Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/8O6-gKb80MguFWMDjHISxDIUjOY.roa
File:                     8O6-gKb80MguFWMDjHISxDIUjOY.roa (raw, json)
Hash identifier:          3o+8tVrWRw5md2p0yBC1m89E5Wym1EPSdJ/KhkZ5Zfw=
Subject key identifier:   F0:EE:BE:80:A6:FC:D0:C8:2E:15:63:03:8C:72:12:C4:32:14:8C:E6
Certificate issuer:       /CN=360a9d26dbb3ea5dfaae83b61908add8fc6dd36f
Certificate serial:       019424B3C5F648D25A0C904E7586A0B17AA0
Authority key identifier: 36:0A:9D:26:DB:B3:EA:5D:FA:AE:83:B6:19:08:AD:D8:FC:6D:D3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/8O6-gKb80MguFWMDjHISxDIUjOY.roa
Signing time:             Thu 02 Jan 2025 01:49:08 +0000
ROA not before:           Thu 02 Jan 2025 01:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59617
IP address blocks:        185.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c5:f6:48:d2:5a:0c:90:4e:75:86:a0:b1:7a:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=360a9d26dbb3ea5dfaae83b61908add8fc6dd36f
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0eebe80a6fcd0c82e1563038c7212c432148ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6e:e8:2d:07:c2:47:7b:dc:0c:53:dd:ed:eb:
                    f4:8c:f4:bd:63:c1:6f:9a:bc:66:89:dd:f6:ec:72:
                    ab:ec:7e:24:19:b7:72:9f:f7:08:82:9c:68:a3:c4:
                    aa:6a:86:76:ab:f9:e5:c1:bf:d5:1b:60:85:1f:00:
                    1f:fd:b8:4b:0d:41:18:94:a9:d9:d6:25:75:ff:f0:
                    8a:df:ef:46:6a:67:60:9f:09:94:e1:93:4f:06:10:
                    46:27:05:26:0d:a5:e7:72:46:52:fa:68:84:41:c9:
                    00:8a:ba:25:61:4b:2d:ae:7f:13:0a:e2:c5:77:96:
                    d2:72:65:f8:52:e1:73:b3:c8:9d:d6:9b:57:dd:a0:
                    8f:79:36:77:5f:36:3c:97:e0:08:a2:de:cb:fe:b4:
                    f3:7c:a4:3a:ac:3a:86:93:bf:95:29:82:5f:96:06:
                    63:ac:3b:53:18:8a:e4:f9:4e:4c:d3:b7:dd:bc:d7:
                    ba:9b:f1:d3:45:8c:dd:8f:41:82:e7:8b:0c:93:20:
                    9e:22:22:19:84:a6:43:2f:7b:9b:1f:5a:17:f8:61:
                    c0:28:6f:0d:d6:ec:f1:9a:79:57:88:9f:b4:43:b6:
                    b7:b3:09:53:90:18:4b:48:28:01:02:a9:6c:f1:17:
                    7a:60:6c:1e:06:1a:ff:06:35:dd:21:0a:6b:08:ec:
                    36:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:EE:BE:80:A6:FC:D0:C8:2E:15:63:03:8C:72:12:C4:32:14:8C:E6
            X509v3 Authority Key Identifier:
                keyid:36:0A:9D:26:DB:B3:EA:5D:FA:AE:83:B6:19:08:AD:D8:FC:6D:D3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgqdJtuz6l36roO2GQit2Pxt028.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/8O6-gKb80MguFWMDjHISxDIUjOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/27e29e-c894-4d39-ac23-12e96ba235d8/1/NgqdJtuz6l36roO2GQit2Pxt028.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:d1:fe:e7:d3:21:ca:5e:4e:3c:95:63:f8:e2:95:67:be:5b:
         b5:99:fa:e7:47:1c:ea:66:1b:bf:52:e9:9a:50:4b:82:56:8d:
         ed:88:dc:e6:f4:cb:00:c4:0c:d9:2a:fd:6c:e8:be:49:18:83:
         53:11:c1:b7:a5:e5:d3:b4:8d:9f:50:bc:6c:46:c1:5e:aa:5b:
         7b:3f:5a:9f:e5:47:d2:4b:96:19:b5:a5:30:77:ec:6a:b4:c8:
         3f:b6:5a:89:5c:20:57:e1:de:51:ad:b1:54:ac:3c:5d:e4:46:
         f6:dd:6b:94:d2:13:80:77:37:5d:6c:32:86:63:f1:87:07:c6:
         d0:82:a4:c1:bf:39:b4:28:11:c1:5b:b6:03:2f:ca:f5:47:66:
         7c:cb:7d:13:44:bc:c8:53:ba:a3:20:7f:9d:b5:1c:69:70:7c:
         85:93:6b:93:98:a3:13:a7:38:eb:ba:85:ce:71:26:81:13:fe:
         b6:76:95:58:c6:69:3f:09:07:cd:cb:4a:c1:d0:40:c0:75:b0:
         a9:cd:8f:1d:c4:23:e5:51:f0:2e:30:47:d5:89:99:0e:5c:80:
         fb:08:38:7f:17:27:78:0b:bc:65:9a:0d:e4:27:a3:7b:e4:17:
         9a:4d:cd:ef:fd:aa:e8:59:3f:c7:93:cd:32:fe:c9:78:1d:f1:
         52:30:96:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8X2SNJaDJBOdYagsXqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MGE5ZDI2ZGJiM2VhNWRmYWFlODNiNjE5MDhhZGQ4ZmM2
ZGQzNmYwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGVlYmU4MGE2ZmNkMGM4MmUxNTYzMDM4YzcyMTJjNDMyMTQ4Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m7oLQfCR3vcDFPd7ev0jPS9Y8Fv
mrxmid327HKr7H4kGbdyn/cIgpxoo8SqaoZ2q/nlwb/VG2CFHwAf/bhLDUEYlKnZ
1iV1//CK3+9GamdgnwmU4ZNPBhBGJwUmDaXnckZS+miEQckAirolYUstrn8TCuLF
d5bScmX4UuFzs8id1ptX3aCPeTZ3XzY8l+AIot7L/rTzfKQ6rDqGk7+VKYJflgZj
rDtTGIrk+U5M07fdvNe6m/HTRYzdj0GC54sMkyCeIiIZhKZDL3ubH1oX+GHAKG8N
1uzxmnlXiJ+0Q7a3swlTkBhLSCgBAqls8Rd6YGweBhr/BjXdIQprCOw2NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDuvoCm/NDILhVjA4xyEsQyFIzmMB8GA1UdIwQY
MBaAFDYKnSbbs+pd+q6DthkIrdj8bdNvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdxZEp0dXo2bDM2cm9PMkdRaXQyUHh0MDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yN2UyOWUtYzg5NC00ZDM5LWFjMjMt
MTJlOTZiYTIzNWQ4LzEvOE82LWdLYjgwTWd1RldNRGpISVN4RElVak9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yN2UyOWUtYzg5NC00ZDM5LWFjMjMtMTJlOTZiYTIzNWQ4
LzEvTmdxZEp0dXo2bDM2cm9PMkdRaXQyUHh0MDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWiBMA0G
CSqGSIb3DQEBCwUAA4IBAQBz0f7n0yHKXk48lWP44pVnvlu1mfrnRxzqZhu/Uuma
UEuCVo3tiNzm9MsAxAzZKv1s6L5JGINTEcG3peXTtI2fULxsRsFeqlt7P1qf5UfS
S5YZtaUwd+xqtMg/tlqJXCBX4d5RrbFUrDxd5Eb23WuU0hOAdzddbDKGY/GHB8bQ
gqTBvzm0KBHBW7YDL8r1R2Z8y30TRLzIU7qjIH+dtRxpcHyFk2uTmKMTpzjruoXO
cSaBE/62dpVYxmk/CQfNy0rB0EDAdbCpzY8dxCPlUfAuMEfViZkOXID7CDh/Fyd4
C7xlmg3kJ6N75BeaTc3v/aroWT/Hk80y/sl4HfFSMJZI
-----END CERTIFICATE-----