Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/9YAK0xIjvZ0jkU9GYhz1bySm8ao.roa
File:                     9YAK0xIjvZ0jkU9GYhz1bySm8ao.roa (raw, json)
Hash identifier:          YSdN3my3ymjfDNRBd0aA0z7OnehzvCW8RCNSPlN8quQ=
Subject key identifier:   F5:80:0A:D3:12:23:BD:9D:23:91:4F:46:62:1C:F5:6F:24:A6:F1:AA
Certificate issuer:       /CN=86842274b3788b80b2fed916db3880fe08c37528
Certificate serial:       019422200A1C64D6B1BDF74D15FAE07139D3
Authority key identifier: 86:84:22:74:B3:78:8B:80:B2:FE:D9:16:DB:38:80:FE:08:C3:75:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/9YAK0xIjvZ0jkU9GYhz1bySm8ao.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58088
IP address blocks:        85.116.140.0/22 maxlen: 22
                          185.184.136.0/22 maxlen: 22
                          2a0b:3580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0a:1c:64:d6:b1:bd:f7:4d:15:fa:e0:71:39:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86842274b3788b80b2fed916db3880fe08c37528
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5800ad31223bd9d23914f46621cf56f24a6f1aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:63:28:c2:81:ca:d5:1c:a4:f8:ab:04:7f:
                    26:cc:cb:20:bf:88:a9:79:b2:5f:af:e7:7d:a5:fd:
                    5d:05:07:a7:6f:49:76:24:a1:1c:6a:4a:0a:22:c7:
                    ed:ee:bd:35:bb:44:c1:1d:69:75:74:8e:77:37:bc:
                    00:03:7b:3f:75:2c:f9:1e:7b:25:71:f4:b1:e1:be:
                    2d:4d:25:66:3f:20:43:fd:3b:17:03:b5:69:4a:a4:
                    ab:c0:87:ea:8c:d0:6e:c7:b2:82:8f:24:cf:7e:a2:
                    71:5a:46:0e:d3:52:35:2d:63:9e:9c:44:14:ed:9f:
                    95:69:04:88:d1:55:ba:33:25:7e:41:20:f7:21:f0:
                    ad:aa:35:b5:62:4a:5e:f3:62:96:40:a7:7a:54:6b:
                    f2:d5:76:47:c6:53:76:09:c1:64:fd:4e:7d:59:9e:
                    5a:2d:bd:03:82:85:81:b1:a5:36:9d:d7:8b:6b:aa:
                    36:a4:54:94:10:b5:4a:ae:f2:a9:a5:c9:04:cb:9e:
                    30:a1:c5:df:9d:59:42:13:0f:e7:43:40:40:f7:bb:
                    49:97:a3:8f:58:3f:08:41:3a:d1:ba:28:e6:eb:b4:
                    70:68:4d:31:02:8d:1f:01:96:66:b5:02:9d:db:33:
                    a5:b8:03:8d:ba:62:d5:6d:78:c2:a0:6a:98:76:d3:
                    2c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:80:0A:D3:12:23:BD:9D:23:91:4F:46:62:1C:F5:6F:24:A6:F1:AA
            X509v3 Authority Key Identifier:
                keyid:86:84:22:74:B3:78:8B:80:B2:FE:D9:16:DB:38:80:FE:08:C3:75:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/9YAK0xIjvZ0jkU9GYhz1bySm8ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.140.0/22
                  185.184.136.0/22
                IPv6:
                  2a0b:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:ad:2a:6c:51:1e:88:91:51:ea:07:81:52:9a:db:f9:30:1e:
         0a:b1:d1:d3:84:56:53:ff:9d:d0:c7:15:7d:10:01:5f:29:47:
         d3:a5:a5:19:cb:b9:82:ce:b3:38:cc:56:80:06:b2:4c:af:f5:
         39:dd:af:ae:3b:80:9a:09:f9:3a:9b:56:f0:2c:76:42:59:26:
         f5:d5:9f:35:21:71:a7:54:b0:79:fa:0f:ae:20:fc:56:32:44:
         48:14:d4:d0:e1:f6:58:2c:9c:de:fb:91:f1:f8:08:1d:c4:05:
         e8:08:ac:8f:01:6c:bf:f4:1b:be:f8:99:d5:a2:84:5c:70:6d:
         99:63:21:41:c9:6f:c8:df:1e:15:f4:dd:09:ed:a6:50:89:e0:
         bb:0b:9c:d0:6c:b6:ca:d4:e3:a6:d3:f4:b7:0f:2e:d1:88:82:
         be:ae:f8:83:10:04:8b:d1:e4:2b:83:9a:17:e3:9e:0c:9d:6c:
         1c:2b:2a:d6:c5:94:96:62:ba:aa:e4:9c:4f:cb:1c:26:15:b6:
         08:22:34:61:b0:a8:36:11:be:90:3f:23:48:e6:98:b0:70:a8:
         ea:a6:38:b9:b2:64:df:fd:7e:37:25:68:c9:e1:b3:7d:ba:c1:
         9f:55:48:df:22:6c:c2:ed:3c:af:d7:af:19:1a:76:e0:49:65:
         01:2e:83:f0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiIAocZNaxvfdNFfrgcTnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ODQyMjc0YjM3ODhiODBiMmZlZDkxNmRiMzg4MGZlMDhj
Mzc1MjgwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTgwMGFkMzEyMjNiZDlkMjM5MTRmNDY2MjFjZjU2ZjI0YTZmMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCZjKMKBytUcpPirBH8mzMsgv4ip
ebJfr+d9pf1dBQenb0l2JKEcakoKIsft7r01u0TBHWl1dI53N7wAA3s/dSz5Hnsl
cfSx4b4tTSVmPyBD/TsXA7VpSqSrwIfqjNBux7KCjyTPfqJxWkYO01I1LWOenEQU
7Z+VaQSI0VW6MyV+QSD3IfCtqjW1Ykpe82KWQKd6VGvy1XZHxlN2CcFk/U59WZ5a
Lb0DgoWBsaU2ndeLa6o2pFSUELVKrvKppckEy54wocXfnVlCEw/nQ0BA97tJl6OP
WD8IQTrRuijm67RwaE0xAo0fAZZmtQKd2zOluAONumLVbXjCoGqYdtMsmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPWACtMSI72dI5FPRmIc9W8kpvGqMB8GA1UdIwQY
MBaAFIaEInSzeIuAsv7ZFts4gP4Iw3UoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG9RaWRMTjRpNEN5X3RrVzJ6aUFfZ2pEZFNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hZWJjZWYtNjI5Ni00YTMyLTg2M2Ut
YWEzMTUyMGQzYTZiLzEvOVlBSzB4SWp2WjBqa1U5R1loejFieVNtOGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hZWJjZWYtNjI5Ni00YTMyLTg2M2UtYWEzMTUyMGQzYTZi
LzEvaG9RaWRMTjRpNEN5X3RrVzJ6aUFfZ2pEZFNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVXSMAwQC
ubiIMA0EAgACMAcDBQMqCzWAMA0GCSqGSIb3DQEBCwUAA4IBAQBqrSpsUR6IkVHq
B4FSmtv5MB4KsdHThFZT/53QxxV9EAFfKUfTpaUZy7mCzrM4zFaABrJMr/U53a+u
O4CaCfk6m1bwLHZCWSb11Z81IXGnVLB5+g+uIPxWMkRIFNTQ4fZYLJze+5Hx+Agd
xAXoCKyPAWy/9Bu++JnVooRccG2ZYyFByW/I3x4V9N0J7aZQieC7C5zQbLbK1OOm
0/S3Dy7RiIK+rviDEASL0eQrg5oX454MnWwcKyrWxZSWYrqq5JxPyxwmFbYIIjRh
sKg2Eb6QPyNI5piwcKjqpji5smTf/X43JWjJ4bN9usGfVUjfImzC7Tyv168ZGnbg
SWUBLoPw
-----END CERTIFICATE-----