Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/q7CGM855b9BpTviCFpJu1k0kGBY.roa
File:                     q7CGM855b9BpTviCFpJu1k0kGBY.roa (raw, json)
Hash identifier:          zsDCTBxeHYVbQ0HBef/V/il/aqUA+TWIpeSc2KFTqAI=
Subject key identifier:   AB:B0:86:33:CE:79:6F:D0:69:4E:F8:82:16:92:6E:D6:4D:24:18:16
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC7581038404283D76A75E9CCB1628
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/q7CGM855b9BpTviCFpJu1k0kGBY.roa
Signing time:             Thu 02 Jan 2025 07:48:09 +0000
ROA not before:           Thu 02 Jan 2025 07:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53850
IP address blocks:        185.217.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:75:81:03:84:04:28:3d:76:a7:5e:9c:cb:16:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abb08633ce796fd0694ef88216926ed64d241816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c1:bb:48:22:27:99:f9:ff:54:f3:03:38:b5:
                    83:b2:45:e8:7d:da:70:fa:82:6a:97:6a:34:72:b6:
                    37:30:8e:d6:48:19:5b:83:68:06:70:05:3a:91:2b:
                    cb:a0:69:c3:dc:1f:04:a8:5f:af:35:ab:70:43:99:
                    21:c3:95:4d:0c:9b:e9:ff:cc:fd:07:7e:11:c5:00:
                    5c:d2:83:e9:aa:f2:67:7f:58:74:9b:ac:4b:2a:71:
                    27:77:f4:07:c4:c0:c3:26:ae:b3:99:be:3b:13:11:
                    7f:79:31:2d:5f:16:22:91:28:48:19:3e:48:7b:0e:
                    8c:18:32:ba:fb:bc:4d:fb:74:db:ef:7a:6f:68:2d:
                    03:56:e3:54:c8:d8:ab:72:c5:60:3e:9b:b8:88:4c:
                    c0:8e:3e:fa:80:75:0b:40:60:f6:be:33:b8:a3:52:
                    ac:53:8c:73:85:f8:da:8e:97:28:39:8b:44:94:5e:
                    0b:3b:30:15:43:5b:ac:df:69:ff:09:83:3a:bc:bf:
                    c0:d8:1d:48:82:8b:9f:b8:20:76:03:0f:d7:4f:8d:
                    e6:5d:36:0b:a9:16:dd:da:36:46:83:e9:85:57:19:
                    bd:62:79:ae:e1:d4:a5:8f:ea:83:e5:1e:7e:71:7c:
                    83:0c:a6:09:97:dc:d1:9c:52:a4:6e:24:e2:f3:61:
                    cb:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B0:86:33:CE:79:6F:D0:69:4E:F8:82:16:92:6E:D6:4D:24:18:16
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/q7CGM855b9BpTviCFpJu1k0kGBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:8a:94:e8:15:7e:77:a0:14:18:fc:d7:dc:bd:3d:e1:3c:7a:
         56:c4:46:16:78:7f:90:ef:d5:4f:d9:b9:05:23:31:e8:46:2a:
         31:ff:95:64:fb:57:38:79:de:b5:d0:61:ea:a7:b8:db:c5:f5:
         c8:e5:d3:48:f8:a6:3b:cc:67:3d:d4:f0:a3:e1:c1:a8:26:a5:
         85:71:df:e9:0a:f1:33:f9:bd:64:1c:b3:5f:e7:b2:5c:d8:26:
         b1:50:91:50:71:9e:b9:db:af:93:b4:69:65:dc:7c:b9:8a:72:
         48:b4:7b:59:51:0e:79:5d:7b:c8:1c:1d:ce:23:36:c6:85:24:
         72:34:f3:51:2a:ab:54:8b:45:45:ee:6c:5a:be:cb:d6:0b:47:
         d9:33:11:8a:df:a4:e5:7e:d4:b5:16:11:c9:74:81:fc:30:4c:
         9f:95:4d:f4:a1:a0:32:9f:50:9b:5a:c3:41:35:70:35:60:d1:
         3e:e0:ec:22:43:80:1e:38:85:1f:76:03:8f:93:9a:a5:19:c7:
         66:65:cc:9e:61:12:07:6f:32:84:99:28:cb:98:e4:ae:f3:a9:
         1a:d4:05:1a:fe:78:cc:2a:40:b2:ab:bb:ea:2b:55:b1:e8:0b:
         df:56:52:3c:17:a3:38:fe:e8:50:5b:a0:22:1c:f6:05:d6:6c:
         8c:44:db:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/HWBA4QEKD12p16cyxYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmIwODYzM2NlNzk2ZmQwNjk0ZWY4ODIxNjkyNmVkNjRkMjQxODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MG7SCInmfn/VPMDOLWDskXofdpw
+oJql2o0crY3MI7WSBlbg2gGcAU6kSvLoGnD3B8EqF+vNatwQ5khw5VNDJvp/8z9
B34RxQBc0oPpqvJnf1h0m6xLKnEnd/QHxMDDJq6zmb47ExF/eTEtXxYikShIGT5I
ew6MGDK6+7xN+3Tb73pvaC0DVuNUyNircsVgPpu4iEzAjj76gHULQGD2vjO4o1Ks
U4xzhfjajpcoOYtElF4LOzAVQ1us32n/CYM6vL/A2B1IgoufuCB2Aw/XT43mXTYL
qRbd2jZGg+mFVxm9Ynmu4dSlj+qD5R5+cXyDDKYJl9zRnFKkbiTi82HL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuwhjPOeW/QaU74ghaSbtZNJBgWMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcTdDR004NTViOUJwVHZpQ0ZwSnUxazBrR0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudlsMA0G
CSqGSIb3DQEBCwUAA4IBAQAripToFX53oBQY/NfcvT3hPHpWxEYWeH+Q79VP2bkF
IzHoRiox/5Vk+1c4ed610GHqp7jbxfXI5dNI+KY7zGc91PCj4cGoJqWFcd/pCvEz
+b1kHLNf57Jc2CaxUJFQcZ6526+TtGll3Hy5inJItHtZUQ55XXvIHB3OIzbGhSRy
NPNRKqtUi0VF7mxavsvWC0fZMxGK36TlftS1FhHJdIH8MEyflU30oaAyn1CbWsNB
NXA1YNE+4OwiQ4AeOIUfdgOPk5qlGcdmZcyeYRIHbzKEmSjLmOSu86ka1AUa/njM
KkCyq7vqK1Wx6AvfVlI8F6M4/uhQW6AiHPYF1myMRNvK
-----END CERTIFICATE-----