Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/1-of8pnTOP0J8yCsHZmocQfT7mIM.roa
File:                     1-of8pnTOP0J8yCsHZmocQfT7mIM.roa (raw, json)
Hash identifier:          0Lq0vU+tQx9q/SkpzGWQvm0P7tr0nnJgKO8aL6LRtlo=
Subject key identifier:   FA:87:FC:A6:74:CE:3F:42:7C:C8:2B:07:66:6A:1C:41:F4:FB:98:83
Certificate issuer:       /CN=57d0b861afb125b8bc13969d0b49734ce844bd6a
Certificate serial:       0196306D1ECC1EC22BABD69BBF8FE99E48BD
Authority key identifier: 57:D0:B8:61:AF:B1:25:B8:BC:13:96:9D:0B:49:73:4C:E8:44:BD:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/1-of8pnTOP0J8yCsHZmocQfT7mIM.roa
Signing time:             Sun 13 Apr 2025 18:32:59 +0000
ROA not before:           Sun 13 Apr 2025 18:32:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215308
IP address blocks:        185.150.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:30:6d:1e:cc:1e:c2:2b:ab:d6:9b:bf:8f:e9:9e:48:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57d0b861afb125b8bc13969d0b49734ce844bd6a
        Validity
            Not Before: Apr 13 18:32:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa87fca674ce3f427cc82b07666a1c41f4fb9883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:c1:33:8c:4b:a7:be:ed:b8:02:42:21:0f:
                    70:3e:7f:89:03:ce:24:eb:da:d6:25:f1:a1:01:13:
                    c5:7d:35:bf:02:a2:26:8f:93:df:90:b7:b0:bf:a7:
                    61:35:34:5f:e6:d8:b2:ba:9a:6a:bb:0d:7b:85:6a:
                    55:7a:cf:6d:df:92:82:c3:b7:67:8a:51:ec:58:6a:
                    9b:b8:dd:bb:3e:30:d0:7f:54:1a:11:9c:88:b5:94:
                    63:36:eb:01:56:97:dd:07:46:68:7c:f2:05:a8:61:
                    fb:be:55:b0:d8:f5:f3:c2:06:fe:9a:f5:88:a0:d9:
                    44:72:91:43:93:06:2f:83:4f:e7:a4:c0:bf:28:97:
                    52:ac:95:d5:40:84:cb:9c:dd:a0:c2:2f:55:16:e5:
                    f4:c3:4b:6c:f2:0a:1a:d3:5d:42:17:35:00:57:6e:
                    2e:75:f7:1a:da:48:c5:e1:42:08:5e:3b:11:7a:12:
                    45:e4:ea:b3:4a:d4:a4:16:4e:9b:2c:ce:65:dd:8c:
                    77:35:8a:4e:cd:8a:3e:9b:bf:d7:13:83:a4:98:58:
                    31:6d:ae:f0:13:23:f6:d7:07:69:81:ae:a7:11:c3:
                    91:49:0a:83:c7:3f:94:8d:cf:03:94:3c:98:f5:5e:
                    b0:f6:de:55:0a:61:19:7a:5d:bc:f7:be:9d:50:f6:
                    51:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:87:FC:A6:74:CE:3F:42:7C:C8:2B:07:66:6A:1C:41:F4:FB:98:83
            X509v3 Authority Key Identifier:
                keyid:57:D0:B8:61:AF:B1:25:B8:BC:13:96:9D:0B:49:73:4C:E8:44:BD:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/1-of8pnTOP0J8yCsHZmocQfT7mIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ec:e2:e0:f4:74:3b:23:47:f8:df:88:56:89:83:57:a1:28:
         ac:e5:71:74:71:09:a7:65:d5:7b:28:18:40:b9:9b:f1:c0:bf:
         b2:c6:6c:32:d0:d0:48:00:79:52:52:54:67:44:52:c6:18:d1:
         0d:e0:d1:2a:5b:27:71:56:1a:ff:a9:ce:13:df:78:35:b9:88:
         da:35:f7:06:47:e0:ea:fb:54:a7:80:91:6b:72:a8:f4:bc:3c:
         c0:63:a5:bd:81:e8:62:3f:29:b0:38:93:f3:8b:63:71:c0:f5:
         a7:14:61:9b:06:67:22:89:d4:83:3e:65:09:42:bb:80:75:f8:
         20:b3:69:6d:da:d3:25:a0:10:4e:b5:7d:12:d1:51:1f:2a:32:
         d0:8e:70:c3:58:2f:ba:ee:4e:0f:2c:dd:44:f4:a4:1f:93:b2:
         ad:15:9a:52:75:7e:8a:28:90:17:86:a4:c8:07:3a:e4:1a:88:
         e1:f5:bd:a1:23:36:46:0c:f0:06:c9:b8:d7:3a:2b:81:37:8c:
         e3:46:ff:da:78:50:d2:8d:63:ad:d4:81:68:a3:58:52:37:8b:
         7a:17:57:2f:c6:30:8c:85:74:6f:80:95:a8:e5:fd:84:ea:e3:
         c7:d3:ce:e4:db:60:13:a2:fa:02:03:8d:87:ba:7e:f4:59:26:
         6f:14:d5:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZYwbR7MHsIrq9abv4/pnki9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZDBiODYxYWZiMTI1YjhiYzEzOTY5ZDBiNDk3MzRjZTg0
NGJkNmEwHhcNMjUwNDEzMTgzMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTg3ZmNhNjc0Y2UzZjQyN2NjODJiMDc2NjZhMWM0MWY0ZmI5ODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsILBM4xLp77tuAJCIQ9wPn+JA84k
69rWJfGhARPFfTW/AqImj5PfkLewv6dhNTRf5tiyuppquw17hWpVes9t35KCw7dn
ilHsWGqbuN27PjDQf1QaEZyItZRjNusBVpfdB0ZofPIFqGH7vlWw2PXzwgb+mvWI
oNlEcpFDkwYvg0/npMC/KJdSrJXVQITLnN2gwi9VFuX0w0ts8goa011CFzUAV24u
dfca2kjF4UIIXjsRehJF5OqzStSkFk6bLM5l3Yx3NYpOzYo+m7/XE4OkmFgxba7w
EyP21wdpga6nEcORSQqDxz+Ujc8DlDyY9V6w9t5VCmEZel28976dUPZR6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqH/KZ0zj9CfMgrB2ZqHEH0+5iDMB8GA1UdIwQY
MBaAFFfQuGGvsSW4vBOWnQtJc0zoRL1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjlDNFlhLXhKYmk4RTVhZEMwbHpUT2hFdldvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wOWVlNjYtNjY3ZS00Y2Q0LWI0ZmEt
Zjg2MmZkZmEzYjkzLzEvMS1vZjhwblRPUDBKOHlDc0habW9jUWZUN21JTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2MvMDllZTY2LTY2N2UtNGNkNC1iNGZhLWY4NjJmZGZhM2I5
My8xL1Y5QzRZYS14SmJpOEU1YWRDMGx6VE9oRXZXby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmW1DAN
BgkqhkiG9w0BAQsFAAOCAQEAdOzi4PR0OyNH+N+IVomDV6EorOVxdHEJp2XVeygY
QLmb8cC/ssZsMtDQSAB5UlJUZ0RSxhjRDeDRKlsncVYa/6nOE994NbmI2jX3Bkfg
6vtUp4CRa3Ko9Lw8wGOlvYHoYj8psDiT84tjccD1pxRhmwZnIonUgz5lCUK7gHX4
ILNpbdrTJaAQTrV9EtFRHyoy0I5ww1gvuu5ODyzdRPSkH5OyrRWaUnV+iiiQF4ak
yAc65BqI4fW9oSM2RgzwBsm41zorgTeM40b/2nhQ0o1jrdSBaKNYUjeLehdXL8Yw
jIV0b4CVqOX9hOrjx9PO5NtgE6L6AgONh7p+9FkmbxTVqw==
-----END CERTIFICATE-----