Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/9sDTJcHPUOu0xVqrTxWLOBaQ64A.roa
File:                     9sDTJcHPUOu0xVqrTxWLOBaQ64A.roa (raw, json)
Hash identifier:          vptvr3J25ztlCmZtkSM0UG2WMV8luXgqTlBmKUmGLHA=
Subject key identifier:   F6:C0:D3:25:C1:CF:50:EB:B4:C5:5A:AB:4F:15:8B:38:16:90:EB:80
Certificate issuer:       /CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
Certificate serial:       019554316BDEC6C3D88776471DF929938F91
Authority key identifier: 5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/9sDTJcHPUOu0xVqrTxWLOBaQ64A.roa
Signing time:             Sun 02 Mar 2025 00:11:19 +0000
ROA not before:           Sun 02 Mar 2025 00:11:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        185.84.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:54:31:6b:de:c6:c3:d8:87:76:47:1d:f9:29:93:8f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
        Validity
            Not Before: Mar  2 00:11:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6c0d325c1cf50ebb4c55aab4f158b381690eb80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c8:30:9b:d1:de:64:3e:b7:fc:e9:1a:c4:fa:
                    34:bd:6b:d5:1e:64:e2:cd:db:a4:5d:70:ce:af:db:
                    d6:00:5a:44:4e:5f:a5:60:f5:f3:d4:40:5a:77:ce:
                    ad:43:39:f7:4b:fb:16:42:9d:c2:06:db:2b:4f:b6:
                    66:51:6f:5a:4a:18:5b:05:fe:ec:a1:f4:48:a8:da:
                    0b:35:8a:5d:e3:55:d5:43:d1:95:40:c8:a2:8c:98:
                    f6:86:70:3a:f4:9d:5d:bd:16:d4:c8:92:9c:6a:5c:
                    cc:b2:b3:6b:ba:3b:bd:6b:d2:ae:7f:6e:80:25:5d:
                    63:77:ce:b8:23:d8:36:aa:9a:3c:74:06:0d:25:7e:
                    db:29:5b:9e:18:da:d8:da:fa:0a:bb:76:1d:67:71:
                    ed:67:86:22:ac:94:de:58:b0:7f:82:bd:75:e4:39:
                    22:3a:7b:60:7b:2f:ad:ca:57:20:f3:bf:be:b5:e7:
                    5b:64:7b:d1:72:10:c2:b0:ba:a6:f3:a8:11:10:70:
                    8a:fc:d6:56:7d:81:38:6c:f4:71:d5:c2:ea:d6:a4:
                    ee:a9:c5:ef:ac:89:88:3c:54:ff:3a:11:c2:30:49:
                    a9:6c:9b:fb:e3:5d:7b:6f:19:eb:a6:b4:ce:dc:33:
                    87:08:e7:e8:70:bd:04:d0:cd:d1:da:91:a5:f7:b2:
                    06:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C0:D3:25:C1:CF:50:EB:B4:C5:5A:AB:4F:15:8B:38:16:90:EB:80
            X509v3 Authority Key Identifier:
                keyid:5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/9sDTJcHPUOu0xVqrTxWLOBaQ64A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:6b:e0:da:58:ae:20:f5:88:4b:57:60:e1:a8:87:9a:cd:6a:
         f4:7c:54:7b:eb:2e:0e:c5:ee:bd:f0:62:1e:4b:f6:e6:78:ed:
         32:d4:22:57:d6:eb:1b:26:78:8a:07:00:57:63:1a:31:35:bc:
         32:7e:78:28:48:fd:36:88:59:aa:23:94:af:fb:e0:9f:01:8e:
         20:23:2a:18:44:04:5c:e1:1c:40:39:b4:76:39:b0:ca:01:5f:
         ee:9d:cb:ce:97:de:e8:39:65:20:43:c3:87:99:48:08:35:4f:
         e0:2e:ca:37:1a:5f:8a:75:66:13:d4:4f:9b:ec:79:4e:dc:a4:
         c5:49:63:07:5e:70:93:9c:20:da:30:20:4a:a2:cc:5b:15:0c:
         e1:11:cf:f6:04:55:a5:6e:25:4d:ff:74:22:4e:ba:19:b4:56:
         a1:a9:28:d0:63:05:c1:67:36:aa:5c:b8:61:90:29:82:12:c8:
         b5:ea:d6:2a:9c:b8:fd:cc:c5:93:13:dd:c3:f3:bf:58:f9:7f:
         b3:36:e3:1c:02:85:da:36:f4:aa:9f:eb:e7:27:3d:8f:41:7f:
         87:86:31:b7:bf:ae:fa:e3:63:7e:e8:de:38:f1:f0:98:87:54:
         bd:a8:86:4c:6f:bf:71:30:27:3d:c8:a7:b9:92:e5:d9:ce:9e:
         b2:3b:e7:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVUMWvexsPYh3ZHHfkpk4+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYzE3NjlkM2ZmMDQyMTI0Njk4ZTMxYzQ3MmI2M2JiZjFi
YmI1YWQwHhcNMjUwMzAyMDAxMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmMwZDMyNWMxY2Y1MGViYjRjNTVhYWI0ZjE1OGIzODE2OTBlYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8gwm9HeZD63/OkaxPo0vWvVHmTi
zdukXXDOr9vWAFpETl+lYPXz1EBad86tQzn3S/sWQp3CBtsrT7ZmUW9aShhbBf7s
ofRIqNoLNYpd41XVQ9GVQMiijJj2hnA69J1dvRbUyJKcalzMsrNruju9a9Kuf26A
JV1jd864I9g2qpo8dAYNJX7bKVueGNrY2voKu3YdZ3HtZ4YirJTeWLB/gr115Dki
Ontgey+tylcg87++tedbZHvRchDCsLqm86gREHCK/NZWfYE4bPRx1cLq1qTuqcXv
rImIPFT/OhHCMEmpbJv74117bxnrprTO3DOHCOfocL0E0M3R2pGl97IGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbA0yXBz1DrtMVaq08VizgWkOuAMB8GA1UdIwQY
MBaAFF7Bdp0/8EISRpjjHEcrY7vxu7WtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUt
NTQyMDRkZGQyY2E2LzEvOXNEVEpjSFBVT3UweFZxclR4V0xPQmFRNjRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUtNTQyMDRkZGQyY2E2
LzEvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSfMA0G
CSqGSIb3DQEBCwUAA4IBAQBka+DaWK4g9YhLV2DhqIeazWr0fFR76y4Oxe698GIe
S/bmeO0y1CJX1usbJniKBwBXYxoxNbwyfngoSP02iFmqI5Sv++CfAY4gIyoYRARc
4RxAObR2ObDKAV/uncvOl97oOWUgQ8OHmUgINU/gLso3Gl+KdWYT1E+b7HlO3KTF
SWMHXnCTnCDaMCBKosxbFQzhEc/2BFWlbiVN/3QiTroZtFahqSjQYwXBZzaqXLhh
kCmCEsi16tYqnLj9zMWTE93D879Y+X+zNuMcAoXaNvSqn+vnJz2PQX+HhjG3v676
42N+6N448fCYh1S9qIZMb79xMCc9yKe5kuXZzp6yO+eT
-----END CERTIFICATE-----