Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/b-m7-fGqmSKwlmeu_jBhubGJQ3I.roa
File:                     b-m7-fGqmSKwlmeu_jBhubGJQ3I.roa (raw, json)
Hash identifier:          8X15bE+eAPzAtZkXDXahldI93jt61sBvabKA5itVSK0=
Subject key identifier:   6F:E9:BB:F9:F1:AA:99:22:B0:96:67:AE:FE:30:61:B9:B1:89:43:72
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484C1878CA4EBC7F7140C803D31DF9
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/b-m7-fGqmSKwlmeu_jBhubGJQ3I.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142299
IP address blocks:        85.203.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4c:18:78:ca:4e:bc:7f:71:40:c8:03:d3:1d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fe9bbf9f1aa9922b09667aefe3061b9b1894372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:43:96:78:10:b1:5b:e2:b9:8b:5c:44:36:0d:
                    78:02:c7:c0:4b:d7:0e:e5:f3:d3:6d:99:7a:86:74:
                    6b:ae:1a:62:57:11:bf:d7:72:b6:b7:6c:65:ca:8b:
                    a9:69:e0:ec:ae:08:8a:58:d5:3f:a4:67:7d:07:a2:
                    a7:24:e6:c0:b5:64:f0:01:e7:2f:52:7b:e5:57:86:
                    54:3f:fc:53:29:63:a6:8e:09:d6:36:92:50:b8:67:
                    d8:f0:33:83:db:76:66:42:04:2f:44:cf:ad:cd:45:
                    a2:bd:81:25:e7:92:6e:0c:79:19:cf:0b:2a:4f:2f:
                    45:3c:61:0a:53:98:be:c9:37:68:b3:29:0e:80:0c:
                    d1:e9:57:9d:f3:fe:22:5b:c4:8c:98:8f:6b:6d:39:
                    46:ae:aa:16:88:c0:c0:f3:39:dc:e4:08:fe:58:a3:
                    de:83:31:12:f0:24:09:ca:e3:b4:8c:36:82:fc:23:
                    62:1f:e6:e0:24:85:90:6d:14:b3:78:3d:cd:d1:c8:
                    3c:ce:64:b4:84:57:03:7c:27:85:67:93:29:76:51:
                    c0:94:f0:59:18:33:35:40:84:58:23:e8:3a:84:18:
                    a9:aa:11:41:ff:93:d7:b8:92:91:3f:23:3c:90:ae:
                    c3:73:a8:1c:a7:57:7c:04:45:51:ae:43:20:3c:b5:
                    8c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E9:BB:F9:F1:AA:99:22:B0:96:67:AE:FE:30:61:B9:B1:89:43:72
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/b-m7-fGqmSKwlmeu_jBhubGJQ3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3c:44:9e:73:b2:bf:b6:74:ad:be:c0:de:d4:8f:12:4f:d5:
         de:92:87:84:49:f8:2f:42:11:01:9e:08:d4:41:25:fb:b8:b2:
         8e:7d:c1:ca:52:61:9d:b1:1e:be:fa:e2:bb:ff:f1:1d:a5:e2:
         39:a1:b0:b6:86:d9:da:0a:8b:93:73:f3:ff:b1:86:1f:0d:13:
         42:61:8c:bc:88:99:9a:40:ef:55:e4:43:9c:4f:b1:a7:82:10:
         e3:9e:8b:e9:49:a9:64:f9:fa:47:9c:19:12:9d:13:7c:4a:df:
         62:82:10:d5:52:8d:7e:21:ab:f2:70:5b:45:9a:d4:3f:30:28:
         46:80:18:cb:48:c1:5b:e5:ce:27:1c:cb:da:1b:95:d0:f7:eb:
         ae:d5:e5:0c:5c:98:42:06:af:0d:97:9d:67:68:80:b8:e2:e4:
         29:77:52:bf:4c:69:9c:bf:85:12:27:0c:9f:f7:1e:a0:ea:6c:
         76:9b:19:f3:44:c6:7b:54:6d:71:41:74:0e:e2:fb:a5:92:bc:
         2a:77:21:31:28:6a:f5:e4:ea:03:e0:54:d7:29:34:92:17:91:
         ae:93:1d:cf:c9:1e:85:59:63:e5:3f:f3:20:fa:34:8e:c7:17:
         b5:12:b8:2d:54:ac:12:06:ee:6d:6b:ea:38:c4:e2:f0:0a:b5:
         1f:f4:2e:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEwYeMpOvH9xQMgD0x35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmU5YmJmOWYxYWE5OTIyYjA5NjY3YWVmZTMwNjFiOWIxODk0MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+EOWeBCxW+K5i1xENg14AsfAS9cO
5fPTbZl6hnRrrhpiVxG/13K2t2xlyoupaeDsrgiKWNU/pGd9B6KnJObAtWTwAecv
UnvlV4ZUP/xTKWOmjgnWNpJQuGfY8DOD23ZmQgQvRM+tzUWivYEl55JuDHkZzwsq
Ty9FPGEKU5i+yTdosykOgAzR6Ved8/4iW8SMmI9rbTlGrqoWiMDA8znc5Aj+WKPe
gzES8CQJyuO0jDaC/CNiH+bgJIWQbRSzeD3N0cg8zmS0hFcDfCeFZ5MpdlHAlPBZ
GDM1QIRYI+g6hBipqhFB/5PXuJKRPyM8kK7Dc6gcp1d8BEVRrkMgPLWMYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/pu/nxqpkisJZnrv4wYbmxiUNyMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvYi1tNy1mR3FtU0t3bG1ldV9qQmh1YkdKUTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsEMA0G
CSqGSIb3DQEBCwUAA4IBAQAwPESec7K/tnStvsDe1I8ST9XekoeESfgvQhEBngjU
QSX7uLKOfcHKUmGdsR6++uK7//EdpeI5obC2htnaCouTc/P/sYYfDRNCYYy8iJma
QO9V5EOcT7GnghDjnovpSalk+fpHnBkSnRN8St9ighDVUo1+IavycFtFmtQ/MChG
gBjLSMFb5c4nHMvaG5XQ9+uu1eUMXJhCBq8Nl51naIC44uQpd1K/TGmcv4USJwyf
9x6g6mx2mxnzRMZ7VG1xQXQO4vulkrwqdyExKGr15OoD4FTXKTSSF5Gukx3PyR6F
WWPlP/Mg+jSOxxe1ErgtVKwSBu5ta+o4xOLwCrUf9C5y
-----END CERTIFICATE-----