Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/H-eIyUNZ0W3PQRk326R5srYUXMQ.roa
File:                     H-eIyUNZ0W3PQRk326R5srYUXMQ.roa (raw, json)
Hash identifier:          sIobqQC6E12Xk9efcNzqh0/xjMLIgWaEqWZ87SibDYw=
Subject key identifier:   1F:E7:88:C9:43:59:D1:6D:CF:41:19:37:DB:A4:79:B2:B6:14:5C:C4
Certificate issuer:       /CN=f296fa79967e1aea042602f93242880a9543938b
Certificate serial:       01941FFAB7E5A59F60A8D3013347F7080C92
Authority key identifier: F2:96:FA:79:96:7E:1A:EA:04:26:02:F9:32:42:88:0A:95:43:93:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8pb6eZZ-GuoEJgL5MkKICpVDk4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/H-eIyUNZ0W3PQRk326R5srYUXMQ.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        85.209.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/8pb6eZZ-GuoEJgL5MkKICpVDk4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/8pb6eZZ-GuoEJgL5MkKICpVDk4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8pb6eZZ-GuoEJgL5MkKICpVDk4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b7:e5:a5:9f:60:a8:d3:01:33:47:f7:08:0c:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f296fa79967e1aea042602f93242880a9543938b
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fe788c94359d16dcf411937dba479b2b6145cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2c:04:d5:0e:21:a3:ff:16:7e:58:32:52:b5:
                    bf:0c:9c:8f:5d:ec:c4:13:31:a2:aa:df:31:38:29:
                    fe:ef:ef:81:8f:8a:54:2d:52:04:7b:59:fa:5c:9f:
                    9b:3a:32:1d:98:ff:e7:ce:55:1c:4a:8c:4b:68:b1:
                    1d:55:97:1f:9b:bd:6e:ee:f9:82:c3:01:d6:25:fe:
                    d5:5a:06:6f:56:37:45:48:6d:f8:32:9e:d5:6b:3c:
                    ed:f2:54:63:ce:2d:58:0d:ed:58:0a:24:56:67:0e:
                    11:7a:82:86:a3:c0:f3:6f:01:b7:b3:fd:90:4d:22:
                    24:3b:ae:57:2a:1b:a0:f0:b7:ce:60:98:92:49:df:
                    f5:19:94:79:0e:bf:a7:04:0b:60:ce:e9:0e:26:f8:
                    ca:17:e9:16:ec:44:75:25:77:3e:22:f7:52:ae:60:
                    96:0b:91:10:a4:df:45:97:9d:f4:d3:8f:08:e8:02:
                    4f:b6:cb:e9:03:73:19:22:8d:da:c1:0f:49:d2:31:
                    04:17:fb:d6:6a:19:ec:a4:e8:37:d1:e9:1a:52:81:
                    ed:4d:dd:14:72:3a:94:da:b8:a7:69:d8:5b:af:bc:
                    c3:6c:e0:56:f2:22:4b:bf:ce:91:2b:f6:28:62:64:
                    9d:7e:e0:30:d8:c4:5a:98:34:c8:60:84:78:c2:80:
                    bc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E7:88:C9:43:59:D1:6D:CF:41:19:37:DB:A4:79:B2:B6:14:5C:C4
            X509v3 Authority Key Identifier:
                keyid:F2:96:FA:79:96:7E:1A:EA:04:26:02:F9:32:42:88:0A:95:43:93:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8pb6eZZ-GuoEJgL5MkKICpVDk4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/H-eIyUNZ0W3PQRk326R5srYUXMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/6d2a28-bc83-42d5-8556-9409d91090fa/1/8pb6eZZ-GuoEJgL5MkKICpVDk4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6d:4a:d2:cf:34:d5:0d:fe:45:57:4d:b8:42:c1:06:44:c7:
         cb:76:cd:31:c9:7e:85:07:15:d3:a8:82:50:f8:9a:52:1b:c4:
         9a:c5:a1:f1:7d:da:0e:36:53:27:6e:52:1a:e0:5c:65:90:5b:
         f5:67:61:5a:76:5b:13:ee:7f:94:d2:12:34:f3:d5:8e:c8:fb:
         47:fd:20:89:59:11:2b:17:2f:b2:fa:e4:71:e7:f1:a4:46:ff:
         e0:5d:ac:d4:ee:56:02:0a:3a:a2:28:fe:f4:4f:60:81:db:d7:
         86:57:7b:3f:24:96:06:76:62:43:a3:d4:57:f7:e3:ee:02:59:
         ae:09:a0:37:0b:53:ad:85:59:53:6a:2c:c1:f0:23:71:ae:f1:
         14:ce:54:ff:64:3a:16:4b:d0:fb:fc:e5:64:77:f0:e1:1e:5a:
         46:89:c8:e4:94:0e:45:4c:23:a8:38:57:ff:99:47:2c:00:2d:
         bb:8b:5c:03:72:a0:d1:7d:75:fb:d9:dc:96:fd:8b:04:6b:50:
         b9:92:86:e8:76:fb:51:b7:45:35:bb:82:dc:67:f1:ed:4d:23:
         ee:6e:ac:19:f2:72:42:f5:be:31:51:53:a9:d3:27:16:fd:97:
         c1:64:5b:1c:39:07:d5:4c:9e:d6:56:fa:75:9a:72:8b:2f:ff:
         3b:e2:85:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rflpZ9gqNMBM0f3CAySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOTZmYTc5OTY3ZTFhZWEwNDI2MDJmOTMyNDI4ODBhOTU0
MzkzOGIwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU3ODhjOTQzNTlkMTZkY2Y0MTE5MzdkYmE0NzliMmI2MTQ1Y2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7CwE1Q4ho/8WflgyUrW/DJyPXezE
EzGiqt8xOCn+7++Bj4pULVIEe1n6XJ+bOjIdmP/nzlUcSoxLaLEdVZcfm71u7vmC
wwHWJf7VWgZvVjdFSG34Mp7Vazzt8lRjzi1YDe1YCiRWZw4ReoKGo8DzbwG3s/2Q
TSIkO65XKhug8LfOYJiSSd/1GZR5Dr+nBAtgzukOJvjKF+kW7ER1JXc+IvdSrmCW
C5EQpN9Fl530048I6AJPtsvpA3MZIo3awQ9J0jEEF/vWahnspOg30ekaUoHtTd0U
cjqU2rinadhbr7zDbOBW8iJLv86RK/YoYmSdfuAw2MRamDTIYIR4woC88QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/niMlDWdFtz0EZN9ukebK2FFzEMB8GA1UdIwQY
MBaAFPKW+nmWfhrqBCYC+TJCiAqVQ5OLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHBiNmVaWi1HdW9FSmdMNU1rS0lDcFZEazRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi82ZDJhMjgtYmM4My00MmQ1LTg1NTYt
OTQwOWQ5MTA5MGZhLzEvSC1lSXlVTlowVzNQUVJrMzI2UjVzcllVWE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi82ZDJhMjgtYmM4My00MmQ1LTg1NTYtOTQwOWQ5MTA5MGZh
LzEvOHBiNmVaWi1HdW9FSmdMNU1rS0lDcFZEazRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGMMA0G
CSqGSIb3DQEBCwUAA4IBAQBsbUrSzzTVDf5FV024QsEGRMfLds0xyX6FBxXTqIJQ
+JpSG8SaxaHxfdoONlMnblIa4FxlkFv1Z2FadlsT7n+U0hI089WOyPtH/SCJWREr
Fy+y+uRx5/GkRv/gXazU7lYCCjqiKP70T2CB29eGV3s/JJYGdmJDo9RX9+PuAlmu
CaA3C1OthVlTaizB8CNxrvEUzlT/ZDoWS9D7/OVkd/DhHlpGicjklA5FTCOoOFf/
mUcsAC27i1wDcqDRfXX72dyW/YsEa1C5kobodvtRt0U1u4LcZ/HtTSPubqwZ8nJC
9b4xUVOp0ycW/ZfBZFscOQfVTJ7WVvp1mnKLL/874oV5
-----END CERTIFICATE-----