Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_LWL4WOk7GuqV3KZqgsX3i3vdPk.roa
File:                     _LWL4WOk7GuqV3KZqgsX3i3vdPk.roa (raw, json)
Hash identifier:          YMFf/Z/o30IXjOeWXoHHLNuciA6chKN5EAI2L25RShw=
Subject key identifier:   FC:B5:8B:E1:63:A4:EC:6B:AA:57:72:99:AA:0B:17:DE:2D:EF:74:F9
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01954BE5664D5DF7FE7EFC7FFF1281AC605E
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_LWL4WOk7GuqV3KZqgsX3i3vdPk.roa
Signing time:             Fri 28 Feb 2025 09:31:19 +0000
ROA not before:           Fri 28 Feb 2025 09:31:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59765
IP address blocks:        188.214.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 01:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4b:e5:66:4d:5d:f7:fe:7e:fc:7f:ff:12:81:ac:60:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 28 09:31:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcb58be163a4ec6baa577299aa0b17de2def74f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6b:ab:3e:22:58:87:71:7e:3e:60:85:44:e1:
                    98:a1:aa:3b:c6:f6:c8:ff:5b:bd:05:dd:24:01:16:
                    dd:a4:26:9c:45:8b:96:fd:50:e8:c0:18:23:2a:8f:
                    53:60:e4:f4:fb:ac:b6:b5:f4:fc:da:b8:c6:13:6c:
                    7e:2a:6b:63:04:75:f7:57:e5:4c:c4:f4:d1:21:24:
                    f5:30:ad:43:f7:43:1e:97:93:52:4b:d2:fc:6f:f4:
                    56:da:e5:d4:8a:97:56:43:bb:b7:4d:64:36:6b:64:
                    8a:b7:c8:bc:e9:e7:cf:f1:57:6e:f5:52:f9:55:9f:
                    1a:0f:66:84:ac:4b:89:cc:32:fa:09:d4:19:53:7b:
                    bf:5a:0b:98:1f:ed:24:5f:3d:27:03:07:59:b7:7c:
                    0f:7b:f3:42:43:f8:91:f5:c9:a4:0a:ff:86:e1:c2:
                    1c:dd:41:3f:66:e8:12:18:cf:bd:f6:26:fc:02:33:
                    3c:05:ff:52:66:f8:40:f8:90:66:17:75:77:11:c8:
                    a5:ac:f7:d5:34:c1:9c:30:4a:ea:3f:58:fd:c5:3b:
                    68:b1:13:38:55:92:ed:63:64:38:eb:e2:0e:0a:75:
                    00:60:3e:27:5b:fb:c0:fc:37:93:41:7c:aa:59:77:
                    ee:7a:fe:3d:16:56:ba:ad:cd:ab:f1:d6:be:6f:b2:
                    11:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B5:8B:E1:63:A4:EC:6B:AA:57:72:99:AA:0B:17:DE:2D:EF:74:F9
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_LWL4WOk7GuqV3KZqgsX3i3vdPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f5:cd:b0:f2:6c:f7:dd:aa:43:37:64:f2:f5:f6:dd:a6:46:9f:
         6c:31:03:04:81:ea:56:27:35:95:42:ac:c2:da:52:f5:b9:77:
         2e:80:d3:85:c7:6d:29:1c:3e:54:a3:54:51:39:c2:f1:b8:85:
         99:26:30:5e:a4:1c:72:0b:e1:78:68:16:f8:cb:91:05:c2:bd:
         86:c6:b8:b1:0c:60:b5:f3:e1:21:9f:6a:a2:9b:c1:3d:30:12:
         fc:33:69:d4:9b:a7:5c:1e:7a:10:b7:84:f8:4f:d8:56:c3:27:
         ba:d9:f1:2e:f3:ed:e2:71:fe:4a:78:d0:68:16:65:e5:ec:e6:
         c1:c2:ec:6e:ef:bf:a7:e7:b5:2b:42:a4:f8:58:79:69:af:d8:
         c6:57:d4:85:6c:b6:6f:37:bf:29:1c:b8:34:a0:a5:71:7f:ff:
         2b:b0:23:4e:b7:1e:8f:9f:21:05:80:a1:1e:f0:7c:8e:30:d7:
         79:b2:5a:64:29:1e:d3:bc:8f:ca:1d:da:32:3b:3d:be:c4:5a:
         a0:a6:b7:ae:80:64:fb:ec:bc:01:8b:21:56:c5:d5:9a:61:06:
         80:3d:b4:64:b1:e2:9b:e8:04:96:02:ea:f3:ed:b9:a5:47:46:
         78:06:2d:be:1d:87:1f:85:93:fb:23:2b:5a:6e:5d:86:fa:ee:
         7a:36:63:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZVL5WZNXff+fvx//xKBrGBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMjI4MDkzMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2I1OGJlMTYzYTRlYzZiYWE1NzcyOTlhYTBiMTdkZTJkZWY3NGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWurPiJYh3F+PmCFROGYoao7xvbI
/1u9Bd0kARbdpCacRYuW/VDowBgjKo9TYOT0+6y2tfT82rjGE2x+KmtjBHX3V+VM
xPTRIST1MK1D90Mel5NSS9L8b/RW2uXUipdWQ7u3TWQ2a2SKt8i86efP8Vdu9VL5
VZ8aD2aErEuJzDL6CdQZU3u/WguYH+0kXz0nAwdZt3wPe/NCQ/iR9cmkCv+G4cIc
3UE/ZugSGM+99ib8AjM8Bf9SZvhA+JBmF3V3EcilrPfVNMGcMErqP1j9xTtosRM4
VZLtY2Q46+IOCnUAYD4nW/vA/DeTQXyqWXfuev49Fla6rc2r8da+b7IRvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPy1i+FjpOxrqldymaoLF94t73T5MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL19MV0w0V09rN0d1cVYzS1pxZ3NYM2kzdmRQay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC81m8w
DQYJKoZIhvcNAQELBQADggEBAPXNsPJs992qQzdk8vX23aZGn2wxAwSB6lYnNZVC
rMLaUvW5dy6A04XHbSkcPlSjVFE5wvG4hZkmMF6kHHIL4XhoFvjLkQXCvYbGuLEM
YLXz4SGfaqKbwT0wEvwzadSbp1weehC3hPhP2FbDJ7rZ8S7z7eJx/kp40GgWZeXs
5sHC7G7vv6fntStCpPhYeWmv2MZX1IVstm83vykcuDSgpXF//yuwI063Ho+fIQWA
oR7wfI4w13myWmQpHtO8j8od2jI7Pb7EWqCmt66AZPvsvAGLIVbF1ZphBoA9tGSx
4pvoBJYC6vPtuaVHRngGLb4dhx+Fk/sjK1puXYb67no2Y0E=
-----END CERTIFICATE-----