Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/84Pxk_QK5F5c0pwgTDFWtDT7vwU.roa
File:                     84Pxk_QK5F5c0pwgTDFWtDT7vwU.roa (raw, json)
Hash identifier:          c1siOGR8KUDdej1OO9Qc6j+ELIH1wDjJz2kkSXEbu4c=
Subject key identifier:   F3:83:F1:93:F4:0A:E4:5E:5C:D2:9C:20:4C:31:56:B4:34:FB:BF:05
Certificate issuer:       /CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
Certificate serial:       01973B2398043E2E20240DF39AFD4AC4F8CE
Authority key identifier: 95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/84Pxk_QK5F5c0pwgTDFWtDT7vwU.roa
Signing time:             Wed 04 Jun 2025 13:31:17 +0000
ROA not before:           Wed 04 Jun 2025 13:31:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206596
IP address blocks:        185.187.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 19:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:23:98:04:3e:2e:20:24:0d:f3:9a:fd:4a:c4:f8:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
        Validity
            Not Before: Jun  4 13:31:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f383f193f40ae45e5cd29c204c3156b434fbbf05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:63:2a:cb:d0:34:43:b2:1e:fb:80:62:21:94:
                    28:89:04:b3:03:59:73:70:0e:89:0e:97:ef:99:4e:
                    9f:01:16:c4:dd:aa:1f:76:0b:80:25:08:03:c8:4b:
                    97:cc:69:8d:ad:2b:26:1f:09:86:eb:03:32:45:99:
                    24:94:fe:81:9a:51:ce:e4:e5:3d:b9:95:b8:46:9c:
                    df:7c:0a:42:c6:7e:97:d8:db:b6:2d:84:cb:46:10:
                    fb:97:3e:e4:51:b3:fa:e1:41:13:39:6c:68:e0:f4:
                    60:57:83:80:a9:84:7e:7e:12:13:f2:15:82:d8:31:
                    55:ed:9f:12:14:6a:20:8f:f1:07:08:57:fc:23:f2:
                    7c:07:c0:54:2c:cd:2a:29:5c:58:de:34:88:9c:c9:
                    ef:6f:8b:71:31:16:99:92:45:fd:9f:fd:c5:d7:08:
                    9a:4c:88:06:e4:ea:c9:e7:9a:ed:e3:f6:3b:c6:13:
                    b5:d5:71:38:05:d4:2c:8e:fe:c9:94:e6:b6:79:ba:
                    64:b5:bf:0f:f1:ac:dd:b7:d8:b4:e1:7c:26:12:1b:
                    af:50:1c:ad:ff:5d:4f:d1:8b:6b:fd:e7:c3:ce:72:
                    bc:73:93:0b:41:ba:bc:59:d1:c1:40:6c:b8:b2:46:
                    d1:13:32:2a:17:a6:ef:be:8a:96:75:9a:b3:db:0e:
                    b9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:83:F1:93:F4:0A:E4:5E:5C:D2:9C:20:4C:31:56:B4:34:FB:BF:05
            X509v3 Authority Key Identifier:
                keyid:95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/84Pxk_QK5F5c0pwgTDFWtDT7vwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:6e:b6:a4:48:88:b7:a3:0d:3d:a4:61:87:62:55:36:03:7c:
         8d:76:07:13:9e:f6:3b:2a:2e:f9:a2:c3:f5:5f:42:bc:f3:1c:
         21:d6:30:20:f3:8c:d8:3b:be:17:cf:7e:45:37:7d:ad:df:59:
         65:ca:ba:57:a9:f9:2c:bc:a6:8a:fa:58:dd:86:dd:74:9f:66:
         f4:2a:85:c1:b5:65:8f:4e:96:3a:c9:07:c4:e9:e6:8c:17:75:
         20:80:10:24:8c:36:e6:62:1b:25:03:03:f9:6c:00:3a:cb:11:
         85:d1:e9:63:8e:94:c8:a5:bf:2b:14:31:2a:a6:18:8d:8e:dc:
         81:51:db:24:f7:66:cd:8a:17:cf:72:b9:ce:f2:6a:bc:5e:57:
         c5:b0:b0:30:ca:99:9d:74:be:6b:df:0e:22:7d:fa:0b:1e:53:
         f5:47:e9:e5:58:e9:8a:68:89:8c:0b:8c:11:ac:c5:d6:a1:7a:
         0b:2e:16:1d:21:4f:71:6d:bf:d6:f1:37:74:6c:d6:83:ba:05:
         d7:6f:63:79:52:e4:5b:9c:22:39:13:31:db:36:ba:0c:fd:08:
         b6:50:ef:c5:72:64:c5:78:f4:a6:51:1d:01:4e:3e:67:6f:db:
         a2:91:d5:ad:a5:2f:f4:dc:13:52:0a:ad:74:9a:c8:be:1c:44:
         cc:ca:3a:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7I5gEPi4gJA3zmv1KxPjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODhkOGI0YzdhYTQ1YTliMmNkNzM3YzYxNDg3MWViNzE4
MWJhYmUwHhcNMjUwNjA0MTMzMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzgzZjE5M2Y0MGFlNDVlNWNkMjljMjA0YzMxNTZiNDM0ZmJiZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GMqy9A0Q7Ie+4BiIZQoiQSzA1lz
cA6JDpfvmU6fARbE3aofdguAJQgDyEuXzGmNrSsmHwmG6wMyRZkklP6BmlHO5OU9
uZW4RpzffApCxn6X2Nu2LYTLRhD7lz7kUbP64UETOWxo4PRgV4OAqYR+fhIT8hWC
2DFV7Z8SFGogj/EHCFf8I/J8B8BULM0qKVxY3jSInMnvb4txMRaZkkX9n/3F1wia
TIgG5OrJ55rt4/Y7xhO11XE4BdQsjv7JlOa2ebpktb8P8azdt9i04XwmEhuvUByt
/11P0Ytr/efDznK8c5MLQbq8WdHBQGy4skbREzIqF6bvvoqWdZqz2w650wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOD8ZP0CuReXNKcIEwxVrQ0+78FMB8GA1UdIwQY
MBaAFJWI2LTHqkWpss1zfGFIcetxgbq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYt
YTQ4OGJkNDIwMjRmLzEvODRQeGtfUUs1RjVjMHB3Z1RERld0RFQ3dndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYtYTQ4OGJkNDIwMjRm
LzEvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubsyMA0G
CSqGSIb3DQEBCwUAA4IBAQDebrakSIi3ow09pGGHYlU2A3yNdgcTnvY7Ki75osP1
X0K88xwh1jAg84zYO74Xz35FN32t31llyrpXqfksvKaK+ljdht10n2b0KoXBtWWP
TpY6yQfE6eaMF3UggBAkjDbmYhslAwP5bAA6yxGF0eljjpTIpb8rFDEqphiNjtyB
Udsk92bNihfPcrnO8mq8XlfFsLAwypmddL5r3w4iffoLHlP1R+nlWOmKaImMC4wR
rMXWoXoLLhYdIU9xbb/W8Td0bNaDugXXb2N5UuRbnCI5EzHbNroM/Qi2UO/FcmTF
ePSmUR0BTj5nb9uikdWtpS/03BNSCq10msi+HETMyjoF
-----END CERTIFICATE-----