Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/fuo8dYdaswIRyEIz4oPsApWqGJc.roa
File:                     fuo8dYdaswIRyEIz4oPsApWqGJc.roa (raw, json)
Hash identifier:          TgHuzsK6LNwJZxHjJiXaEYIfR/pJeI5Px7YOwniHSmE=
Subject key identifier:   7E:EA:3C:75:87:5A:B3:02:11:C8:42:33:E2:83:EC:02:95:AA:18:97
Certificate issuer:       /CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Certificate serial:       019427B571C50EEBAB2B56917C001C6F9A58
Authority key identifier: 23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/fuo8dYdaswIRyEIz4oPsApWqGJc.roa
Signing time:             Thu 02 Jan 2025 15:49:49 +0000
ROA not before:           Thu 02 Jan 2025 15:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47232
IP address blocks:        185.151.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:71:c5:0e:eb:ab:2b:56:91:7c:00:1c:6f:9a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
        Validity
            Not Before: Jan  2 15:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7eea3c75875ab30211c84233e283ec0295aa1897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:72:14:53:10:e9:94:09:e3:46:5c:f3:16:96:
                    13:9b:dc:7b:d9:5c:40:eb:f6:cb:b9:4f:e6:68:7d:
                    83:ad:06:04:a4:ed:2e:1f:12:c9:33:a0:5f:83:27:
                    b4:c6:4a:56:6c:04:84:d0:ec:71:1c:99:0c:98:25:
                    7e:fd:07:e2:80:32:6e:18:3d:4f:3f:38:99:64:e8:
                    65:8e:88:05:3f:22:a3:eb:b3:70:4f:65:64:2f:ba:
                    f5:bf:93:aa:b8:3b:12:e9:0d:49:9d:1c:ad:d0:e3:
                    bb:52:26:fd:c8:5c:e8:a2:a3:85:bc:6f:fc:e0:65:
                    0a:eb:44:74:ba:93:4c:06:9d:73:23:d9:aa:c6:b6:
                    c4:64:90:15:62:b1:ab:09:62:e1:66:f2:6d:71:41:
                    64:15:dc:dc:b6:f2:b2:eb:54:f5:d6:07:fd:45:91:
                    eb:cf:38:87:39:71:4f:19:b1:72:f7:88:4a:76:32:
                    b8:85:2a:cc:b6:60:1e:00:6f:7b:ad:ec:91:b4:ac:
                    e5:86:c5:0a:5a:cb:f8:c3:d7:18:d2:2b:16:ac:f2:
                    a9:ab:42:6e:11:5d:aa:41:13:a8:73:09:d8:3b:bc:
                    9d:fb:35:d2:a3:a4:9e:e8:03:4d:23:35:b6:03:9a:
                    25:56:9d:fd:6d:57:20:d2:13:1b:55:70:cd:be:fb:
                    57:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:EA:3C:75:87:5A:B3:02:11:C8:42:33:E2:83:EC:02:95:AA:18:97
            X509v3 Authority Key Identifier:
                keyid:23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/fuo8dYdaswIRyEIz4oPsApWqGJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c5:8b:f9:99:21:cb:ea:39:de:18:98:65:17:50:24:1b:0a:
         3a:c7:1a:14:53:f4:71:ee:84:53:82:f2:7b:30:80:2b:cd:53:
         7d:5c:b9:39:26:03:6a:d6:c1:95:53:d3:18:d9:4e:95:9e:52:
         2d:f2:7c:90:38:82:49:4b:09:db:89:35:e2:f7:61:01:ab:33:
         8f:83:ee:9c:2c:df:1c:84:05:83:19:33:c6:05:f2:9a:b9:7f:
         d9:12:f5:69:da:ae:49:63:b7:61:dd:03:1a:61:31:be:f5:47:
         d9:6f:90:5f:ee:50:bc:d1:fe:0c:ee:b6:03:3e:b6:16:53:20:
         5e:37:d9:2c:d3:a3:9c:ef:aa:3f:b4:ee:16:5f:1c:fe:7b:99:
         e0:51:7f:ff:36:20:5c:01:39:92:f9:12:65:6e:d7:ec:a9:ec:
         51:01:0e:ea:aa:a9:3a:23:a7:ff:c4:b9:56:c0:cf:1b:69:b7:
         2e:aa:6b:f6:0b:b1:1e:6c:90:cb:24:c2:46:69:0d:42:d7:09:
         aa:ee:83:8f:c9:7a:12:c8:28:bd:78:ff:60:f1:9a:ae:50:91:
         ce:da:47:2f:43:2d:3a:c0:8e:9b:c9:f9:2a:78:4f:bb:8a:f1:
         e0:0f:45:09:b8:63:a4:3d:71:4f:6f:6a:fb:f1:45:2b:b7:4c:
         29:b1:5f:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXHFDuurK1aRfAAcb5pYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjU5ZGEzYjFiMzhjYTA5MzlmNDkwZmI5MDQzZmNkODlj
ZmQwNjIwHhcNMjUwMTAyMTU0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWVhM2M3NTg3NWFiMzAyMTFjODQyMzNlMjgzZWMwMjk1YWExODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3IUUxDplAnjRlzzFpYTm9x72VxA
6/bLuU/maH2DrQYEpO0uHxLJM6Bfgye0xkpWbASE0OxxHJkMmCV+/QfigDJuGD1P
PziZZOhljogFPyKj67NwT2VkL7r1v5OquDsS6Q1JnRyt0OO7Uib9yFzooqOFvG/8
4GUK60R0upNMBp1zI9mqxrbEZJAVYrGrCWLhZvJtcUFkFdzctvKy61T11gf9RZHr
zziHOXFPGbFy94hKdjK4hSrMtmAeAG97reyRtKzlhsUKWsv4w9cY0isWrPKpq0Ju
EV2qQROocwnYO7yd+zXSo6Se6ANNIzW2A5olVp39bVcg0hMbVXDNvvtX9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7qPHWHWrMCEchCM+KD7AKVqhiXMB8GA1UdIwQY
MBaAFCMlnaOxs4ygk59JD7kEP82Jz9BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUt
NjU0ZGQ2NDQyY2U0LzEvZnVvOGRZZGFzd0lSeUVJejRvUHNBcFdxR0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUtNjU0ZGQ2NDQyY2U0
LzEvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZerMA0G
CSqGSIb3DQEBCwUAA4IBAQAbxYv5mSHL6jneGJhlF1AkGwo6xxoUU/Rx7oRTgvJ7
MIArzVN9XLk5JgNq1sGVU9MY2U6VnlIt8nyQOIJJSwnbiTXi92EBqzOPg+6cLN8c
hAWDGTPGBfKauX/ZEvVp2q5JY7dh3QMaYTG+9UfZb5Bf7lC80f4M7rYDPrYWUyBe
N9ks06Oc76o/tO4WXxz+e5ngUX//NiBcATmS+RJlbtfsqexRAQ7qqqk6I6f/xLlW
wM8babcuqmv2C7EebJDLJMJGaQ1C1wmq7oOPyXoSyCi9eP9g8ZquUJHO2kcvQy06
wI6byfkqeE+7ivHgD0UJuGOkPXFPb2r78UUrt0wpsV/F
-----END CERTIFICATE-----