Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/doL4Cn2ma0kPf9AhJrRKrVG3Az0.roa
File:                     doL4Cn2ma0kPf9AhJrRKrVG3Az0.roa (raw, json)
Hash identifier:          SUzYz5u/F8jt5TpzuvWgvwZ7xHoIJE9Sk3avrITgKS8=
Subject key identifier:   76:82:F8:0A:7D:A6:6B:49:0F:7F:D0:21:26:B4:4A:AD:51:B7:03:3D
Certificate issuer:       /CN=fe1eeadf5e7f5420f674a8eb87bb4b1377cdbd64
Certificate serial:       01941FFA5AF24E583AF644344FD7027E514C
Authority key identifier: FE:1E:EA:DF:5E:7F:54:20:F6:74:A8:EB:87:BB:4B:13:77:CD:BD:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_h7q315_VCD2dKjrh7tLE3fNvWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/doL4Cn2ma0kPf9AhJrRKrVG3Az0.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48955
IP address blocks:        185.140.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/_h7q315_VCD2dKjrh7tLE3fNvWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/_h7q315_VCD2dKjrh7tLE3fNvWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_h7q315_VCD2dKjrh7tLE3fNvWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5a:f2:4e:58:3a:f6:44:34:4f:d7:02:7e:51:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe1eeadf5e7f5420f674a8eb87bb4b1377cdbd64
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7682f80a7da66b490f7fd02126b44aad51b7033d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ab:a1:ad:78:8a:7e:17:24:9b:73:fa:0f:50:
                    88:bc:1d:8b:49:77:42:ec:06:c2:0b:7f:87:1d:03:
                    47:db:74:06:8b:6e:4a:99:2a:d6:83:4b:bd:96:f6:
                    42:9e:a8:6d:98:98:28:5b:8a:d0:65:82:98:9d:4f:
                    b3:5c:6d:1f:df:d0:35:1a:29:82:ff:e2:1c:46:9d:
                    97:15:59:00:4b:e1:94:d5:f5:96:ec:aa:ff:c2:d1:
                    ae:14:ac:0a:83:fc:c4:c6:40:62:86:08:83:8f:00:
                    76:78:7b:c9:15:1b:fc:ad:83:68:b2:eb:ed:aa:a9:
                    76:24:eb:34:35:9c:72:4c:ae:72:fc:09:19:3e:0f:
                    87:6a:a5:73:59:49:0d:e7:1a:7d:9a:03:4d:54:75:
                    92:f3:f0:8a:d4:c6:98:f3:fc:63:da:bd:22:a6:b8:
                    30:0e:97:3a:e4:1f:1e:4d:71:68:64:03:7e:ca:ef:
                    b8:53:47:24:fe:52:52:7c:73:38:51:3f:5d:7c:07:
                    42:10:5b:89:94:06:4e:52:99:73:4d:25:6b:51:2f:
                    d1:55:98:66:99:6f:6d:49:47:88:6d:88:e6:1f:74:
                    59:45:fc:42:02:4f:b6:63:37:88:65:18:23:ce:ff:
                    62:c2:95:bc:34:af:b3:b6:a1:d7:ef:6c:e5:94:e0:
                    4b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:82:F8:0A:7D:A6:6B:49:0F:7F:D0:21:26:B4:4A:AD:51:B7:03:3D
            X509v3 Authority Key Identifier:
                keyid:FE:1E:EA:DF:5E:7F:54:20:F6:74:A8:EB:87:BB:4B:13:77:CD:BD:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_h7q315_VCD2dKjrh7tLE3fNvWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/doL4Cn2ma0kPf9AhJrRKrVG3Az0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/79bdd0-c3c9-4c42-b9c5-3507dffa1ef2/1/_h7q315_VCD2dKjrh7tLE3fNvWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:9a:ed:84:5b:b8:0c:65:a4:f6:ee:14:21:d3:9a:31:98:0e:
         92:9b:43:9a:39:2f:ae:27:34:c1:ba:51:0e:12:73:39:66:ee:
         8d:e4:fb:11:a4:37:04:1c:e1:26:16:cd:a5:c2:53:30:87:80:
         a9:26:21:cb:0d:fb:0f:2f:56:26:4f:2b:0e:d6:2c:fb:3c:44:
         64:69:4d:68:0f:14:d5:47:b5:89:e6:07:0f:79:03:3d:e3:cc:
         0b:c3:f7:0e:d0:06:c1:86:45:62:d7:61:c5:7b:c5:29:a1:88:
         9b:13:88:ea:b5:71:fb:f1:1a:c9:4c:53:46:dd:a9:1b:b5:a2:
         d3:2f:8a:66:37:e3:0d:26:de:32:29:58:3c:d3:fe:21:57:fb:
         06:df:d0:90:27:7c:43:dd:bb:a1:67:d3:a6:60:9a:40:03:15:
         08:f7:1a:43:e3:23:3d:21:26:32:0a:d4:2a:9f:cb:66:c4:c2:
         77:63:b1:c8:63:38:fa:fa:bd:8f:e1:0a:ec:2d:a3:ff:54:20:
         f2:31:cf:53:99:79:32:54:ca:b9:f4:79:15:88:51:4a:4d:4e:
         05:80:22:5d:13:3e:19:52:5a:e5:bb:c9:b7:6e:01:77:4f:26:
         58:8e:1d:1d:d0:d2:27:8a:9e:66:3a:0d:23:23:69:5f:a9:8d:
         ed:39:c2:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lryTlg69kQ0T9cCflFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMWVlYWRmNWU3ZjU0MjBmNjc0YThlYjg3YmI0YjEzNzdj
ZGJkNjQwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgyZjgwYTdkYTY2YjQ5MGY3ZmQwMjEyNmI0NGFhZDUxYjcwMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsquhrXiKfhckm3P6D1CIvB2LSXdC
7AbCC3+HHQNH23QGi25KmSrWg0u9lvZCnqhtmJgoW4rQZYKYnU+zXG0f39A1GimC
/+IcRp2XFVkAS+GU1fWW7Kr/wtGuFKwKg/zExkBihgiDjwB2eHvJFRv8rYNosuvt
qql2JOs0NZxyTK5y/AkZPg+HaqVzWUkN5xp9mgNNVHWS8/CK1MaY8/xj2r0iprgw
Dpc65B8eTXFoZAN+yu+4U0ck/lJSfHM4UT9dfAdCEFuJlAZOUplzTSVrUS/RVZhm
mW9tSUeIbYjmH3RZRfxCAk+2YzeIZRgjzv9iwpW8NK+ztqHX72zllOBLYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaC+Ap9pmtJD3/QISa0Sq1RtwM9MB8GA1UdIwQY
MBaAFP4e6t9ef1Qg9nSo64e7SxN3zb1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2g3cTMxNV9WQ0QyZEtqcmg3dExFM2ZOdldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83OWJkZDAtYzNjOS00YzQyLWI5YzUt
MzUwN2RmZmExZWYyLzEvZG9MNENuMm1hMGtQZjlBaEpyUktyVkczQXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83OWJkZDAtYzNjOS00YzQyLWI5YzUtMzUwN2RmZmExZWYy
LzEvX2g3cTMxNV9WQ0QyZEtqcmg3dExFM2ZOdldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYz7MA0G
CSqGSIb3DQEBCwUAA4IBAQBGmu2EW7gMZaT27hQh05oxmA6Sm0OaOS+uJzTBulEO
EnM5Zu6N5PsRpDcEHOEmFs2lwlMwh4CpJiHLDfsPL1YmTysO1iz7PERkaU1oDxTV
R7WJ5gcPeQM948wLw/cO0AbBhkVi12HFe8UpoYibE4jqtXH78RrJTFNG3akbtaLT
L4pmN+MNJt4yKVg80/4hV/sG39CQJ3xD3buhZ9OmYJpAAxUI9xpD4yM9ISYyCtQq
n8tmxMJ3Y7HIYzj6+r2P4QrsLaP/VCDyMc9TmXkyVMq59HkViFFKTU4FgCJdEz4Z
Ulrlu8m3bgF3TyZYjh0d0NInip5mOg0jI2lfqY3tOcJ3
-----END CERTIFICATE-----