Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/tDQppW28D00yJpPN76o5br9V4uc.roa
File:                     tDQppW28D00yJpPN76o5br9V4uc.roa (raw, json)
Hash identifier:          QeZm1TlTQEFmZaDRdvYJJMWOrlvPWUXQvrMdVOrCdWc=
Subject key identifier:   B4:34:29:A5:6D:BC:0F:4D:32:26:93:CD:EF:AA:39:6E:BF:55:E2:E7
Certificate issuer:       /CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
Certificate serial:       019427B58388EB7667DAEE86A3D28A3F9198
Authority key identifier: F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/tDQppW28D00yJpPN76o5br9V4uc.roa
Signing time:             Thu 02 Jan 2025 15:49:54 +0000
ROA not before:           Thu 02 Jan 2025 15:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17804
IP address blocks:        185.109.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:83:88:eb:76:67:da:ee:86:a3:d2:8a:3f:91:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
        Validity
            Not Before: Jan  2 15:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b43429a56dbc0f4d322693cdefaa396ebf55e2e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cb:bb:e6:d6:80:16:56:9a:d3:75:fa:84:37:
                    e8:62:57:19:86:b8:98:70:40:85:73:12:a8:32:96:
                    8e:ed:22:2f:90:f5:c0:f8:dd:a8:c4:15:5c:7a:8c:
                    be:57:c2:90:43:ae:19:3f:a3:8a:14:57:86:ee:f5:
                    e6:6a:cc:2d:0a:91:6e:d6:99:82:c5:9c:02:94:95:
                    44:a5:a5:45:bc:2f:24:26:61:3e:11:7c:d1:a4:63:
                    6e:a3:e3:84:73:69:26:61:f0:45:90:76:cd:44:15:
                    06:c4:29:ed:8a:12:2a:b1:e6:69:0e:81:43:e2:73:
                    3f:e2:1d:35:42:a8:9d:f8:ed:3e:ea:23:b3:cd:05:
                    0a:66:89:05:73:b7:8e:de:db:53:00:95:f0:b9:2d:
                    49:cf:45:0a:a9:7d:e5:5c:79:bb:5e:f4:29:a3:9e:
                    45:43:ea:7b:e5:69:46:42:56:a4:c6:c9:23:3c:4c:
                    ca:74:62:9b:37:f9:2b:06:53:69:04:19:d2:8d:4b:
                    3c:91:39:74:60:80:81:41:d4:ae:4e:d1:13:86:78:
                    46:87:97:1b:0a:86:92:1d:27:3b:93:19:8b:25:4f:
                    2f:8a:0b:24:15:24:a6:a0:fa:c9:8c:cd:35:9b:6f:
                    d8:f8:6e:d2:6c:9f:70:a9:b8:c7:ad:d2:55:bd:ec:
                    dc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:34:29:A5:6D:BC:0F:4D:32:26:93:CD:EF:AA:39:6E:BF:55:E2:E7
            X509v3 Authority Key Identifier:
                keyid:F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/tDQppW28D00yJpPN76o5br9V4uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:32:95:f8:08:e7:79:25:c0:11:1e:d1:75:f7:c1:58:c4:49:
         cf:69:04:43:e3:71:4a:99:40:43:56:50:30:b3:0a:8e:f4:8d:
         28:c7:04:59:2e:23:2e:53:ac:26:45:70:af:19:da:b4:46:3e:
         aa:70:84:c8:24:0d:51:ce:2d:15:79:fe:4a:05:1e:c0:8f:81:
         c6:a5:d6:5d:25:a5:cc:42:e1:21:95:5d:d2:96:e1:e1:d2:f7:
         78:66:6e:fa:d7:40:ed:09:a9:2a:9b:fe:4a:fd:7b:e1:e4:33:
         c8:ed:60:62:fc:49:6d:9f:a4:56:99:2b:e8:99:70:0e:f5:83:
         5e:2c:e8:2a:5b:53:ef:24:32:89:14:70:bf:40:2b:87:c5:3b:
         6e:ba:26:44:95:ba:6a:42:e6:c1:d9:27:a9:f0:28:bb:03:01:
         09:9a:a6:96:1c:fd:ab:c2:4a:9c:21:fd:e2:94:4e:e6:b7:59:
         24:b6:9b:ad:5a:e7:8a:3b:cb:0c:6c:89:ec:88:2e:0f:18:78:
         d5:0e:17:f9:e9:ca:12:72:f9:9d:3a:e2:ba:da:6a:87:13:9c:
         6f:0a:30:d9:18:ef:86:af:25:d6:a3:59:93:71:61:64:56:43:
         13:51:f0:40:11:3c:9d:82:ff:d7:61:f7:8e:92:8a:03:43:b7:
         ca:88:cc:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYOI63Zn2u6Go9KKP5GYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDg0NmYyMWM1NmE4NTEzZDMxYzE1NWRkMTk5MTk3YTNm
ZmM3YzAwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDM0MjlhNTZkYmMwZjRkMzIyNjkzY2RlZmFhMzk2ZWJmNTVlMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3su75taAFlaa03X6hDfoYlcZhriY
cECFcxKoMpaO7SIvkPXA+N2oxBVceoy+V8KQQ64ZP6OKFFeG7vXmaswtCpFu1pmC
xZwClJVEpaVFvC8kJmE+EXzRpGNuo+OEc2kmYfBFkHbNRBUGxCntihIqseZpDoFD
4nM/4h01Qqid+O0+6iOzzQUKZokFc7eO3ttTAJXwuS1Jz0UKqX3lXHm7XvQpo55F
Q+p75WlGQlakxskjPEzKdGKbN/krBlNpBBnSjUs8kTl0YICBQdSuTtEThnhGh5cb
CoaSHSc7kxmLJU8vigskFSSmoPrJjM01m2/Y+G7SbJ9wqbjHrdJVvezcGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ0KaVtvA9NMiaTze+qOW6/VeLnMB8GA1UdIwQY
MBaAFPYIRvIcVqhRPTHBVd0ZkZej/8fAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYt
YTZkNDVlZjdkMjI3LzEvdERRcHBXMjhEMDB5SnBQTjc2bzVicjlWNHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYtYTZkNDVlZjdkMjI3
LzEvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW1XMA0G
CSqGSIb3DQEBCwUAA4IBAQB3MpX4COd5JcARHtF198FYxEnPaQRD43FKmUBDVlAw
swqO9I0oxwRZLiMuU6wmRXCvGdq0Rj6qcITIJA1Rzi0Vef5KBR7Aj4HGpdZdJaXM
QuEhlV3SluHh0vd4Zm7610DtCakqm/5K/Xvh5DPI7WBi/Eltn6RWmSvomXAO9YNe
LOgqW1PvJDKJFHC/QCuHxTtuuiZElbpqQubB2Sep8Ci7AwEJmqaWHP2rwkqcIf3i
lE7mt1kktputWueKO8sMbInsiC4PGHjVDhf56coScvmdOuK62mqHE5xvCjDZGO+G
ryXWo1mTcWFkVkMTUfBAETydgv/XYfeOkooDQ7fKiMxe
-----END CERTIFICATE-----