Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/C8rZpiwRRKp7HiBYnxrXRCtzNP4.roa
File:                     C8rZpiwRRKp7HiBYnxrXRCtzNP4.roa (raw, json)
Hash identifier:          /a2qXNrKqG5G3jKSkvjhWWJd/4eBrgaawytg7M/VZPQ=
Subject key identifier:   0B:CA:D9:A6:2C:11:44:AA:7B:1E:20:58:9F:1A:D7:44:2B:73:34:FE
Certificate issuer:       /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial:       0194F5386A18770FE9A011E174ED5C2A5FD6
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/C8rZpiwRRKp7HiBYnxrXRCtzNP4.roa
Signing time:             Tue 11 Feb 2025 13:35:02 +0000
ROA not before:           Tue 11 Feb 2025 13:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209272
IP address blocks:        185.55.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:38:6a:18:77:0f:e9:a0:11:e1:74:ed:5c:2a:5f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
        Validity
            Not Before: Feb 11 13:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bcad9a62c1144aa7b1e20589f1ad7442b7334fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2a:d7:42:2f:a9:a3:88:12:45:6e:cb:73:5e:
                    10:af:c3:1b:8e:2d:b5:58:53:50:2a:a9:fe:ee:f4:
                    8e:ad:3d:3c:65:ea:36:17:24:e8:91:52:28:83:a3:
                    c5:6b:39:fa:a8:68:8d:a9:a0:cc:cf:55:f6:6c:da:
                    1b:e7:e7:ba:3f:d0:d7:f7:d2:e6:21:72:1a:c1:f9:
                    a0:11:b5:cc:24:56:2b:1b:77:43:90:22:5f:31:fe:
                    88:e9:83:6f:2d:0d:2e:6c:d2:b9:17:d3:62:a9:d5:
                    8e:f9:14:19:4b:1f:d8:1a:1a:68:fb:74:c8:00:65:
                    09:fc:5e:3c:b3:89:59:2c:38:bb:b3:c6:36:fe:72:
                    ee:01:dd:f1:69:89:f6:f4:74:fc:1a:6d:14:bb:6f:
                    09:dd:c5:68:e8:39:19:43:26:af:65:28:ab:67:d0:
                    e4:ff:8f:54:d9:83:79:83:73:28:68:53:2c:1b:14:
                    22:70:80:41:b6:9c:0e:7c:4a:d8:88:3c:25:13:be:
                    31:00:d7:c3:24:c3:cd:90:b8:ec:ea:59:72:67:5e:
                    99:64:7b:1c:82:15:f6:3a:ed:57:77:4c:e0:da:13:
                    92:3c:d2:eb:bd:f7:c0:25:ea:21:1a:0c:b3:be:80:
                    41:89:5d:ec:f6:3d:0f:86:78:c1:f0:f6:38:30:47:
                    61:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CA:D9:A6:2C:11:44:AA:7B:1E:20:58:9F:1A:D7:44:2B:73:34:FE
            X509v3 Authority Key Identifier:
                keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/C8rZpiwRRKp7HiBYnxrXRCtzNP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:96:c0:4f:33:22:3d:e7:f7:3a:4e:ac:0d:be:d3:c7:73:74:
         1d:d2:16:87:97:29:1a:76:80:b3:8b:76:d5:c8:08:7a:9b:ab:
         28:dd:cd:4a:c2:e9:79:07:ff:c1:18:66:f0:62:e0:21:da:a2:
         ca:7b:ff:e9:17:ba:98:42:ee:05:bd:18:2d:6f:94:5f:bb:66:
         71:14:1e:d8:32:dc:41:94:26:c0:98:42:b4:30:4d:c8:e3:e9:
         23:83:15:08:e2:ed:d9:6e:a3:b8:27:3c:72:46:9a:60:5c:a1:
         58:da:a9:1b:eb:a6:8e:1e:c0:ad:89:46:f5:88:59:cc:23:e5:
         d3:e1:9f:9b:70:6a:08:de:f9:c7:2b:88:a1:09:29:a6:e7:72:
         ba:78:d8:b5:ff:06:44:3c:67:e6:7a:83:0d:ab:bb:4e:68:14:
         d2:db:94:39:31:1e:5f:37:8b:9f:95:f0:17:46:c5:47:29:7f:
         7c:dd:3d:b7:35:b0:f9:ee:77:ee:68:61:ca:05:7e:c6:1a:d5:
         28:66:b9:44:08:a5:df:c2:1d:0d:e3:cf:54:92:84:88:06:75:
         da:54:a0:be:fc:20:1c:4d:80:fd:fa:18:a5:77:78:9d:04:a5:
         0b:4b:91:8e:54:74:89:77:3a:73:c7:c8:a8:ff:a7:45:33:e3:
         d2:14:70:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1OGoYdw/poBHhdO1cKl/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjUwMjExMTMzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmNhZDlhNjJjMTE0NGFhN2IxZTIwNTg5ZjFhZDc0NDJiNzMzNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyrXQi+po4gSRW7Lc14Qr8Mbji21
WFNQKqn+7vSOrT08Zeo2FyTokVIog6PFazn6qGiNqaDMz1X2bNob5+e6P9DX99Lm
IXIawfmgEbXMJFYrG3dDkCJfMf6I6YNvLQ0ubNK5F9NiqdWO+RQZSx/YGhpo+3TI
AGUJ/F48s4lZLDi7s8Y2/nLuAd3xaYn29HT8Gm0Uu28J3cVo6DkZQyavZSirZ9Dk
/49U2YN5g3MoaFMsGxQicIBBtpwOfErYiDwlE74xANfDJMPNkLjs6llyZ16ZZHsc
ghX2Ou1Xd0zg2hOSPNLrvffAJeohGgyzvoBBiV3s9j0PhnjB8PY4MEdhPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvK2aYsEUSqex4gWJ8a10QrczT+MB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvQzhyWnBpd1JSS3A3SGlCWW54clhSQ3R6TlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTfyMA0G
CSqGSIb3DQEBCwUAA4IBAQBilsBPMyI95/c6TqwNvtPHc3Qd0haHlykadoCzi3bV
yAh6m6so3c1Kwul5B//BGGbwYuAh2qLKe//pF7qYQu4FvRgtb5Rfu2ZxFB7YMtxB
lCbAmEK0ME3I4+kjgxUI4u3ZbqO4JzxyRppgXKFY2qkb66aOHsCtiUb1iFnMI+XT
4Z+bcGoI3vnHK4ihCSmm53K6eNi1/wZEPGfmeoMNq7tOaBTS25Q5MR5fN4uflfAX
RsVHKX983T23NbD57nfuaGHKBX7GGtUoZrlECKXfwh0N489UkoSIBnXaVKC+/CAc
TYD9+hild3idBKULS5GOVHSJdzpzx8io/6dFM+PSFHCM
-----END CERTIFICATE-----