Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/8FajeVqA6rp1U8VNJu9yQBP6r54.roa
File:                     8FajeVqA6rp1U8VNJu9yQBP6r54.roa (raw, json)
Hash identifier:          UxuQ4k50fW+4+o9lGY7FVNHYu3QDBc/d+VkzXgLQ8PU=
Subject key identifier:   F0:56:A3:79:5A:80:EA:BA:75:53:C5:4D:26:EF:72:40:13:FA:AF:9E
Certificate issuer:       /CN=72c6460b4fb1ef46bc7457ff0cf463bdc4e03fa9
Certificate serial:       019427B4167AD1873FDF68AF68C26BF4F366
Authority key identifier: 72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/8FajeVqA6rp1U8VNJu9yQBP6r54.roa
Signing time:             Thu 02 Jan 2025 15:48:21 +0000
ROA not before:           Thu 02 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199160
IP address blocks:        185.81.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:16:7a:d1:87:3f:df:68:af:68:c2:6b:f4:f3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c6460b4fb1ef46bc7457ff0cf463bdc4e03fa9
        Validity
            Not Before: Jan  2 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f056a3795a80eaba7553c54d26ef724013faaf9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2e:ca:3a:67:a5:d2:31:83:ff:cb:4f:31:3a:
                    a2:a0:8f:fe:8a:22:34:c0:c1:d3:e8:d8:20:c0:8b:
                    df:e0:10:6a:8f:2d:de:94:71:15:ee:88:5c:c5:3a:
                    c6:58:26:26:1d:aa:7f:0d:de:2d:8b:5e:b1:cc:16:
                    a5:e0:0b:64:e5:de:8c:0c:7e:91:e9:1a:56:a2:d8:
                    00:df:80:ee:55:b0:46:0c:64:55:fb:b4:84:10:b6:
                    41:e9:27:3b:82:64:62:9e:b9:9c:ad:0e:79:e0:dd:
                    68:12:19:88:1a:36:cd:f1:70:c6:b7:c5:01:85:c8:
                    25:59:95:d3:6b:59:0d:23:ee:5b:16:a1:84:ff:10:
                    da:b9:d5:eb:dd:7e:cb:bf:c0:eb:eb:29:cd:57:e1:
                    db:d7:b7:b7:8e:19:09:6a:88:d5:dd:7f:b9:99:09:
                    97:da:61:e6:56:8f:8b:cb:c2:c3:eb:e7:66:88:ea:
                    d6:37:ab:6e:d3:00:1c:e1:fa:0e:d0:47:c7:ce:40:
                    49:5c:31:ae:b3:a5:95:ae:72:13:41:3d:ec:d7:0d:
                    0c:fb:4c:4f:7d:df:e1:be:cf:8f:65:7c:71:fc:23:
                    11:76:2c:9e:5a:3d:a9:c7:d6:9f:c4:49:02:b8:62:
                    a4:f4:87:8b:a7:69:77:4e:68:20:86:23:6e:ee:45:
                    9b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:56:A3:79:5A:80:EA:BA:75:53:C5:4D:26:EF:72:40:13:FA:AF:9E
            X509v3 Authority Key Identifier:
                keyid:72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/8FajeVqA6rp1U8VNJu9yQBP6r54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:b9:a2:3b:86:67:2c:d2:56:e9:e8:ff:88:85:a4:e8:ce:bb:
         c5:13:15:f7:bc:97:8e:e6:64:06:e2:db:7e:52:f2:09:fe:99:
         2a:33:c0:de:d6:a4:d9:dd:69:e5:94:a5:0e:5e:76:14:b7:19:
         90:09:12:97:99:2b:ef:8a:e6:ab:22:da:bd:9c:4f:06:7f:89:
         d8:6f:45:af:e4:c1:b7:5d:4f:aa:cc:04:42:d4:9d:14:6f:f0:
         e6:89:4e:2a:5b:f2:48:ca:79:2a:8f:f5:90:14:b0:32:63:05:
         ab:20:4f:1f:67:36:4d:1c:69:54:77:93:db:3a:d5:31:1a:7d:
         a5:09:06:b8:b6:53:ed:a4:ab:41:a7:55:41:57:15:b1:9e:42:
         ea:51:aa:fa:e8:15:e3:9a:37:47:2d:14:e1:ef:3f:66:37:83:
         65:60:47:06:c7:46:f5:2a:99:4a:02:55:8b:ca:75:31:42:71:
         e2:ac:53:22:6a:9b:43:6c:ba:84:7a:45:08:57:59:d6:f5:40:
         82:a8:ea:7e:48:c3:f8:35:dd:c3:ba:ec:b3:08:be:a8:92:b5:
         74:b9:d7:d4:b2:66:1b:da:7c:28:84:9e:2b:4f:e2:9c:08:7e:
         81:5c:e3:88:a0:75:a6:b5:cb:b1:0f:b9:79:a1:0d:1f:1d:1d:
         42:da:3c:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntBZ60Yc/32ivaMJr9PNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzY0NjBiNGZiMWVmNDZiYzc0NTdmZjBjZjQ2M2JkYzRl
MDNmYTkwHhcNMjUwMTAyMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDU2YTM3OTVhODBlYWJhNzU1M2M1NGQyNmVmNzI0MDEzZmFhZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8i7KOmel0jGD/8tPMTqioI/+iiI0
wMHT6NggwIvf4BBqjy3elHEV7ohcxTrGWCYmHap/Dd4ti16xzBal4Atk5d6MDH6R
6RpWotgA34DuVbBGDGRV+7SEELZB6Sc7gmRinrmcrQ554N1oEhmIGjbN8XDGt8UB
hcglWZXTa1kNI+5bFqGE/xDaudXr3X7Lv8Dr6ynNV+Hb17e3jhkJaojV3X+5mQmX
2mHmVo+Ly8LD6+dmiOrWN6tu0wAc4foO0EfHzkBJXDGus6WVrnITQT3s1w0M+0xP
fd/hvs+PZXxx/CMRdiyeWj2px9afxEkCuGKk9IeLp2l3TmgghiNu7kWbfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBWo3lagOq6dVPFTSbvckAT+q+eMB8GA1UdIwQY
MBaAFHLGRgtPse9GvHRX/wz0Y73E4D+pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NaR0MwLXg3MGE4ZEZmX0RQUmp2Y1RnUDZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hNWNlN2UtN2QxZC00OGVmLThmMzYt
MGI3NDBhMzZhOGVlLzEvOEZhamVWcUE2cnAxVThWTkp1OXlRQlA2cjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hNWNlN2UtN2QxZC00OGVmLThmMzYtMGI3NDBhMzZhOGVl
LzEvY3NaR0MwLXg3MGE4ZEZmX0RQUmp2Y1RnUDZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVF4MA0G
CSqGSIb3DQEBCwUAA4IBAQBSuaI7hmcs0lbp6P+IhaTozrvFExX3vJeO5mQG4tt+
UvIJ/pkqM8De1qTZ3WnllKUOXnYUtxmQCRKXmSvviuarItq9nE8Gf4nYb0Wv5MG3
XU+qzARC1J0Ub/DmiU4qW/JIynkqj/WQFLAyYwWrIE8fZzZNHGlUd5PbOtUxGn2l
CQa4tlPtpKtBp1VBVxWxnkLqUar66BXjmjdHLRTh7z9mN4NlYEcGx0b1KplKAlWL
ynUxQnHirFMiaptDbLqEekUIV1nW9UCCqOp+SMP4Nd3DuuyzCL6okrV0udfUsmYb
2nwohJ4rT+KcCH6BXOOIoHWmtcuxD7l5oQ0fHR1C2jwn
-----END CERTIFICATE-----