Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XxHfc-a9htRibcc6wiaA8b5vADo.roa
File:                     XxHfc-a9htRibcc6wiaA8b5vADo.roa (raw, json)
Hash identifier:          BWFgGLeyn66mCnqmmne07/YheXx02V5t3syX64hzdus=
Subject key identifier:   5F:11:DF:73:E6:BD:86:D4:62:6D:C7:3A:C2:26:80:F1:BE:6F:00:3A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0194274631A9CCBF4969A9F1C439254E0A17
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XxHfc-a9htRibcc6wiaA8b5vADo.roa
Signing time:             Thu 02 Jan 2025 13:48:19 +0000
ROA not before:           Thu 02 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202585
IP address blocks:        185.244.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:31:a9:cc:bf:49:69:a9:f1:c4:39:25:4e:0a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f11df73e6bd86d4626dc73ac22680f1be6f003a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1b:56:59:fa:b4:7e:3b:c6:ca:53:6b:02:fa:
                    10:c1:f5:01:ba:eb:9e:23:ba:b9:db:0f:01:1c:cf:
                    74:54:47:5e:45:20:7b:34:56:09:c1:bf:6f:ca:07:
                    70:de:89:e3:2b:ca:19:45:af:c4:b3:a3:9f:4f:8b:
                    2b:75:21:3c:ef:43:dd:f4:5a:fc:24:c5:ee:fc:5e:
                    6e:f7:a2:18:e1:7c:b4:8e:ed:55:29:c1:e3:07:ca:
                    15:52:97:64:46:52:d9:5f:a8:61:49:0b:91:ea:31:
                    c2:e2:a9:d2:e5:ae:5d:37:8b:a9:13:48:cc:79:26:
                    2c:54:04:a8:be:75:dc:8f:b7:82:78:13:67:b0:16:
                    4c:0b:32:2c:45:12:e5:b5:a8:c0:59:f7:e5:35:1c:
                    fc:8c:93:f1:71:73:36:31:8e:dd:89:2d:d4:3e:b7:
                    eb:7d:15:78:f7:4d:93:1c:e0:dc:92:9f:7f:55:97:
                    40:9b:3d:d4:82:63:f5:ac:39:1d:1d:7b:8b:94:a7:
                    52:ed:fc:68:36:d3:50:32:0f:fc:c7:63:a4:c7:46:
                    43:f3:c4:89:64:57:88:99:9d:d2:e5:e9:5f:68:f0:
                    6f:2e:58:22:10:8a:a7:42:6e:7c:78:81:63:86:11:
                    f7:e9:2d:a5:65:75:48:6d:bd:07:97:3d:db:b3:3b:
                    56:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:11:DF:73:E6:BD:86:D4:62:6D:C7:3A:C2:26:80:F1:BE:6F:00:3A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XxHfc-a9htRibcc6wiaA8b5vADo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:95:f8:b1:7a:ac:bf:29:dc:8e:ca:53:d6:34:42:04:6e:00:
         c5:46:f3:36:fa:86:25:71:87:27:b9:0a:a6:be:67:cd:fb:46:
         38:29:6d:95:fe:07:c8:3f:c7:f8:7c:bc:19:93:9f:be:3b:62:
         89:52:c3:f9:e9:51:1d:ee:9c:21:d3:7c:a0:5e:99:f2:7c:9f:
         c3:9f:15:fa:52:7f:34:70:09:c7:ae:65:40:82:5c:5f:12:7e:
         e4:eb:8f:9c:9d:fd:b1:bc:8d:34:98:90:cf:dd:a8:a4:c8:16:
         ab:98:ae:b2:ce:10:59:2c:3c:98:b1:09:37:7c:c1:1c:44:8c:
         80:52:a5:f5:fe:f6:77:fb:8f:96:c1:31:d2:27:28:d6:82:1f:
         b1:c4:13:ba:b2:d6:f4:e1:27:59:d0:a1:9a:06:c0:46:92:1d:
         57:3e:fb:6a:a9:c0:54:3d:14:d1:d4:fc:06:48:af:af:b8:f7:
         87:98:6e:85:6e:f4:a0:89:f5:4d:15:da:ec:e9:66:aa:ef:30:
         46:24:50:88:72:75:c7:11:6f:5e:2f:6b:26:7f:e6:05:9a:63:
         1b:ea:a3:73:41:31:a2:e6:99:e1:b3:0b:16:c6:88:17:6c:28:
         96:8e:de:7d:6f:90:25:d8:37:4a:17:dd:69:10:d2:33:6d:86:
         d2:a6:52:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRjGpzL9JaanxxDklTgoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjExZGY3M2U2YmQ4NmQ0NjI2ZGM3M2FjMjI2ODBmMWJlNmYwMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RtWWfq0fjvGylNrAvoQwfUBuuue
I7q52w8BHM90VEdeRSB7NFYJwb9vygdw3onjK8oZRa/Es6OfT4srdSE870Pd9Fr8
JMXu/F5u96IY4Xy0ju1VKcHjB8oVUpdkRlLZX6hhSQuR6jHC4qnS5a5dN4upE0jM
eSYsVASovnXcj7eCeBNnsBZMCzIsRRLltajAWfflNRz8jJPxcXM2MY7diS3UPrfr
fRV4902THODckp9/VZdAmz3UgmP1rDkdHXuLlKdS7fxoNtNQMg/8x2Okx0ZD88SJ
ZFeImZ3S5elfaPBvLlgiEIqnQm58eIFjhhH36S2lZXVIbb0Hlz3bsztWkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8R33PmvYbUYm3HOsImgPG+bwA6MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvWHhIZmMtYTlodFJpYmNjNndpYUE4YjV2QURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtlfixeqy/KdyOylPWNEIEbgDFRvM2+oYlcYcnuQqm
vmfN+0Y4KW2V/gfIP8f4fLwZk5++O2KJUsP56VEd7pwh03ygXpnyfJ/DnxX6Un80
cAnHrmVAglxfEn7k64+cnf2xvI00mJDP3aikyBarmK6yzhBZLDyYsQk3fMEcRIyA
UqX1/vZ3+4+WwTHSJyjWgh+xxBO6stb04SdZ0KGaBsBGkh1XPvtqqcBUPRTR1PwG
SK+vuPeHmG6FbvSgifVNFdrs6Waq7zBGJFCIcnXHEW9eL2smf+YFmmMb6qNzQTGi
5pnhswsWxogXbCiWjt59b5Al2DdKF91pENIzbYbSplL3
-----END CERTIFICATE-----