Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/8PVKdp7jBdhmskcbZzZ5u7sq85c.roa
File:                     8PVKdp7jBdhmskcbZzZ5u7sq85c.roa (raw, json)
Hash identifier:          XnxGpZ/fINBa34w0yMKfzpg9ucbY/sXeEDSMiSeEKsQ=
Subject key identifier:   F0:F5:4A:76:9E:E3:05:D8:66:B2:47:1B:67:36:79:BB:BB:2A:F3:97
Certificate issuer:       /CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
Certificate serial:       01942521149813DB7FBB17F998F51E10B449
Authority key identifier: 95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/8PVKdp7jBdhmskcbZzZ5u7sq85c.roa
Signing time:             Thu 02 Jan 2025 03:48:32 +0000
ROA not before:           Thu 02 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1221
IP address blocks:        185.144.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:14:98:13:db:7f:bb:17:f9:98:f5:1e:10:b4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
        Validity
            Not Before: Jan  2 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0f54a769ee305d866b2471b673679bbbb2af397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1e:0a:5a:05:ef:57:a2:38:48:97:66:0b:63:
                    d9:c8:c4:d9:10:79:94:1f:31:6b:f0:af:11:1d:96:
                    1d:bf:fa:f8:9c:db:98:07:70:f3:a7:6b:b7:22:68:
                    95:6e:50:9d:d4:c6:57:5c:45:4f:3e:18:4d:86:07:
                    b2:00:0b:4d:23:56:7a:6e:b4:a6:72:4d:11:25:2d:
                    ab:fc:97:e9:4d:ae:23:fc:50:69:1c:b8:6f:3f:73:
                    9f:b5:86:63:05:99:ce:54:b9:f8:04:10:c7:1a:17:
                    44:45:45:dd:f1:c1:c1:0a:c3:ed:84:12:fd:a0:ea:
                    8b:63:f9:dd:4d:87:63:59:19:44:5b:84:d6:c5:6b:
                    3a:7b:11:99:34:ff:ff:d0:ec:d3:f0:df:82:0b:d9:
                    d7:44:91:2a:e5:3b:31:b8:f5:0c:23:b0:e7:32:9b:
                    dd:c9:10:c3:6c:e6:ef:1f:c2:b6:e0:e4:6a:fb:8e:
                    cd:22:69:0c:a9:58:d1:20:f2:a1:96:65:b3:68:8b:
                    7a:87:c6:53:d1:5e:1a:45:db:bd:2a:68:90:30:17:
                    9e:5a:2e:a6:23:11:fd:de:c9:a2:36:2e:dc:d0:83:
                    03:f4:03:76:2a:ee:da:fa:13:eb:8e:de:7a:91:28:
                    3f:3b:0f:85:84:12:8e:d3:df:3f:ec:c6:87:bf:11:
                    19:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F5:4A:76:9E:E3:05:D8:66:B2:47:1B:67:36:79:BB:BB:2A:F3:97
            X509v3 Authority Key Identifier:
                keyid:95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/8PVKdp7jBdhmskcbZzZ5u7sq85c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:62:ce:54:1a:b8:65:f7:a4:a3:b4:8a:3b:07:96:30:97:b0:
         14:d4:cd:00:a2:23:7d:4c:8b:22:6c:26:3b:cd:3a:af:4c:6d:
         fa:5a:ea:f2:2b:f2:20:95:67:05:5f:6d:17:e0:10:01:ac:57:
         41:f3:8c:e3:f4:28:c6:dc:db:12:a0:b8:54:a5:71:82:1c:bf:
         82:e3:9d:9a:bb:cb:0c:2d:63:9a:59:de:27:71:88:a0:d7:f0:
         a2:d7:6d:2e:18:42:2f:41:a1:91:fa:1a:e6:0c:b1:00:cb:2c:
         11:6b:11:95:97:0b:79:e9:97:74:ca:7b:66:61:84:49:ae:67:
         d6:ba:fd:3c:5a:cc:76:48:6c:01:af:33:64:4e:c3:e3:cc:55:
         cd:f8:c7:2b:b2:f3:f3:51:8b:e6:ed:69:a4:5d:a0:e9:d5:e6:
         5b:aa:30:4d:23:7a:9d:41:cd:77:64:c2:15:59:1f:87:42:d8:
         b6:f4:22:76:a3:c8:9e:64:71:dd:a5:47:4b:95:c5:1b:9e:e5:
         0b:ab:76:5d:94:c4:0d:9e:26:f8:6f:4f:d0:6f:a2:cc:6e:51:
         cc:a1:65:1c:ca:79:a6:5a:4c:df:4e:71:4b:b7:3e:be:b7:92:
         12:64:a8:92:a9:8b:af:e7:d5:7a:c2:3c:42:a8:81:fd:d1:34:
         15:54:39:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIRSYE9t/uxf5mPUeELRJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YTVhZGY2YWYxZmNjMDU3MGFkZjg1OGZkNWJmYmUyODc5
MWExODYwHhcNMjUwMTAyMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGY1NGE3NjllZTMwNWQ4NjZiMjQ3MWI2NzM2NzliYmJiMmFmMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3R4KWgXvV6I4SJdmC2PZyMTZEHmU
HzFr8K8RHZYdv/r4nNuYB3Dzp2u3ImiVblCd1MZXXEVPPhhNhgeyAAtNI1Z6brSm
ck0RJS2r/JfpTa4j/FBpHLhvP3OftYZjBZnOVLn4BBDHGhdERUXd8cHBCsPthBL9
oOqLY/ndTYdjWRlEW4TWxWs6exGZNP//0OzT8N+CC9nXRJEq5TsxuPUMI7DnMpvd
yRDDbObvH8K24ORq+47NImkMqVjRIPKhlmWzaIt6h8ZT0V4aRdu9KmiQMBeeWi6m
IxH93smiNi7c0IMD9AN2Ku7a+hPrjt56kSg/Ow+FhBKO098/7MaHvxEZIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPD1Snae4wXYZrJHG2c2ebu7KvOXMB8GA1UdIwQY
MBaAFJWlrfavH8wFcK34WP1b++KHkaGGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTIt
MTYxOWQwOGM2OTY1LzEvOFBWS2RwN2pCZGhtc2tjYlp6WjV1N3NxODVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTItMTYxOWQwOGM2OTY1
LzEvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZBvMA0G
CSqGSIb3DQEBCwUAA4IBAQCNYs5UGrhl96SjtIo7B5Ywl7AU1M0AoiN9TIsibCY7
zTqvTG36WuryK/IglWcFX20X4BABrFdB84zj9CjG3NsSoLhUpXGCHL+C452au8sM
LWOaWd4ncYig1/Ci120uGEIvQaGR+hrmDLEAyywRaxGVlwt56Zd0yntmYYRJrmfW
uv08Wsx2SGwBrzNkTsPjzFXN+McrsvPzUYvm7WmkXaDp1eZbqjBNI3qdQc13ZMIV
WR+HQti29CJ2o8ieZHHdpUdLlcUbnuULq3ZdlMQNnib4b0/Qb6LMblHMoWUcynmm
WkzfTnFLtz6+t5ISZKiSqYuv59V6wjxCqIH90TQVVDkN
-----END CERTIFICATE-----