Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/F89bS7qNe1rnaq_S9GGqTSzrLTM.roa
File:                     F89bS7qNe1rnaq_S9GGqTSzrLTM.roa (raw, json)
Hash identifier:          l3wobnBJMDC08NMZEcgpSqpNWZr9JHGOo3k9DjoFPHM=
Subject key identifier:   17:CF:5B:4B:BA:8D:7B:5A:E7:6A:AF:D2:F4:61:AA:4D:2C:EB:2D:33
Certificate issuer:       /CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
Certificate serial:       01973B23979F04F200FDF5E923FCDAF1716D
Authority key identifier: 95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/F89bS7qNe1rnaq_S9GGqTSzrLTM.roa
Signing time:             Wed 04 Jun 2025 13:31:17 +0000
ROA not before:           Wed 04 Jun 2025 13:31:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47376
IP address blocks:        185.187.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:23:97:9f:04:f2:00:fd:f5:e9:23:fc:da:f1:71:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
        Validity
            Not Before: Jun  4 13:31:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17cf5b4bba8d7b5ae76aafd2f461aa4d2ceb2d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:a6:d9:b4:93:97:8c:d7:28:5e:72:0e:61:
                    73:34:fb:4b:d3:97:d3:b3:ef:30:92:fe:71:eb:6d:
                    dc:cc:a7:e4:4e:58:9d:48:aa:51:88:6d:3d:07:49:
                    0b:d5:d7:78:35:a0:fe:3b:8a:d9:f4:29:fe:0e:63:
                    f4:db:0d:9a:26:a6:5a:39:16:1a:e8:e0:ba:92:81:
                    09:a4:7a:cb:5e:f9:af:cf:4d:e5:16:e2:3e:52:9c:
                    01:51:e3:4f:90:ea:2e:15:cd:55:82:06:34:96:9d:
                    d1:70:59:02:6c:ae:34:c7:d4:bd:2c:64:b1:d7:4e:
                    c4:9b:0c:a1:01:5b:6b:b2:6f:d5:69:03:ad:34:f3:
                    d3:6b:90:83:77:12:c6:0c:ad:fe:0b:5f:c8:68:dc:
                    93:d5:6b:6e:b6:3a:ec:d6:97:9e:de:87:5f:20:9b:
                    dc:43:ed:78:c8:10:69:61:21:17:1a:44:f7:5c:d2:
                    04:a7:f5:7a:f4:46:1b:f3:fe:6b:23:c8:66:af:13:
                    b9:d5:16:18:96:b3:38:bd:25:90:b1:f8:9b:55:bf:
                    08:b6:f3:19:80:7f:9f:84:c6:25:97:c5:69:8c:ed:
                    38:75:5d:cb:59:d3:9c:48:7e:37:8e:00:87:4d:2f:
                    5a:f0:1d:4f:57:ec:cc:b5:3e:c5:0e:69:03:38:35:
                    74:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:CF:5B:4B:BA:8D:7B:5A:E7:6A:AF:D2:F4:61:AA:4D:2C:EB:2D:33
            X509v3 Authority Key Identifier:
                keyid:95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/F89bS7qNe1rnaq_S9GGqTSzrLTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:7e:be:03:8d:89:f2:07:81:16:59:20:e8:cf:7e:68:48:3c:
         14:b0:77:60:ca:c3:7c:be:92:95:4d:1c:23:04:b9:88:35:50:
         4e:ce:b6:49:f4:e9:4c:87:97:99:76:6b:25:40:d3:b6:61:4a:
         88:97:58:0f:b1:85:ad:83:a1:42:56:5d:88:ae:c5:bf:75:4b:
         d4:9e:85:7e:d9:dd:c9:54:43:ab:30:e1:d4:12:56:38:2a:e6:
         0d:e0:cb:b0:61:59:8e:e4:1b:aa:eb:57:27:48:84:86:18:c4:
         05:79:9b:8e:cb:49:23:2f:1b:7e:70:4c:55:3a:d6:3d:69:27:
         73:18:4b:18:20:14:36:2c:53:b4:b0:ac:0e:25:72:7d:8a:a9:
         46:5b:24:99:1f:c9:c7:0e:5d:95:c7:8e:ab:3a:31:15:cd:57:
         d4:d4:7b:f6:b3:33:87:19:59:89:94:1e:9e:c2:db:3c:ae:7c:
         d4:bf:5f:72:75:4d:d9:72:e6:82:3b:47:89:40:d5:e6:a7:05:
         be:ff:b3:de:1d:b0:d4:b5:62:05:19:4c:c1:52:b1:3e:f5:bb:
         69:b7:89:c2:b1:03:f9:fd:c7:f8:f4:de:00:5b:7a:9b:d8:e9:
         3f:83:9e:bd:e7:ea:60:7b:60:fb:8f:48:cd:87:f0:c2:b1:ec:
         b3:f0:7d:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7I5efBPIA/fXpI/za8XFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODhkOGI0YzdhYTQ1YTliMmNkNzM3YzYxNDg3MWViNzE4
MWJhYmUwHhcNMjUwNjA0MTMzMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2NmNWI0YmJhOGQ3YjVhZTc2YWFmZDJmNDYxYWE0ZDJjZWIyZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4Cm2bSTl4zXKF5yDmFzNPtL05fT
s+8wkv5x623czKfkTlidSKpRiG09B0kL1dd4NaD+O4rZ9Cn+DmP02w2aJqZaORYa
6OC6koEJpHrLXvmvz03lFuI+UpwBUeNPkOouFc1VggY0lp3RcFkCbK40x9S9LGSx
107EmwyhAVtrsm/VaQOtNPPTa5CDdxLGDK3+C1/IaNyT1Wtutjrs1pee3odfIJvc
Q+14yBBpYSEXGkT3XNIEp/V69EYb8/5rI8hmrxO51RYYlrM4vSWQsfibVb8ItvMZ
gH+fhMYll8VpjO04dV3LWdOcSH43jgCHTS9a8B1PV+zMtT7FDmkDODV0ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfPW0u6jXta52qv0vRhqk0s6y0zMB8GA1UdIwQY
MBaAFJWI2LTHqkWpss1zfGFIcetxgbq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYt
YTQ4OGJkNDIwMjRmLzEvRjg5YlM3cU5lMXJuYXFfUzlHR3FUU3pyTFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYtYTQ4OGJkNDIwMjRm
LzEvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubszMA0G
CSqGSIb3DQEBCwUAA4IBAQAQfr4DjYnyB4EWWSDoz35oSDwUsHdgysN8vpKVTRwj
BLmINVBOzrZJ9OlMh5eZdmslQNO2YUqIl1gPsYWtg6FCVl2IrsW/dUvUnoV+2d3J
VEOrMOHUElY4KuYN4MuwYVmO5Buq61cnSISGGMQFeZuOy0kjLxt+cExVOtY9aSdz
GEsYIBQ2LFO0sKwOJXJ9iqlGWySZH8nHDl2Vx46rOjEVzVfU1Hv2szOHGVmJlB6e
wts8rnzUv19ydU3ZcuaCO0eJQNXmpwW+/7PeHbDUtWIFGUzBUrE+9btpt4nCsQP5
/cf49N4AW3qb2Ok/g5695+pge2D7j0jNh/DCseyz8H1U
-----END CERTIFICATE-----