Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xP_OgtuvPLIy6f3OgcMLRqYdB6o.roa
File:                     xP_OgtuvPLIy6f3OgcMLRqYdB6o.roa (raw, json)
Hash identifier:          /xteHtlPoU7Xt/uO/23RugSaavsPJ92G0OJK6/uUxx0=
Subject key identifier:   C4:FF:CE:82:DB:AF:3C:B2:32:E9:FD:CE:81:C3:0B:46:A6:1D:07:AA
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019420D62AD9A086009695131308166E90BD
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xP_OgtuvPLIy6f3OgcMLRqYdB6o.roa
Signing time:             Wed 01 Jan 2025 07:48:14 +0000
ROA not before:           Wed 01 Jan 2025 07:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        185.251.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2a:d9:a0:86:00:96:95:13:13:08:16:6e:90:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jan  1 07:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4ffce82dbaf3cb232e9fdce81c30b46a61d07aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:7d:a3:4d:2e:6c:16:79:e9:0e:b0:2b:77:32:
                    4e:9b:d0:c4:72:26:8d:0e:c0:64:d3:45:87:4a:b9:
                    bb:71:ff:4f:49:12:93:87:ab:a4:fa:81:69:e5:a2:
                    3a:dc:40:a5:2c:15:99:5c:8b:5c:30:89:c3:21:08:
                    ba:ac:87:30:c7:2d:2e:8d:de:e1:99:84:63:2c:ee:
                    78:ad:a7:b0:d3:41:57:51:e7:be:76:8b:d8:46:2f:
                    7c:2b:8f:0f:b5:4f:3e:1b:15:43:17:21:9b:73:d0:
                    6a:19:14:3d:31:a2:db:92:55:79:9f:f0:7c:5a:15:
                    f5:62:54:00:2d:5d:1c:88:4e:b7:93:3b:18:e0:70:
                    d6:de:4e:7e:0b:dc:08:00:09:b1:b5:5c:1a:08:db:
                    2f:8f:11:aa:b2:d4:03:8f:e4:c7:73:64:ad:d1:af:
                    8a:a7:b9:2a:08:b1:91:6c:ab:16:05:df:2d:7e:75:
                    bd:04:6a:84:dd:48:d7:e1:09:a0:15:79:ca:d3:1c:
                    f9:64:f9:ad:ad:ad:10:5f:ff:14:7e:67:76:3d:70:
                    53:80:d6:81:e6:03:94:a9:2f:9a:c9:ba:37:4c:39:
                    37:22:7f:a6:50:f3:bb:2c:7d:ed:3f:6d:3a:9d:d8:
                    23:0a:e4:a0:f2:d6:66:88:35:9d:52:c1:50:f5:dc:
                    ea:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FF:CE:82:DB:AF:3C:B2:32:E9:FD:CE:81:C3:0B:46:A6:1D:07:AA
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xP_OgtuvPLIy6f3OgcMLRqYdB6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:62:e0:9d:7d:8b:c9:f5:f0:da:02:45:be:92:2c:6d:a5:ca:
         7c:2d:78:ff:02:2e:66:ba:fd:05:39:6d:5f:0d:2b:ac:e8:27:
         1e:9a:b8:90:41:a4:a3:a8:f5:8c:6d:8c:85:27:b8:78:22:51:
         f0:63:e0:bc:d7:cb:da:69:2a:b0:bb:49:79:45:48:d7:37:0f:
         aa:0d:75:32:71:55:b8:99:c4:2b:e2:bc:9b:3b:8a:77:52:c8:
         71:79:60:fa:bc:6f:6c:f4:ed:e8:78:d8:bd:ad:a1:22:f5:fe:
         17:ac:23:db:9c:90:3e:d3:a3:8d:5f:bc:ed:ca:e6:52:32:e0:
         c9:43:c8:b1:0e:3e:27:d2:dd:fa:42:b0:25:07:ff:7e:bf:67:
         7f:7c:6d:4b:47:a4:59:4c:5b:9a:ab:70:32:93:2b:b7:ba:42:
         45:70:33:a3:75:74:b9:1f:ba:8d:ba:e9:42:72:6a:50:81:39:
         b5:51:b6:d4:fb:85:ef:37:5e:26:1b:ba:04:ef:1a:03:75:0b:
         71:d0:95:20:99:99:ca:fd:a7:99:87:ec:9e:13:8e:28:79:85:
         00:2c:81:0a:f2:00:a4:83:50:48:88:39:dd:3b:e4:0c:eb:2f:
         36:cb:e6:89:b6:2d:c4:ef:42:7d:00:48:00:f2:db:be:f0:6e:
         57:70:81:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1irZoIYAlpUTEwgWbpC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwMTAxMDc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGZmY2U4MmRiYWYzY2IyMzJlOWZkY2U4MWMzMGI0NmE2MWQwN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7X2jTS5sFnnpDrArdzJOm9DEciaN
DsBk00WHSrm7cf9PSRKTh6uk+oFp5aI63EClLBWZXItcMInDIQi6rIcwxy0ujd7h
mYRjLO54raew00FXUee+dovYRi98K48PtU8+GxVDFyGbc9BqGRQ9MaLbklV5n/B8
WhX1YlQALV0ciE63kzsY4HDW3k5+C9wIAAmxtVwaCNsvjxGqstQDj+THc2St0a+K
p7kqCLGRbKsWBd8tfnW9BGqE3UjX4QmgFXnK0xz5ZPmtra0QX/8Ufmd2PXBTgNaB
5gOUqS+aybo3TDk3In+mUPO7LH3tP206ndgjCuSg8tZmiDWdUsFQ9dzqhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMT/zoLbrzyyMun9zoHDC0amHQeqMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEveFBfT2d0dXZQTEl5NmYzT2djTUxScVlkQjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuftSMA0G
CSqGSIb3DQEBCwUAA4IBAQAkYuCdfYvJ9fDaAkW+kixtpcp8LXj/Ai5muv0FOW1f
DSus6CcemriQQaSjqPWMbYyFJ7h4IlHwY+C818vaaSqwu0l5RUjXNw+qDXUycVW4
mcQr4rybO4p3UshxeWD6vG9s9O3oeNi9raEi9f4XrCPbnJA+06ONX7ztyuZSMuDJ
Q8ixDj4n0t36QrAlB/9+v2d/fG1LR6RZTFuaq3Aykyu3ukJFcDOjdXS5H7qNuulC
cmpQgTm1UbbU+4XvN14mG7oE7xoDdQtx0JUgmZnK/aeZh+yeE44oeYUALIEK8gCk
g1BIiDndO+QM6y82y+aJti3E70J9AEgA8tu+8G5XcIFL
-----END CERTIFICATE-----