2:76:18:
                    49:6c:cd:50:29:fd:46:3e:e8:a8:a6:a8:e8:e9:4f:
                    d1:cc:c7:d7:ff:41:67:9a:44:8e:fd:f5:dc:64:77:
                    d5:d4:6f:00:b0:b4:e5:17:89:50:eb:d5:63:b3:82:
                    17:82:bf:2a:6b:0d:58:70:03:33:0a:c4:33:c9:e0:
                    cc:c3:65:dd:59:80:13:ae:c6:c0:11:1b:1e:58:c6:
                    f9:d1:ab:98:f8:1a:8a:65:31:bf:1e:fb:b2:2a:96:
                    83:57:27:c1:24:0f:98:bb:d4:58:87:64:31:e5:5d:
                    e7:74:34:0f:44:e2:8d:a4:71:5a:b2:d2:d0:9f:0d:
                    c3:7c:7d:97:e9:3a:30:6f:90:0f:62:7d:60:87:a8:
                    36:94:6a:8d:67:29:6b:36:a7:cd:ac:67:ce:d3:47:
                    1b:8e:2f:cd:9f:27:71:98:1d:25:72:ef:1a:dd:99:
                    ca:b9:d7:a3:90:30:ee:28:a4:a3:60:5d:81:82:cf:
                    e9:96:52:70:46:08:c4:31:76:47:e5:25:65:d1:9a:
                    34:41:f6:7f:6b:bf:45:28:cd:b1:02:2a:28:25:0d:
                    2d:df:06:75:44:65:6e:5e:4b:84:08:ff:f4:7f:bf:
                    17:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:B4:08:14:AD:D1:30:4E:33:6A:CB:68:66:BF:80:AA:EA:7D:D8:4E
            X509v3 Authority Key Identifier:
                keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/27QIFK3RME4zastoZr-Aqup92E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:71:ae:2f:06:dd:06:ee:76:36:0c:60:b9:ce:b4:5d:f1:b4:
         87:f2:e7:10:4e:47:95:f1:66:b3:e6:1f:11:a3:81:d0:b0:d9:
         cd:ce:37:4f:77:e3:54:0c:16:4c:9e:d5:7d:93:d1:ff:3c:96:
         c2:36:ea:c9:b5:1e:9a:39:1e:7c:8c:d1:60:60:90:a6:13:6c:
         87:9a:8b:b7:50:14:5c:88:65:ed:59:96:ff:18:65:59:14:dd:
         cb:cd:b8:b6:46:cf:df:b8:7d:69:8d:41:72:4e:08:73:f3:fe:
         c0:d7:b7:29:3b:20:bf:00:96:25:ce:32:df:2a:5b:87:5a:35:
         e3:78:6d:34:55:63:7b:72:e1:a2:6f:3d:55:ba:43:a2:69:99:
         cd:4d:a5:0d:24:6c:13:32:d5:83:7e:61:22:00:17:0d:a5:ee:
         61:f6:41:22:ba:d2:05:54:99:f8:3e:8c:9a:ab:ce:58:e2:ee:
         3e:d9:1e:fe:97:c1:39:9d:cc:a4:8a:93:58:49:b4:a3:60:6a:
         53:70:23:aa:26:e1:17:f2:e4:ba:bd:99:04:3a:15:db:ca:0e:
         6d:47:6b:7e:45:4f:94:15:94:94:94:48:09:89:81:e2:50:16:
         23:6d:e1:d7:6f:bd:bd:b6:10:1e:4c:49:49:04:b7:c3:d4:eb:
         17:8b:4c:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYzolhlL+wb3c7q03F6cmZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjUwNDE0MDkyOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmI0MDgxNGFkZDEzMDRlMzM2YWNiNjg2NmJmODBhYWVhN2RkODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrkz7A8WSBbniWwr4/ABTwxcQMlh
U761Gi/SdhhJbM1QKf1GPuiopqjo6U/RzMfX/0FnmkSO/fXcZHfV1G8AsLTlF4lQ
69Vjs4IXgr8qaw1YcAMzCsQzyeDMw2XdWYATrsbAERseWMb50auY+BqKZTG/Hvuy
KpaDVyfBJA+Yu9RYh2Qx5V3ndDQPROKNpHFastLQnw3DfH2X6Towb5APYn1gh6g2
lGqNZylrNqfNrGfO00cbji/NnydxmB0lcu8a3ZnKudejkDDuKKSjYF2Bgs/pllJw
RgjEMXZH5SVl0Zo0QfZ/a79FKM2xAiooJQ0t3wZ1RGVuXkuECP/0f78XmQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNu0CBSt0TBOM2rLaGa/gKrqfdhOMB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xLzI3UUlGSzNSTUU0emFzdG9aci1BcXVwOTJFNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5VSQw
DQYJKoZIhvcNAQELBQADggEBAJFxri8G3QbudjYMYLnOtF3xtIfy5xBOR5XxZrPm
HxGjgdCw2c3ON09341QMFkye1X2T0f88lsI26sm1Hpo5HnyM0WBgkKYTbIeai7dQ
FFyIZe1Zlv8YZVkU3cvNuLZGz9+4fWmNQXJOCHPz/sDXtyk7IL8AliXOMt8qW4da
NeN4bTRVY3ty4aJvPVW6Q6Jpmc1NpQ0kbBMy1YN+YSIAFw2l7mH2QSK60gVUmfg+
jJqrzlji7j7ZHv6XwTmdzKSKk1hJtKNgalNwI6om4Rfy5Lq9mQQ6FdvKDm1Ha35F
T5QVlJSUSAmJgeJQFiNt4ddvvb22EB5MSUkEt8PU6xeLTLY=
-----END CERTIFICATE-----