Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/B_TjvpIb0yLFS65mk6ISqfofzjA.roa
File:                     B_TjvpIb0yLFS65mk6ISqfofzjA.roa (raw, json)
Hash identifier:          q5/nXiQuX9jf7AxyuDuG4cnRKI4OPuttYtvlaMLZtB8=
Subject key identifier:   07:F4:E3:BE:92:1B:D3:22:C5:4B:AE:66:93:A2:12:A9:FA:1F:CE:30
Certificate issuer:       /CN=b9e2dc2340c5309b63eba23cfbe7eed11b74af47
Certificate serial:       0194258F88E95F6EE7F32D06EB3BA536158A
Authority key identifier: B9:E2:DC:23:40:C5:30:9B:63:EB:A2:3C:FB:E7:EE:D1:1B:74:AF:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueLcI0DFMJtj66I8--fu0Rt0r0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/B_TjvpIb0yLFS65mk6ISqfofzjA.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206789
IP address blocks:        185.173.236.0/24 maxlen: 24
                          185.173.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/ueLcI0DFMJtj66I8--fu0Rt0r0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/ueLcI0DFMJtj66I8--fu0Rt0r0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueLcI0DFMJtj66I8--fu0Rt0r0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:88:e9:5f:6e:e7:f3:2d:06:eb:3b:a5:36:15:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e2dc2340c5309b63eba23cfbe7eed11b74af47
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07f4e3be921bd322c54bae6693a212a9fa1fce30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5b:b7:37:0e:9f:09:1b:66:11:9f:ce:4f:25:
                    14:aa:a8:9d:fa:72:ee:36:70:92:90:66:41:b8:74:
                    e3:8c:54:d8:67:93:4c:1c:ec:0a:08:16:d3:2d:13:
                    dc:75:36:81:40:a3:e6:2b:42:ca:18:08:d0:42:86:
                    1c:3a:76:15:4a:53:10:a7:7b:9e:49:ff:fc:0b:1e:
                    c4:b3:96:27:4e:96:e3:09:8a:bc:35:af:1c:1c:ee:
                    5d:3b:de:5e:3c:ff:8e:f3:61:a3:5e:39:38:9a:4e:
                    49:df:d6:a1:67:f0:b9:8a:9a:72:d2:98:a2:74:ff:
                    47:96:7f:43:fe:77:71:f9:05:56:e3:2c:3f:52:ae:
                    79:0d:6c:6f:46:13:bd:61:41:83:3b:6d:c1:7c:3e:
                    f4:4e:7d:e1:44:02:03:1d:21:0f:4c:75:2f:59:bc:
                    4d:7b:38:28:2a:d5:24:a6:dd:8d:e6:4e:17:bc:02:
                    31:23:88:06:17:9c:c3:29:37:2a:56:4a:82:e6:25:
                    fd:30:b1:65:59:65:1c:6e:e6:fe:a5:6a:2a:b9:48:
                    6f:3e:b9:1f:cd:48:b8:eb:d9:d0:36:19:4c:f3:c9:
                    ad:bb:99:fe:85:ca:64:aa:c3:ab:3d:9b:32:85:ef:
                    da:2b:08:8a:ae:eb:40:5d:e5:ed:29:46:71:9a:48:
                    7b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F4:E3:BE:92:1B:D3:22:C5:4B:AE:66:93:A2:12:A9:FA:1F:CE:30
            X509v3 Authority Key Identifier:
                keyid:B9:E2:DC:23:40:C5:30:9B:63:EB:A2:3C:FB:E7:EE:D1:1B:74:AF:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueLcI0DFMJtj66I8--fu0Rt0r0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/B_TjvpIb0yLFS65mk6ISqfofzjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/6f99d2-ad05-4cfc-9a5e-9cbedcec86d6/1/ueLcI0DFMJtj66I8--fu0Rt0r0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.236.0/24
                  185.173.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:11:5c:98:70:18:7e:9e:0a:e3:43:b2:5c:93:4d:5a:d7:82:
         1f:33:07:95:9f:48:02:49:c6:a9:19:df:ec:53:bb:9e:f9:8f:
         c8:c5:40:20:3d:92:aa:79:a2:c5:a1:92:7b:98:ba:41:c7:fb:
         56:2f:79:87:c8:c7:dd:6c:ef:11:e5:2c:08:d3:b4:71:37:81:
         94:f8:f3:2b:e3:b7:1c:31:9e:da:57:cf:d2:93:94:91:fa:d5:
         25:12:ad:d9:0f:e7:29:c0:92:6b:ba:96:78:72:09:2d:f5:d9:
         c6:e7:68:12:ed:48:d9:c5:67:6e:c3:cf:7f:83:0a:0f:13:5b:
         03:de:8f:2d:f7:d7:59:74:b1:26:64:aa:cb:84:a3:6a:19:ed:
         74:e0:46:3f:e9:eb:f8:fd:87:90:2d:42:7a:cd:ff:eb:1a:b0:
         6b:b1:10:29:de:74:fd:3c:ad:18:ea:33:27:7b:c9:cd:24:72:
         cf:98:af:cf:13:7d:a9:cf:7b:25:92:82:42:c9:d3:47:1b:e1:
         f8:bd:a3:8b:72:62:ab:68:54:28:ce:b6:fa:5b:3e:8c:40:47:
         3e:4a:ee:b3:ca:2e:06:d6:75:c2:c2:9a:10:07:4c:07:2e:23:
         c5:70:2d:c1:1a:ab:c7:fd:0a:34:30:a2:76:ef:48:10:13:37:
         55:de:cb:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj4jpX27n8y0G6zulNhWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTJkYzIzNDBjNTMwOWI2M2ViYTIzY2ZiZTdlZWQxMWI3
NGFmNDcwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Y0ZTNiZTkyMWJkMzIyYzU0YmFlNjY5M2EyMTJhOWZhMWZjZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1u3Nw6fCRtmEZ/OTyUUqqid+nLu
NnCSkGZBuHTjjFTYZ5NMHOwKCBbTLRPcdTaBQKPmK0LKGAjQQoYcOnYVSlMQp3ue
Sf/8Cx7Es5YnTpbjCYq8Na8cHO5dO95ePP+O82GjXjk4mk5J39ahZ/C5ippy0pii
dP9Hln9D/ndx+QVW4yw/Uq55DWxvRhO9YUGDO23BfD70Tn3hRAIDHSEPTHUvWbxN
ezgoKtUkpt2N5k4XvAIxI4gGF5zDKTcqVkqC5iX9MLFlWWUcbub+pWoquUhvPrkf
zUi469nQNhlM88mtu5n+hcpkqsOrPZsyhe/aKwiKrutAXeXtKUZxmkh7lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAf0476SG9MixUuuZpOiEqn6H84wMB8GA1UdIwQY
MBaAFLni3CNAxTCbY+uiPPvn7tEbdK9HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVMY0kwREZNSnRqNjZJOC0tZnUwUnQwcjBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82Zjk5ZDItYWQwNS00Y2ZjLTlhNWUt
OWNiZWRjZWM4NmQ2LzEvQl9UanZwSWIweUxGUzY1bWs2SVNxZm9mempBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82Zjk5ZDItYWQwNS00Y2ZjLTlhNWUtOWNiZWRjZWM4NmQ2
LzEvdWVMY0kwREZNSnRqNjZJOC0tZnUwUnQwcjBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAua3sAwQA
ua3uMA0GCSqGSIb3DQEBCwUAA4IBAQCZEVyYcBh+ngrjQ7Jck01a14IfMweVn0gC
ScapGd/sU7ue+Y/IxUAgPZKqeaLFoZJ7mLpBx/tWL3mHyMfdbO8R5SwI07RxN4GU
+PMr47ccMZ7aV8/Sk5SR+tUlEq3ZD+cpwJJrupZ4cgkt9dnG52gS7UjZxWduw89/
gwoPE1sD3o8t99dZdLEmZKrLhKNqGe104EY/6ev4/YeQLUJ6zf/rGrBrsRAp3nT9
PK0Y6jMne8nNJHLPmK/PE32pz3slkoJCydNHG+H4vaOLcmKraFQozrb6Wz6MQEc+
Su6zyi4G1nXCwpoQB0wHLiPFcC3BGqvH/Qo0MKJ270gQEzdV3ssG
-----END CERTIFICATE-----