Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/o17-yma_5t9exYXoXM4y9yk2rGc.roa
File:                     o17-yma_5t9exYXoXM4y9yk2rGc.roa (raw, json)
Hash identifier:          21brSGZYsEDJcaoR6r/SPKw0TZMGaiZDGKvCII90PgI=
Subject key identifier:   A3:5E:FE:CA:66:BF:E6:DF:5E:C5:85:E8:5C:CE:32:F7:29:36:AC:67
Certificate issuer:       /CN=65c5dad544df49716085ebe80dbe82eb68a209c9
Certificate serial:       019424B3FB63962C3A22401223DC4B070354
Authority key identifier: 65:C5:DA:D5:44:DF:49:71:60:85:EB:E8:0D:BE:82:EB:68:A2:09:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/o17-yma_5t9exYXoXM4y9yk2rGc.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39537
IP address blocks:        185.202.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fb:63:96:2c:3a:22:40:12:23:dc:4b:07:03:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65c5dad544df49716085ebe80dbe82eb68a209c9
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a35efeca66bfe6df5ec585e85cce32f72936ac67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6a:f7:5f:7e:9a:60:0e:ea:7c:2d:18:bf:b3:
                    92:30:67:dc:08:1f:50:2b:0f:57:0b:06:91:90:0b:
                    03:b8:fc:0e:ea:a6:cb:6a:b3:a0:03:f5:38:ba:de:
                    75:9a:83:bb:dd:03:03:92:9e:83:23:4e:f4:64:13:
                    ab:62:ad:52:fd:7d:db:98:55:a1:9b:26:74:18:75:
                    f9:66:1d:90:c2:7d:d7:c3:39:37:8f:e0:35:e0:80:
                    07:04:6b:cf:8e:50:49:8d:51:02:51:28:7b:b2:08:
                    a3:da:36:1c:17:58:19:25:fa:da:6b:aa:54:2a:dc:
                    6c:53:35:de:e8:ea:9d:49:50:27:d2:b6:d9:65:98:
                    4d:91:32:4b:0b:6a:04:fa:a9:c0:0a:27:ca:a5:98:
                    f3:45:97:a0:c6:22:e8:f1:fa:25:c7:86:21:3f:f5:
                    0e:d1:a4:80:da:a2:e8:d2:04:fa:c4:45:29:f7:5c:
                    7b:50:a1:ae:b4:21:9b:a4:a3:0e:2c:c8:d4:1a:3a:
                    cb:9b:bb:14:8d:e4:61:11:32:d9:64:6a:9f:e4:f2:
                    a3:c1:78:fa:7d:10:1d:e2:22:f5:56:4c:6d:d2:cd:
                    19:aa:51:e3:da:38:1e:1e:73:80:fd:7a:32:c8:dc:
                    a3:a5:88:ce:0b:12:71:1e:18:16:a6:42:90:72:f1:
                    d2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5E:FE:CA:66:BF:E6:DF:5E:C5:85:E8:5C:CE:32:F7:29:36:AC:67
            X509v3 Authority Key Identifier:
                keyid:65:C5:DA:D5:44:DF:49:71:60:85:EB:E8:0D:BE:82:EB:68:A2:09:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/o17-yma_5t9exYXoXM4y9yk2rGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:7d:4f:42:30:f4:e1:42:1b:c1:c5:af:71:1b:2c:a6:c0:48:
         87:9d:3f:03:6d:29:41:a0:4c:46:88:ca:da:cb:2a:8a:a5:52:
         2d:0d:23:25:df:b9:bd:6f:4d:d2:2c:87:f6:34:ec:2c:e0:0b:
         50:ad:96:8d:8b:5c:d2:82:37:f8:3d:35:42:99:0e:df:5c:b2:
         b5:3a:47:00:ba:09:cb:c3:a4:70:0e:b0:6d:b4:f1:71:8e:8d:
         ea:81:e2:f9:3f:08:9d:15:a0:95:b4:e8:19:1a:11:6a:bd:ad:
         17:19:7f:6f:82:1d:71:38:1e:8b:91:f6:53:d7:07:17:59:d1:
         43:d0:60:98:cf:a6:b0:83:3e:43:d1:2f:f5:24:7c:56:27:fc:
         f3:67:c7:04:f8:9f:6b:f4:cd:2a:2d:c5:0c:b9:b8:19:68:e3:
         e1:3b:a9:e1:cc:7c:fc:05:45:b0:a8:eb:ee:0a:14:cb:b5:d6:
         bc:fc:25:ed:f8:ee:fe:8d:e5:54:30:3b:ef:99:5b:c9:cf:cb:
         05:0b:64:26:00:a9:0f:fa:43:09:a9:b2:af:e4:a1:fa:2f:33:
         1b:f3:6d:3b:14:b2:08:c2:90:1a:15:46:a2:49:9f:d6:b8:f1:
         22:9f:e5:6d:b4:26:cb:c0:f7:c8:31:d4:8d:f0:e4:31:8f:98:
         60:69:4e:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/tjliw6IkASI9xLBwNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YzVkYWQ1NDRkZjQ5NzE2MDg1ZWJlODBkYmU4MmViNjhh
MjA5YzkwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzVlZmVjYTY2YmZlNmRmNWVjNTg1ZTg1Y2NlMzJmNzI5MzZhYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42r3X36aYA7qfC0Yv7OSMGfcCB9Q
Kw9XCwaRkAsDuPwO6qbLarOgA/U4ut51moO73QMDkp6DI070ZBOrYq1S/X3bmFWh
myZ0GHX5Zh2Qwn3Xwzk3j+A14IAHBGvPjlBJjVECUSh7sgij2jYcF1gZJfraa6pU
KtxsUzXe6OqdSVAn0rbZZZhNkTJLC2oE+qnACifKpZjzRZegxiLo8folx4YhP/UO
0aSA2qLo0gT6xEUp91x7UKGutCGbpKMOLMjUGjrLm7sUjeRhETLZZGqf5PKjwXj6
fRAd4iL1Vkxt0s0ZqlHj2jgeHnOA/XoyyNyjpYjOCxJxHhgWpkKQcvHSowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNe/spmv+bfXsWF6FzOMvcpNqxnMB8GA1UdIwQY
MBaAFGXF2tVE30lxYIXr6A2+gutoognJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmNYYTFVVGZTWEZnaGV2b0RiNkM2MmlpQ2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny81Y2ZkMzgtNWUzNy00M2FmLWExYjAt
YWQwMTJhZmY1MTcyLzEvbzE3LXltYV81dDlleFlYb1hNNHk5eWsyckdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny81Y2ZkMzgtNWUzNy00M2FmLWExYjAtYWQwMTJhZmY1MTcy
LzEvWmNYYTFVVGZTWEZnaGV2b0RiNkM2MmlpQ2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucpzMA0G
CSqGSIb3DQEBCwUAA4IBAQCHfU9CMPThQhvBxa9xGyymwEiHnT8DbSlBoExGiMra
yyqKpVItDSMl37m9b03SLIf2NOws4AtQrZaNi1zSgjf4PTVCmQ7fXLK1OkcAugnL
w6RwDrBttPFxjo3qgeL5PwidFaCVtOgZGhFqva0XGX9vgh1xOB6LkfZT1wcXWdFD
0GCYz6awgz5D0S/1JHxWJ/zzZ8cE+J9r9M0qLcUMubgZaOPhO6nhzHz8BUWwqOvu
ChTLtda8/CXt+O7+jeVUMDvvmVvJz8sFC2QmAKkP+kMJqbKv5KH6LzMb8207FLII
wpAaFUaiSZ/WuPEin+VttCbLwPfIMdSN8OQxj5hgaU7H
-----END CERTIFICATE-----