Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rOnq86dV2BXa4tQU-vqcTAdf2VM.roa
File:                     rOnq86dV2BXa4tQU-vqcTAdf2VM.roa (raw, json)
Hash identifier:          nUAAXheN4rY8m+/9k6ldoGDPKA5ssts8flzhVGQ+fHk=
Subject key identifier:   AC:E9:EA:F3:A7:55:D8:15:DA:E2:D4:14:FA:FA:9C:4C:07:5F:D9:53
Certificate issuer:       /CN=8d3402eae027abcd926090cc0ddeff80aab92c35
Certificate serial:       019420682CFB74BCD212437185034D6E9395
Authority key identifier: 8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rOnq86dV2BXa4tQU-vqcTAdf2VM.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        185.186.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2c:fb:74:bc:d2:12:43:71:85:03:4d:6e:93:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3402eae027abcd926090cc0ddeff80aab92c35
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ace9eaf3a755d815dae2d414fafa9c4c075fd953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:23:fd:98:cb:8e:af:75:97:3d:ed:d7:c7:90:
                    f9:6e:f8:68:6f:1d:f1:b8:9a:dc:0d:91:f7:b6:c9:
                    9e:11:a1:3e:43:d6:73:01:f3:55:9e:68:c0:55:82:
                    7e:f2:98:e2:6f:01:65:10:95:3e:17:20:b3:d3:1f:
                    55:56:e7:a3:d5:be:5c:7b:6d:31:83:a5:02:53:a4:
                    82:ff:ce:1e:c0:6c:f6:b3:9e:df:c8:9f:54:b1:34:
                    02:4a:30:a7:fc:a5:06:f0:da:be:13:00:d3:e0:da:
                    66:f1:36:3a:22:4c:b5:0d:06:2b:e1:f6:79:d1:f6:
                    0f:cb:d9:a1:fc:42:99:74:37:49:68:a8:24:65:5a:
                    f1:77:37:7e:4d:4a:f1:70:0a:cd:6b:80:17:be:7a:
                    6c:e9:5e:c6:77:6c:58:1a:be:20:29:45:fa:55:b5:
                    bc:d4:53:65:11:b5:fd:09:51:f8:9e:a1:37:a9:78:
                    bb:59:3c:20:c5:ac:59:9e:52:bc:2a:cd:d2:6e:06:
                    f8:86:45:d3:d6:17:00:5d:e7:15:71:34:31:2c:c8:
                    83:01:44:7a:2d:f0:a1:4f:5c:fc:fb:cf:93:f6:5b:
                    b5:30:dc:7f:6d:b5:b2:3b:02:6c:7e:d8:37:bb:3c:
                    78:a6:0f:1c:10:e3:bd:38:96:9d:d0:d2:af:76:00:
                    3a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E9:EA:F3:A7:55:D8:15:DA:E2:D4:14:FA:FA:9C:4C:07:5F:D9:53
            X509v3 Authority Key Identifier:
                keyid:8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/rOnq86dV2BXa4tQU-vqcTAdf2VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:44:2e:62:bb:a5:58:c6:b3:1e:ba:85:96:8f:70:06:e2:53:
         d8:22:54:b0:c1:94:22:ea:f1:a2:f6:fa:73:d8:c7:17:2c:f8:
         f7:1c:06:fe:06:fc:d7:8f:30:a7:38:fd:94:99:ed:83:73:ff:
         a3:a1:4c:f5:5a:b4:7a:72:20:e7:3e:8d:4c:a8:64:55:2c:b4:
         2b:1e:6b:d2:c7:db:41:54:b5:46:84:4a:f5:d7:7f:44:48:7b:
         12:43:c0:16:83:c6:b5:56:04:90:3c:72:93:69:34:59:17:12:
         6d:85:c0:df:18:e4:96:c4:16:a3:28:b3:fa:b4:12:55:82:52:
         bc:38:89:cf:91:0c:0f:dc:41:75:09:50:01:dc:f2:04:1c:6f:
         fc:f5:2d:2f:97:77:b9:14:53:7c:3b:46:7c:42:db:11:be:70:
         35:0d:67:54:4d:b0:28:9d:06:4c:38:8d:86:55:53:6f:dc:18:
         73:35:4d:00:ef:98:d9:16:81:41:d9:20:a1:cc:7f:26:d7:ba:
         99:46:04:7a:7d:51:88:81:96:6c:b0:ce:63:9e:5b:ec:30:03:
         d7:93:6c:33:36:cb:f1:a1:f6:27:d4:92:2c:6c:48:9d:14:e3:
         87:2d:d4:59:a9:fb:39:d6:45:f1:78:c1:15:3a:ff:a0:cc:33:
         9d:90:74:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaCz7dLzSEkNxhQNNbpOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzQwMmVhZTAyN2FiY2Q5MjYwOTBjYzBkZGVmZjgwYWFi
OTJjMzUwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2U5ZWFmM2E3NTVkODE1ZGFlMmQ0MTRmYWZhOWM0YzA3NWZkOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiP9mMuOr3WXPe3Xx5D5bvhobx3x
uJrcDZH3tsmeEaE+Q9ZzAfNVnmjAVYJ+8pjibwFlEJU+FyCz0x9VVuej1b5ce20x
g6UCU6SC/84ewGz2s57fyJ9UsTQCSjCn/KUG8Nq+EwDT4Npm8TY6Iky1DQYr4fZ5
0fYPy9mh/EKZdDdJaKgkZVrxdzd+TUrxcArNa4AXvnps6V7Gd2xYGr4gKUX6VbW8
1FNlEbX9CVH4nqE3qXi7WTwgxaxZnlK8Ks3Sbgb4hkXT1hcAXecVcTQxLMiDAUR6
LfChT1z8+8+T9lu1MNx/bbWyOwJsftg3uzx4pg8cEOO9OJad0NKvdgA68QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzp6vOnVdgV2uLUFPr6nEwHX9lTMB8GA1UdIwQY
MBaAFI00AurgJ6vNkmCQzA3e/4CquSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgt
ZjkyZDdkYzM3ZDJlLzEvck9ucTg2ZFYyQlhhNHRRVS12cWNUQWRmMlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgtZjkyZDdkYzM3ZDJl
LzEvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpMMA0G
CSqGSIb3DQEBCwUAA4IBAQCKRC5iu6VYxrMeuoWWj3AG4lPYIlSwwZQi6vGi9vpz
2McXLPj3HAb+BvzXjzCnOP2Ume2Dc/+joUz1WrR6ciDnPo1MqGRVLLQrHmvSx9tB
VLVGhEr1139ESHsSQ8AWg8a1VgSQPHKTaTRZFxJthcDfGOSWxBajKLP6tBJVglK8
OInPkQwP3EF1CVAB3PIEHG/89S0vl3e5FFN8O0Z8QtsRvnA1DWdUTbAonQZMOI2G
VVNv3BhzNU0A75jZFoFB2SChzH8m17qZRgR6fVGIgZZssM5jnlvsMAPXk2wzNsvx
ofYn1JIsbEidFOOHLdRZqfs51kXxeMEVOv+gzDOdkHTm
-----END CERTIFICATE-----