Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/B9-Xs7dhnKZZ3y2oqYpIdAWmlNw.roa
File:                     B9-Xs7dhnKZZ3y2oqYpIdAWmlNw.roa (raw, json)
Hash identifier:          TgNafOFIPNxSy2OvvIzhsdKUEZp12L7C7S2Pd52eKm0=
Subject key identifier:   07:DF:97:B3:B7:61:9C:A6:59:DF:2D:A8:A9:8A:48:74:05:A6:94:DC
Certificate issuer:       /CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
Certificate serial:       01942521FB6DE48E2183F8A0FD56AFBE6565
Authority key identifier: 4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/B9-Xs7dhnKZZ3y2oqYpIdAWmlNw.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.117.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fb:6d:e4:8e:21:83:f8:a0:fd:56:af:be:65:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07df97b3b7619ca659df2da8a98a487405a694dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:34:45:c3:04:a6:b1:d9:55:82:fe:f7:bd:e4:
                    d4:4b:43:e9:7d:49:60:88:04:76:f0:1c:38:bd:83:
                    5f:7d:f3:12:ac:67:92:8b:f7:4b:e6:11:87:1d:34:
                    de:4b:5c:25:cf:f2:4c:11:90:1e:f5:1f:01:99:50:
                    4a:58:90:d4:ef:49:d2:86:fb:a0:7d:84:79:41:f1:
                    1a:bb:c4:40:83:1d:cf:6b:84:b2:ad:2c:34:80:e4:
                    f7:ac:d3:3e:13:de:fd:0f:ef:f4:55:65:3e:7d:7d:
                    60:fc:c7:20:63:9d:ce:8b:38:ec:85:2e:cd:6b:50:
                    b7:44:4a:bb:5d:49:a2:b5:ee:47:1a:fa:e4:7e:fb:
                    40:83:a5:87:f4:c3:81:ab:9d:45:d2:a6:98:e4:76:
                    a0:2f:15:13:03:73:43:7f:dd:44:1d:d9:73:d1:de:
                    94:35:b7:fc:ea:91:f2:91:1e:9b:d6:a9:0a:ca:a6:
                    30:ee:ff:a2:be:e7:00:53:cf:38:df:00:71:f2:ea:
                    a6:c6:4e:0d:ea:d1:e1:f3:4e:99:4b:9d:fd:7d:fa:
                    cb:84:48:b4:1d:19:f2:2f:46:24:9f:e3:6f:97:7c:
                    76:92:f5:e5:21:7b:cf:d0:22:cc:28:f5:73:30:7d:
                    7a:04:fe:5e:38:4b:2a:3b:27:0a:4d:d2:97:82:5a:
                    61:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DF:97:B3:B7:61:9C:A6:59:DF:2D:A8:A9:8A:48:74:05:A6:94:DC
            X509v3 Authority Key Identifier:
                keyid:4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/B9-Xs7dhnKZZ3y2oqYpIdAWmlNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:bd:71:fb:51:b6:6a:fb:f6:84:85:90:a8:f4:91:b1:5d:1e:
         42:84:d4:83:b6:17:76:77:c9:8a:a6:ae:f1:75:b4:3d:e7:e7:
         f4:64:69:6b:73:d6:94:2a:cc:14:e1:fa:cb:cc:14:16:a8:50:
         c9:29:93:e1:79:40:21:99:f3:ce:aa:fe:ae:bd:b8:41:c1:7f:
         c9:54:28:31:ae:bb:7f:b2:76:bd:e8:45:2c:45:55:9f:fa:e1:
         7f:a4:b0:13:1a:89:8c:3c:1e:99:e1:6c:54:b1:53:80:e8:d9:
         25:b2:1b:6c:f4:5d:e1:22:1e:39:28:36:ab:2a:c5:1e:4e:51:
         fa:78:da:f4:d5:82:25:ea:52:a8:ab:d2:74:29:08:ff:73:18:
         99:b4:3b:b6:f5:8c:45:47:94:20:01:0c:eb:e7:a2:66:50:3e:
         ba:7f:e7:1a:78:64:c2:48:ad:f2:37:a0:30:d7:2e:41:dc:e5:
         9c:d3:db:3c:5d:fe:e3:18:58:cd:41:76:24:51:a7:96:ac:ac:
         b9:6f:8f:03:34:24:40:86:0e:f5:75:b7:e6:24:23:b9:0c:5c:
         2b:63:2c:bb:e1:da:64:27:55:39:14:15:f4:7d:9e:b0:55:bc:
         31:4b:fc:ca:b5:c2:db:f5:0e:81:9b:bd:dd:cf:05:cc:41:a0:
         34:c7:72:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIftt5I4hg/ig/VavvmVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzM5MWRjNjE1ZmQ0YTNhZDEwYzBmMmFiOGIwYTUwNmQw
MzllZDgwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RmOTdiM2I3NjE5Y2E2NTlkZjJkYThhOThhNDg3NDA1YTY5NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DRFwwSmsdlVgv73veTUS0PpfUlg
iAR28Bw4vYNfffMSrGeSi/dL5hGHHTTeS1wlz/JMEZAe9R8BmVBKWJDU70nShvug
fYR5QfEau8RAgx3Pa4SyrSw0gOT3rNM+E979D+/0VWU+fX1g/McgY53OizjshS7N
a1C3REq7XUmite5HGvrkfvtAg6WH9MOBq51F0qaY5HagLxUTA3NDf91EHdlz0d6U
Nbf86pHykR6b1qkKyqYw7v+ivucAU8843wBx8uqmxk4N6tHh806ZS539ffrLhEi0
HRnyL0Ykn+Nvl3x2kvXlIXvP0CLMKPVzMH16BP5eOEsqOycKTdKXglphhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAffl7O3YZymWd8tqKmKSHQFppTcMB8GA1UdIwQY
MBaAFE3DkdxhX9SjrRDA8quLClBtA57YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEt
ZmQyOTE1ZDRjZDVhLzEvQjktWHM3ZGhuS1paM3kyb3FZcElkQVdtbE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEtZmQyOTE1ZDRjZDVh
LzEvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXmMA0G
CSqGSIb3DQEBCwUAA4IBAQCmvXH7UbZq+/aEhZCo9JGxXR5ChNSDthd2d8mKpq7x
dbQ95+f0ZGlrc9aUKswU4frLzBQWqFDJKZPheUAhmfPOqv6uvbhBwX/JVCgxrrt/
sna96EUsRVWf+uF/pLATGomMPB6Z4WxUsVOA6Nklshts9F3hIh45KDarKsUeTlH6
eNr01YIl6lKoq9J0KQj/cxiZtDu29YxFR5QgAQzr56JmUD66f+caeGTCSK3yN6Aw
1y5B3OWc09s8Xf7jGFjNQXYkUaeWrKy5b48DNCRAhg71dbfmJCO5DFwrYyy74dpk
J1U5FBX0fZ6wVbwxS/zKtcLb9Q6Bm73dzwXMQaA0x3Ku
-----END CERTIFICATE-----