Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/8o1O-t_WKzJXOkGFsMQUN6blBp0.roa
File:                     8o1O-t_WKzJXOkGFsMQUN6blBp0.roa (raw, json)
Hash identifier:          KBCGb1hk/sBmmTgro2o9IaPB/nx00oBvONm6CxD0Y2w=
Subject key identifier:   F2:8D:4E:FA:DF:D6:2B:32:57:3A:41:85:B0:C4:14:37:A6:E5:06:9D
Certificate issuer:       /CN=0e36aad7335f34e4cd829423beb089c4e0a4e874
Certificate serial:       01941F8C0AF9750832207EEA6BF327DA5B2F
Authority key identifier: 0E:36:AA:D7:33:5F:34:E4:CD:82:94:23:BE:B0:89:C4:E0:A4:E8:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/8o1O-t_WKzJXOkGFsMQUN6blBp0.roa
Signing time:             Wed 01 Jan 2025 01:47:39 +0000
ROA not before:           Wed 01 Jan 2025 01:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60446
IP address blocks:        185.124.84.0/24 maxlen: 24
                          185.124.85.0/24 maxlen: 24
                          185.124.86.0/24 maxlen: 24
                          185.124.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0a:f9:75:08:32:20:7e:ea:6b:f3:27:da:5b:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e36aad7335f34e4cd829423beb089c4e0a4e874
        Validity
            Not Before: Jan  1 01:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f28d4efadfd62b32573a4185b0c41437a6e5069d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f1:2e:a2:22:86:3c:cf:4e:58:28:a6:ad:27:
                    57:82:e2:0c:47:80:b0:7f:f3:26:8b:7e:79:95:1f:
                    52:a7:50:4c:fa:5e:60:96:6d:8e:9e:23:4d:d1:86:
                    a7:dc:75:23:14:13:c9:0b:88:67:49:83:85:40:87:
                    0f:b6:17:2d:40:89:bc:b5:64:8e:03:58:3a:7c:38:
                    24:79:18:7c:34:bc:17:76:a3:bb:99:6c:f3:c0:91:
                    bc:0a:cd:61:4e:88:4c:79:37:6a:b1:79:a5:92:82:
                    32:31:06:c8:c1:42:c0:69:f3:ea:88:57:59:dc:6a:
                    68:25:78:10:74:1b:86:85:92:86:99:d5:85:1a:3f:
                    93:cd:c0:dd:56:a2:27:9f:d8:c0:67:9a:94:92:32:
                    0b:62:34:90:1c:4e:67:cd:d3:40:4b:4d:8e:61:22:
                    11:ef:6b:1a:57:fe:b0:6d:05:01:1c:1f:ed:49:f7:
                    ec:7c:cb:2e:4f:79:15:88:1d:54:47:10:b1:80:53:
                    62:24:e8:45:a8:d3:4c:d7:8f:55:92:60:27:29:1f:
                    12:e6:8e:c1:52:94:55:0e:d2:63:bb:24:e0:e7:3a:
                    8d:06:76:fd:11:cd:ea:f1:b0:49:5c:c8:09:0f:09:
                    fd:a0:08:2c:d8:82:40:5d:cd:07:80:f2:58:18:cc:
                    42:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:8D:4E:FA:DF:D6:2B:32:57:3A:41:85:B0:C4:14:37:A6:E5:06:9D
            X509v3 Authority Key Identifier:
                keyid:0E:36:AA:D7:33:5F:34:E4:CD:82:94:23:BE:B0:89:C4:E0:A4:E8:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/8o1O-t_WKzJXOkGFsMQUN6blBp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:2d:ed:fc:2c:2e:90:31:af:93:b9:e6:6e:3b:9c:ef:36:82:
         26:ab:10:b2:3f:9a:6f:8a:94:d3:5b:5a:b5:60:4c:a9:dd:33:
         22:bc:9a:c3:4a:29:22:ff:52:56:38:bb:1a:1e:eb:20:38:03:
         9d:67:db:f6:d2:6b:f8:11:ee:96:3d:35:ac:68:0d:15:c6:ab:
         fa:fd:8d:05:ea:7b:e8:6e:bf:a0:a4:0d:c1:1a:8e:a6:9c:7a:
         2a:ed:0a:67:e1:4f:b9:33:b3:33:55:8a:eb:b5:e5:ae:b0:61:
         33:8e:59:d8:5f:03:14:87:2b:cd:88:44:0c:cf:cd:9a:56:c3:
         eb:6f:8e:f9:43:bc:b0:7a:3d:48:9b:ec:d4:bb:ec:fe:f6:70:
         03:d0:9a:09:e1:ce:fb:20:98:5c:7d:cf:5e:f8:89:47:ae:22:
         71:b8:c9:b4:e9:14:51:a2:7b:94:12:af:8c:5f:9d:6c:6e:f4:
         01:e5:4a:88:ce:2d:4d:f4:9e:1d:11:ed:41:94:46:83:8b:e3:
         11:84:38:fc:b1:18:7a:37:0c:79:84:21:aa:37:c9:41:bc:15:
         cc:94:aa:77:5a:d8:48:47:18:9b:74:bd:35:5b:6e:9f:ac:ae:
         70:eb:81:07:74:89:06:f2:69:58:cb:ce:27:61:12:f2:48:3e:
         8f:a4:d4:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAr5dQgyIH7qa/Mn2lsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMzZhYWQ3MzM1ZjM0ZTRjZDgyOTQyM2JlYjA4OWM0ZTBh
NGU4NzQwHhcNMjUwMTAxMDE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjhkNGVmYWRmZDYyYjMyNTczYTQxODViMGM0MTQzN2E2ZTUwNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfEuoiKGPM9OWCimrSdXguIMR4Cw
f/Mmi355lR9Sp1BM+l5glm2OniNN0Yan3HUjFBPJC4hnSYOFQIcPthctQIm8tWSO
A1g6fDgkeRh8NLwXdqO7mWzzwJG8Cs1hTohMeTdqsXmlkoIyMQbIwULAafPqiFdZ
3GpoJXgQdBuGhZKGmdWFGj+TzcDdVqInn9jAZ5qUkjILYjSQHE5nzdNAS02OYSIR
72saV/6wbQUBHB/tSffsfMsuT3kViB1URxCxgFNiJOhFqNNM149VkmAnKR8S5o7B
UpRVDtJjuyTg5zqNBnb9Ec3q8bBJXMgJDwn9oAgs2IJAXc0HgPJYGMxCbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKNTvrf1isyVzpBhbDEFDem5QadMB8GA1UdIwQY
MBaAFA42qtczXzTkzYKUI76wicTgpOh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGphcTF6TmZOT1ROZ3BRanZyQ0p4T0NrNkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC85YmE1MDQtMDJhZi00OTcyLWIwYjkt
ODIyZGU5MzA4ZTAxLzEvOG8xTy10X1dLekpYT2tHRnNNUVVONmJsQnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC85YmE1MDQtMDJhZi00OTcyLWIwYjktODIyZGU5MzA4ZTAx
LzEvRGphcTF6TmZOT1ROZ3BRanZyQ0p4T0NrNkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXxUMA0G
CSqGSIb3DQEBCwUAA4IBAQAELe38LC6QMa+TueZuO5zvNoImqxCyP5pvipTTW1q1
YEyp3TMivJrDSiki/1JWOLsaHusgOAOdZ9v20mv4Ee6WPTWsaA0Vxqv6/Y0F6nvo
br+gpA3BGo6mnHoq7Qpn4U+5M7MzVYrrteWusGEzjlnYXwMUhyvNiEQMz82aVsPr
b475Q7ywej1Im+zUu+z+9nAD0JoJ4c77IJhcfc9e+IlHriJxuMm06RRRonuUEq+M
X51sbvQB5UqIzi1N9J4dEe1BlEaDi+MRhDj8sRh6Nwx5hCGqN8lBvBXMlKp3WthI
RxibdL01W26frK5w64EHdIkG8mlYy84nYRLySD6PpNRH
-----END CERTIFICATE-----