Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/R0HpmWnfk67q4Dq1iqO8vwpWAYI.roa
File:                     R0HpmWnfk67q4Dq1iqO8vwpWAYI.roa (raw, json)
Hash identifier:          wziNGqeAwzyFoCjoElw3SGFz2e33vQDW2HjZjdtvkaY=
Subject key identifier:   47:41:E9:99:69:DF:93:AE:EA:E0:3A:B5:8A:A3:BC:BF:0A:56:01:82
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019427472D017BEB79DE919535CDFB61B6CC
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/R0HpmWnfk67q4Dq1iqO8vwpWAYI.roa
Signing time:             Thu 02 Jan 2025 13:49:23 +0000
ROA not before:           Thu 02 Jan 2025 13:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201064
IP address blocks:        185.87.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:2d:01:7b:eb:79:de:91:95:35:cd:fb:61:b6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  2 13:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4741e99969df93aeeae03ab58aa3bcbf0a560182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4d:80:46:67:e4:90:ce:4c:d7:74:6c:f9:51:
                    64:50:5a:33:7e:f4:c0:c7:3a:ba:b7:d4:b9:5c:61:
                    d0:5a:1e:0d:ac:4e:a4:e2:cc:e9:1c:e3:e3:a1:2e:
                    fe:86:d0:b3:55:69:1f:24:35:4c:c3:0e:ec:1c:1d:
                    b9:5a:b0:7a:83:30:bd:76:72:68:ab:60:28:1c:a3:
                    92:25:69:f4:2f:7b:a8:fb:46:c7:23:0e:98:3d:43:
                    ee:be:c0:2e:c0:f1:9f:d5:79:41:50:7e:a3:ca:e1:
                    ea:21:92:cb:1f:84:9f:02:64:ab:f2:10:ef:da:70:
                    0a:30:dd:c7:aa:34:be:af:99:27:5b:d0:c7:68:08:
                    6f:29:76:7f:a8:a6:d4:d7:5f:f4:17:33:1b:49:f8:
                    d9:f9:dd:b9:85:b0:69:b5:63:b0:50:69:2f:29:5b:
                    61:0e:11:6e:74:ac:36:f8:8e:82:5a:84:2b:3e:04:
                    8c:c6:a2:06:dd:03:05:d1:f9:30:b0:03:9d:3d:c7:
                    b0:e8:d2:a4:93:4f:ed:48:38:e0:cf:b0:53:bd:3e:
                    f3:67:13:a0:87:a2:82:b6:f3:24:aa:65:36:82:4e:
                    98:c9:84:26:8d:50:da:a5:e9:ac:ca:c7:ff:ec:79:
                    3c:4d:20:24:ab:00:75:6c:e5:6b:a2:86:e0:cf:1a:
                    65:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:41:E9:99:69:DF:93:AE:EA:E0:3A:B5:8A:A3:BC:BF:0A:56:01:82
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/R0HpmWnfk67q4Dq1iqO8vwpWAYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1f:75:0b:a0:4a:b4:6a:e1:72:87:1d:22:80:a0:14:53:1a:
         48:30:4e:4f:fe:72:54:6c:1d:c3:79:a3:ce:ca:7d:a2:f7:43:
         04:59:f2:8c:30:52:0c:ad:c7:dc:95:5a:d4:f5:e3:ac:2c:cb:
         be:e4:57:36:eb:70:81:5e:ee:97:b7:4d:c1:02:40:39:36:f0:
         15:76:32:30:de:6c:84:de:d7:3b:04:28:61:12:05:db:a4:a9:
         2d:a8:bc:db:b1:67:af:94:db:14:d0:c5:30:22:41:78:d6:67:
         05:5a:fc:5b:94:ad:ed:92:cf:29:9f:76:f9:73:96:ae:7d:91:
         61:7b:8e:3a:09:10:9e:83:82:1c:bb:34:a9:1b:08:2e:6c:a1:
         7e:d6:0e:f2:fd:3a:a0:30:fd:2f:40:73:9f:8b:58:86:9d:d4:
         26:cc:3f:b6:05:48:a0:5b:16:85:d9:69:58:65:6b:32:c8:88:
         8a:36:92:46:2d:b8:54:24:3c:2c:59:0b:67:19:d7:d0:db:0c:
         1b:fa:71:44:06:44:02:87:5d:a0:e0:43:5d:54:79:f4:ce:76:
         d4:2f:73:1e:fd:07:df:d3:1a:bd:bf:38:e7:c1:25:05:79:88:
         4e:8d:8e:44:bc:9e:8d:dc:da:1b:cc:6f:4b:77:d9:89:d3:79:
         c1:f4:bb:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRy0Be+t53pGVNc37YbbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTAyMTM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQxZTk5OTY5ZGY5M2FlZWFlMDNhYjU4YWEzYmNiZjBhNTYwMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt02ARmfkkM5M13Rs+VFkUFozfvTA
xzq6t9S5XGHQWh4NrE6k4szpHOPjoS7+htCzVWkfJDVMww7sHB25WrB6gzC9dnJo
q2AoHKOSJWn0L3uo+0bHIw6YPUPuvsAuwPGf1XlBUH6jyuHqIZLLH4SfAmSr8hDv
2nAKMN3HqjS+r5knW9DHaAhvKXZ/qKbU11/0FzMbSfjZ+d25hbBptWOwUGkvKVth
DhFudKw2+I6CWoQrPgSMxqIG3QMF0fkwsAOdPcew6NKkk0/tSDjgz7BTvT7zZxOg
h6KCtvMkqmU2gk6YyYQmjVDapemsysf/7Hk8TSAkqwB1bOVroobgzxplFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdB6Zlp35Ou6uA6tYqjvL8KVgGCMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvUjBIcG1XbmZrNjdxNERxMWlxTzh2d3BXQVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVcZMA0G
CSqGSIb3DQEBCwUAA4IBAQBQH3ULoEq0auFyhx0igKAUUxpIME5P/nJUbB3DeaPO
yn2i90MEWfKMMFIMrcfclVrU9eOsLMu+5Fc263CBXu6Xt03BAkA5NvAVdjIw3myE
3tc7BChhEgXbpKktqLzbsWevlNsU0MUwIkF41mcFWvxblK3tks8pn3b5c5aufZFh
e446CRCeg4IcuzSpGwgubKF+1g7y/TqgMP0vQHOfi1iGndQmzD+2BUigWxaF2WlY
ZWsyyIiKNpJGLbhUJDwsWQtnGdfQ2wwb+nFEBkQCh12g4ENdVHn0znbUL3Me/Qff
0xq9vzjnwSUFeYhOjY5EvJ6N3NobzG9Ld9mJ03nB9Ltr
-----END CERTIFICATE-----