Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/F98rZRsLL_WSYn3n29uuLg-FPR0.roa
File:                     F98rZRsLL_WSYn3n29uuLg-FPR0.roa (raw, json)
Hash identifier:          73uq7x903k93laF4iGlteDX6rFg0Y3etQUcDdi1l7lg=
Subject key identifier:   17:DF:2B:65:1B:0B:2F:F5:92:62:7D:E7:DB:DB:AE:2E:0F:85:3D:1D
Certificate issuer:       /CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
Certificate serial:       0194266ACCDC4A44F653CE8793CEA7C82E91
Authority key identifier: 70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/F98rZRsLL_WSYn3n29uuLg-FPR0.roa
Signing time:             Thu 02 Jan 2025 09:48:41 +0000
ROA not before:           Thu 02 Jan 2025 09:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56902
IP address blocks:        185.87.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:cc:dc:4a:44:f6:53:ce:87:93:ce:a7:c8:2e:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
        Validity
            Not Before: Jan  2 09:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17df2b651b0b2ff592627de7dbdbae2e0f853d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1a:38:e5:a2:20:33:73:f9:bb:60:c9:fb:a8:
                    7f:11:26:39:ab:91:fd:fe:48:b6:53:73:57:67:a6:
                    d2:6b:4f:1e:6d:e6:8f:da:13:f3:68:5c:fa:b9:0b:
                    0e:d2:df:53:53:e2:95:fc:07:3c:c5:1a:5f:67:9e:
                    13:67:4e:f9:e6:cb:9b:2a:01:82:e4:22:df:45:e4:
                    8c:48:5a:85:7a:2b:79:8e:cf:5b:4c:28:1b:36:56:
                    09:3c:b7:cd:cc:b0:cd:54:fc:f5:65:a0:b7:57:8a:
                    65:d7:9c:b9:c9:b5:e5:73:b6:c9:e9:75:ce:0c:45:
                    be:10:fc:b5:6b:7f:39:54:2f:b5:93:e7:da:8a:3a:
                    80:3a:84:53:89:84:e3:db:91:7f:cd:51:48:69:e4:
                    35:f5:ad:1c:15:2f:93:a8:1e:88:f0:4b:ad:9b:78:
                    c6:0d:d3:c0:72:7b:ea:28:64:90:6d:bc:b2:cd:3c:
                    66:08:80:90:2f:00:5f:a1:67:17:08:08:60:6d:80:
                    81:a5:05:17:a5:01:a3:88:71:d5:3f:b8:66:08:2b:
                    76:f3:a4:ea:3e:32:0b:d8:97:22:6c:8c:fa:e6:c7:
                    d3:03:57:fa:33:b6:3a:d4:8a:21:71:35:51:85:c2:
                    77:bf:82:a2:af:5f:b1:5b:2c:83:9d:a2:4d:d8:5b:
                    85:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DF:2B:65:1B:0B:2F:F5:92:62:7D:E7:DB:DB:AE:2E:0F:85:3D:1D
            X509v3 Authority Key Identifier:
                keyid:70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/F98rZRsLL_WSYn3n29uuLg-FPR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:2a:b2:69:bd:23:0a:fc:ae:2f:cd:17:1b:7d:33:17:b5:dd:
         5b:f3:da:c4:fe:48:77:8f:52:f9:43:4a:bd:64:e4:09:24:4a:
         6e:21:67:0e:a1:92:55:64:68:d9:82:9f:5d:44:a1:44:ec:6b:
         df:0c:3c:41:43:f8:d4:b1:41:d4:fb:f2:a8:c2:d4:ad:58:e3:
         26:00:44:83:1e:4b:cb:30:88:62:42:2d:25:c9:8e:93:95:78:
         c3:6b:ca:a9:64:88:d2:bd:55:e4:60:b8:f4:c7:37:cf:86:e5:
         1f:40:b1:db:fa:0a:b4:20:6e:08:49:7b:a9:4b:d5:71:f4:35:
         cf:eb:f2:02:6b:74:bc:29:87:58:05:36:ac:53:70:79:bb:b2:
         80:a8:26:a9:3b:90:7d:59:05:dc:7c:68:c0:0a:e5:c1:d7:9a:
         19:85:46:3e:65:85:95:5e:36:9a:49:da:d8:91:fd:08:1d:65:
         f5:e4:49:08:11:fd:6c:e1:51:8e:e7:b6:69:8e:8f:02:56:b8:
         0b:f2:1c:e2:9a:cb:ab:fd:c9:cb:48:b7:56:a2:26:96:a5:30:
         5a:0a:86:ae:60:17:c4:fc:69:73:c3:aa:3b:7b:2d:c7:0c:07:
         87:31:47:16:ee:95:bf:da:b0:7d:e3:ce:32:dd:3d:ca:c4:82:
         18:02:3b:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaszcSkT2U86Hk86nyC6RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmI3ZmVhOGFkMzUxMTFjYTY4N2E5Y2QwMGE0OWY5YTRm
MDQ1OWIwHhcNMjUwMTAyMDk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RmMmI2NTFiMGIyZmY1OTI2MjdkZTdkYmRiYWUyZTBmODUzZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoho45aIgM3P5u2DJ+6h/ESY5q5H9
/ki2U3NXZ6bSa08ebeaP2hPzaFz6uQsO0t9TU+KV/Ac8xRpfZ54TZ0755subKgGC
5CLfReSMSFqFeit5js9bTCgbNlYJPLfNzLDNVPz1ZaC3V4pl15y5ybXlc7bJ6XXO
DEW+EPy1a385VC+1k+faijqAOoRTiYTj25F/zVFIaeQ19a0cFS+TqB6I8Eutm3jG
DdPAcnvqKGSQbbyyzTxmCICQLwBfoWcXCAhgbYCBpQUXpQGjiHHVP7hmCCt286Tq
PjIL2JcibIz65sfTA1f6M7Y61IohcTVRhcJ3v4Kir1+xWyyDnaJN2FuFRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBffK2UbCy/1kmJ959vbri4PhT0dMB8GA1UdIwQY
MBaAFHBrf+qK01ERymh6nNAKSfmk8EWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4Mjct
MjYwYzM3N2EzMTRhLzEvRjk4clpSc0xMX1dTWW4zbjI5dXVMZy1GUFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4MjctMjYwYzM3N2EzMTRh
LzEvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVerMA0G
CSqGSIb3DQEBCwUAA4IBAQAsKrJpvSMK/K4vzRcbfTMXtd1b89rE/kh3j1L5Q0q9
ZOQJJEpuIWcOoZJVZGjZgp9dRKFE7GvfDDxBQ/jUsUHU+/KowtStWOMmAESDHkvL
MIhiQi0lyY6TlXjDa8qpZIjSvVXkYLj0xzfPhuUfQLHb+gq0IG4ISXupS9Vx9DXP
6/ICa3S8KYdYBTasU3B5u7KAqCapO5B9WQXcfGjACuXB15oZhUY+ZYWVXjaaSdrY
kf0IHWX15EkIEf1s4VGO57Zpjo8CVrgL8hzimsur/cnLSLdWoiaWpTBaCoauYBfE
/Glzw6o7ey3HDAeHMUcW7pW/2rB9484y3T3KxIIYAjsZ
-----END CERTIFICATE-----