Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/1SSRPhQGWDVRDl7tVf5cgz9wb9I.roa
File:                     1SSRPhQGWDVRDl7tVf5cgz9wb9I.roa (raw, json)
Hash identifier:          cAcXHNB5q2899YSFSUe/YwygvaFymSVR7Dvr6t//gOI=
Subject key identifier:   D5:24:91:3E:14:06:58:35:51:0E:5E:ED:55:FE:5C:83:3F:70:6F:D2
Certificate issuer:       /CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
Certificate serial:       0196ED0946FF2B51E90F24FBBB360AFE8956
Authority key identifier: 72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/1SSRPhQGWDVRDl7tVf5cgz9wb9I.roa
Signing time:             Tue 20 May 2025 09:32:10 +0000
ROA not before:           Tue 20 May 2025 09:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.227.234.0/24 maxlen: 24
                          185.227.235.0/24 maxlen: 24
                          194.88.156.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:09:46:ff:2b:51:e9:0f:24:fb:bb:36:0a:fe:89:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
        Validity
            Not Before: May 20 09:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d524913e14065835510e5eed55fe5c833f706fd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:03:4c:23:3f:00:9d:7e:d3:bd:01:a5:f1:d9:
                    c8:2c:0a:b5:fe:1f:cd:66:81:34:88:c9:df:eb:75:
                    aa:16:4f:22:48:01:de:0f:79:f6:5a:2a:d9:97:e9:
                    e8:a7:b8:cd:5d:2b:8a:87:62:58:6c:e3:2e:22:74:
                    29:3b:4d:3a:52:1d:6b:c8:39:de:75:96:6c:6f:f7:
                    3b:fd:47:e7:14:4d:2d:fc:a2:bc:d6:a0:7d:70:18:
                    7b:bc:b3:2f:f3:07:5a:6c:70:73:bf:74:bf:91:f8:
                    0e:35:33:e2:7f:9b:c8:70:90:56:da:75:4a:40:7a:
                    8d:f5:37:79:14:87:32:8d:64:b5:1a:50:86:95:e4:
                    64:84:86:7c:36:f4:f9:e1:0b:99:12:97:82:75:fc:
                    a4:ea:dc:03:01:9c:56:57:48:19:fa:96:73:ef:2c:
                    a4:ed:27:14:8f:35:68:f0:eb:a8:d7:5b:f3:85:bc:
                    45:eb:f9:68:a3:6e:64:d2:d1:f2:59:f5:fa:89:1d:
                    90:88:27:4d:90:19:68:76:03:44:a1:1f:bb:e2:db:
                    33:95:b0:fc:73:e6:27:6d:56:31:4d:c5:ab:51:f2:
                    c8:e0:7d:22:58:85:56:17:e1:3b:28:d1:cf:a5:62:
                    40:d4:bc:2f:5e:69:68:b5:1a:c6:41:0e:08:df:9c:
                    fc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:24:91:3E:14:06:58:35:51:0E:5E:ED:55:FE:5C:83:3F:70:6F:D2
            X509v3 Authority Key Identifier:
                keyid:72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/1SSRPhQGWDVRDl7tVf5cgz9wb9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.234.0/23
                  194.88.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:ba:a1:f6:36:5c:d7:c7:1e:ba:86:b5:d6:37:65:6f:d9:ee:
         84:30:87:a1:24:6d:ff:6e:a6:f1:40:c0:e7:b0:92:c9:25:5b:
         6f:9b:50:8e:9b:f0:36:de:43:c9:86:50:32:d7:db:bc:2d:b1:
         ae:69:07:09:01:43:b4:30:80:e1:07:76:30:61:c2:69:1b:73:
         5e:72:e9:a6:40:77:27:ac:a0:67:57:a2:b1:87:7b:06:9e:88:
         b1:f3:f8:cd:ba:f3:9c:90:91:f3:35:9c:13:20:eb:26:a6:27:
         39:38:a6:53:c8:74:53:53:73:b6:b5:54:91:7f:d6:b2:e6:64:
         37:ed:c3:a6:ab:88:61:ac:4d:83:c9:d2:65:07:23:42:71:dc:
         ea:ac:42:fc:e4:b9:b7:ac:65:45:68:20:80:8e:5c:52:fa:63:
         17:9e:e2:37:f6:35:f7:ad:96:c7:18:b8:a3:39:ce:51:f8:d8:
         2b:b6:45:ce:f4:72:92:37:06:d1:6e:da:5d:98:c7:df:08:80:
         4e:ed:37:43:3d:2e:6e:fe:58:51:f1:fa:cc:83:f3:a4:b3:d6:
         f2:67:44:c5:6b:b0:da:be:2d:8f:07:57:1b:37:40:0f:3d:31:
         0a:24:09:5d:a1:5a:c4:17:0a:10:ba:72:13:17:c7:53:fb:83:
         83:a2:38:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbtCUb/K1HpDyT7uzYK/olWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDdiYTQzZTI3MGM5OGJkYzY0MmE5ZTNjMjE4Y2E1MjRl
YjBmNTMwHhcNMjUwNTIwMDkzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI0OTEzZTE0MDY1ODM1NTEwZTVlZWQ1NWZlNWM4MzNmNzA2ZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwNMIz8AnX7TvQGl8dnILAq1/h/N
ZoE0iMnf63WqFk8iSAHeD3n2WirZl+nop7jNXSuKh2JYbOMuInQpO006Uh1ryDne
dZZsb/c7/UfnFE0t/KK81qB9cBh7vLMv8wdabHBzv3S/kfgONTPif5vIcJBW2nVK
QHqN9Td5FIcyjWS1GlCGleRkhIZ8NvT54QuZEpeCdfyk6twDAZxWV0gZ+pZz7yyk
7ScUjzVo8Ouo11vzhbxF6/loo25k0tHyWfX6iR2QiCdNkBlodgNEoR+74tszlbD8
c+YnbVYxTcWrUfLI4H0iWIVWF+E7KNHPpWJA1LwvXmlotRrGQQ4I35z8cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNUkkT4UBlg1UQ5e7VX+XIM/cG/SMB8GA1UdIwQY
MBaAFHJHukPicMmL3GQqnjwhjKUk6w9TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2Yt
Mjc5MjAzYjFkOTJjLzEvMVNTUlBoUUdXRFZSRGw3dFZmNWNnejl3YjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2YtMjc5MjAzYjFkOTJj
LzEvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuePqAwQB
wlicMA0GCSqGSIb3DQEBCwUAA4IBAQBUuqH2NlzXxx66hrXWN2Vv2e6EMIehJG3/
bqbxQMDnsJLJJVtvm1COm/A23kPJhlAy19u8LbGuaQcJAUO0MIDhB3YwYcJpG3Ne
cummQHcnrKBnV6Kxh3sGnoix8/jNuvOckJHzNZwTIOsmpic5OKZTyHRTU3O2tVSR
f9ay5mQ37cOmq4hhrE2DydJlByNCcdzqrEL85Lm3rGVFaCCAjlxS+mMXnuI39jX3
rZbHGLijOc5R+NgrtkXO9HKSNwbRbtpdmMffCIBO7TdDPS5u/lhR8frMg/Oks9by
Z0TFa7Davi2PB1cbN0APPTEKJAldoVrEFwoQunITF8dT+4ODojhp
-----END CERTIFICATE-----