Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/_28X1lMsvBxqScVY5HiVqqNdE4o.roa
File:                     _28X1lMsvBxqScVY5HiVqqNdE4o.roa (raw, json)
Hash identifier:          1zLcZ1CwGAvvzQsYCPPfZSZE3xWE9xsMdQ0aDUZbc8g=
Subject key identifier:   FF:6F:17:D6:53:2C:BC:1C:6A:49:C5:58:E4:78:95:AA:A3:5D:13:8A
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       0194266BF607C0AE541E49AE3230DD97B68A
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/_28X1lMsvBxqScVY5HiVqqNdE4o.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201096
IP address blocks:        85.206.144.0/23 maxlen: 24
                          85.206.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f6:07:c0:ae:54:1e:49:ae:32:30:dd:97:b6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff6f17d6532cbc1c6a49c558e47895aaa35d138a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:b7:91:11:37:56:28:8c:b6:b5:61:42:d7:
                    22:c1:3d:86:bc:9e:b9:26:af:96:e2:04:7e:c9:ac:
                    30:c1:e0:1e:a8:77:ae:71:dc:aa:1e:3b:ef:9e:0a:
                    ee:c4:6d:50:9c:88:42:3e:3f:aa:b8:fc:59:88:46:
                    61:6d:78:07:5f:b9:39:2a:e3:b3:8e:87:b6:96:f1:
                    3b:65:97:12:c7:73:fb:a5:2e:98:eb:a3:2f:ad:24:
                    16:ad:63:c4:cc:3d:78:b5:a5:05:00:57:4b:4c:25:
                    4a:18:7d:2d:d5:f2:df:6d:71:06:96:59:9b:7a:47:
                    84:51:fe:76:5e:a4:60:64:a4:98:4d:da:ed:be:0f:
                    0f:9d:d5:3a:85:b2:63:8a:3a:2d:03:c3:93:66:a5:
                    de:fc:60:8b:be:65:fc:ab:8e:15:c4:f6:34:53:a8:
                    f4:fb:04:6d:53:d4:38:07:b3:3b:95:b0:10:70:2e:
                    ff:f5:77:d5:7f:51:0e:f4:80:39:f7:1a:f3:e0:0d:
                    27:9a:e1:eb:0d:99:a9:2d:66:5f:aa:37:5e:c1:83:
                    e7:d7:d0:ea:3d:a1:45:ab:79:5f:47:77:a5:38:94:
                    0a:ab:ac:44:d6:d6:29:6f:b8:8d:fb:5a:99:bc:e3:
                    d4:bf:1b:35:a6:41:9a:bc:9e:80:bf:c6:a3:ea:3f:
                    42:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:6F:17:D6:53:2C:BC:1C:6A:49:C5:58:E4:78:95:AA:A3:5D:13:8A
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/_28X1lMsvBxqScVY5HiVqqNdE4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.206.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:a2:cd:12:33:64:04:e1:36:15:47:5a:81:59:4a:42:b5:b4:
         1d:e1:43:6b:da:88:0c:95:73:60:85:25:ec:0c:ce:cc:d5:d9:
         9d:a7:16:6a:8e:e5:74:51:8b:bd:13:2a:bd:15:a8:69:d4:5a:
         8a:fb:20:fc:a4:57:2b:40:2a:d5:c6:7a:e2:b0:94:01:b3:9f:
         e2:e6:bc:3b:79:a9:6d:03:9b:74:1d:24:8b:42:68:79:d3:18:
         e1:ef:17:6c:02:93:9c:86:2c:35:48:66:e9:2e:54:35:8d:7c:
         07:13:0f:1e:f7:e0:66:c4:d4:c0:26:6f:67:3d:ec:f4:76:15:
         9c:24:a6:c7:b1:72:02:52:ff:38:c6:d7:95:81:cf:0f:91:a8:
         29:e9:9f:9b:95:ed:22:57:ac:01:d2:a7:e6:66:86:6a:a9:72:
         62:3a:13:39:0b:e1:5e:69:c2:b3:2a:dc:9a:80:61:fa:f4:55:
         ee:8c:9f:9e:31:e2:f4:42:53:e1:79:56:20:bf:63:55:19:67:
         58:90:c3:4a:ce:e7:33:2b:4d:29:e7:c6:27:6d:24:fb:06:7f:
         ef:1a:e3:49:44:dd:30:28:12:c6:8c:19:1a:1c:51:36:5e:d9:
         20:ee:45:53:cd:0a:51:5b:b2:15:ed:f7:e8:89:b9:18:0a:28:
         a4:b9:bd:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma/YHwK5UHkmuMjDdl7aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjZmMTdkNjUzMmNiYzFjNmE0OWM1NThlNDc4OTVhYWEzNWQxMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXy3kRE3ViiMtrVhQtciwT2GvJ65
Jq+W4gR+yawwweAeqHeucdyqHjvvngruxG1QnIhCPj+quPxZiEZhbXgHX7k5KuOz
joe2lvE7ZZcSx3P7pS6Y66MvrSQWrWPEzD14taUFAFdLTCVKGH0t1fLfbXEGllmb
ekeEUf52XqRgZKSYTdrtvg8PndU6hbJjijotA8OTZqXe/GCLvmX8q44VxPY0U6j0
+wRtU9Q4B7M7lbAQcC7/9XfVf1EO9IA59xrz4A0nmuHrDZmpLWZfqjdewYPn19Dq
PaFFq3lfR3elOJQKq6xE1tYpb7iN+1qZvOPUvxs1pkGavJ6Av8aj6j9CJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP9vF9ZTLLwcaknFWOR4laqjXROKMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL18yOFgxbE1zdkJ4cVNjVlk1SGlWcXFOZEU0by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJVzpAw
DQYJKoZIhvcNAQELBQADggEBAAqizRIzZAThNhVHWoFZSkK1tB3hQ2vaiAyVc2CF
JewMzszV2Z2nFmqO5XRRi70TKr0VqGnUWor7IPykVytAKtXGeuKwlAGzn+LmvDt5
qW0Dm3QdJItCaHnTGOHvF2wCk5yGLDVIZukuVDWNfAcTDx734GbE1MAmb2c97PR2
FZwkpsexcgJS/zjG15WBzw+RqCnpn5uV7SJXrAHSp+ZmhmqpcmI6EzkL4V5pwrMq
3JqAYfr0Ve6Mn54x4vRCU+F5ViC/Y1UZZ1iQw0rO5zMrTSnnxidtJPsGf+8a40lE
3TAoEsaMGRocUTZe2SDuRVPNClFbshXt9+iJuRgKKKS5vVI=
-----END CERTIFICATE-----