Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/bo9Zt5WveGJLmto-uiWetgZCX7Q.roa
File:                     bo9Zt5WveGJLmto-uiWetgZCX7Q.roa (raw, json)
Hash identifier:          zzs00ivzGHR02cC1o3Qz5YlQGqmECC+fSU4iyTugi54=
Subject key identifier:   6E:8F:59:B7:95:AF:78:62:4B:9A:DA:3E:BA:25:9E:B6:06:42:5F:B4
Certificate issuer:       /CN=85b7d5ccdaf03309749745764200a7272764730a
Certificate serial:       019427B52E52F7F8917B03EED3ADEED3C3CB
Authority key identifier: 85:B7:D5:CC:DA:F0:33:09:74:97:45:76:42:00:A7:27:27:64:73:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hbfVzNrwMwl0l0V2QgCnJydkcwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/bo9Zt5WveGJLmto-uiWetgZCX7Q.roa
Signing time:             Thu 02 Jan 2025 15:49:32 +0000
ROA not before:           Thu 02 Jan 2025 15:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48417
IP address blocks:        195.210.14.0/24 maxlen: 24
                          195.210.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/hbfVzNrwMwl0l0V2QgCnJydkcwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/hbfVzNrwMwl0l0V2QgCnJydkcwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hbfVzNrwMwl0l0V2QgCnJydkcwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:2e:52:f7:f8:91:7b:03:ee:d3:ad:ee:d3:c3:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85b7d5ccdaf03309749745764200a7272764730a
        Validity
            Not Before: Jan  2 15:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e8f59b795af78624b9ada3eba259eb606425fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:37:55:94:92:fc:a3:e4:92:30:47:4b:e6:19:
                    c6:a1:e5:34:17:08:2f:a0:31:97:2e:51:54:da:b6:
                    d0:cc:ce:dd:37:71:e7:87:7a:a8:f8:b5:a1:2d:b8:
                    14:b6:c3:3f:ad:6a:ed:9a:42:b6:a5:97:92:20:95:
                    7c:0d:b6:f3:38:f2:0a:24:67:76:65:19:ac:3e:f4:
                    f5:84:25:4e:4d:1a:ca:6d:ad:9f:79:0e:51:6c:a1:
                    b3:01:7e:36:0f:d6:94:36:3b:10:7e:eb:7e:9a:1a:
                    c7:81:81:9a:fa:eb:8f:e8:83:da:20:91:c8:3a:5e:
                    19:67:32:91:e4:b4:ac:cd:ab:74:96:99:b1:17:e9:
                    c0:e4:e7:ef:74:b5:e1:23:c9:a4:1b:b3:b2:6a:8c:
                    71:b5:fb:43:4e:f8:90:ed:97:ad:d8:9f:22:5d:e4:
                    8e:87:33:0b:19:f4:76:e4:d6:bb:dc:a1:9b:e1:df:
                    a3:e5:15:62:6a:1c:42:23:1c:da:96:26:b4:8e:6c:
                    c3:01:7d:2f:c7:3b:64:15:ec:a1:d1:70:2a:6b:bd:
                    f2:fb:00:b8:b0:40:ab:57:db:45:d3:fa:6e:24:1f:
                    f4:5d:b0:2b:c5:23:fe:e8:e5:94:cb:59:f0:91:72:
                    56:c1:d5:de:25:73:3b:9e:4d:fc:e9:83:94:b3:05:
                    07:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8F:59:B7:95:AF:78:62:4B:9A:DA:3E:BA:25:9E:B6:06:42:5F:B4
            X509v3 Authority Key Identifier:
                keyid:85:B7:D5:CC:DA:F0:33:09:74:97:45:76:42:00:A7:27:27:64:73:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hbfVzNrwMwl0l0V2QgCnJydkcwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/bo9Zt5WveGJLmto-uiWetgZCX7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1137d8-1d36-41bb-b7fa-409493694a52/1/hbfVzNrwMwl0l0V2QgCnJydkcwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:19:d5:16:78:8a:f8:ae:0f:7c:1a:ed:fb:dd:e2:54:ef:78:
         92:ee:b7:5f:14:41:f6:30:80:5e:00:e6:e6:d4:63:ea:2a:cd:
         b4:bc:4a:c4:6b:d8:b4:be:50:c2:16:cc:51:dc:b3:6b:2b:09:
         ba:85:e0:2b:d5:ef:9f:b6:d6:d5:ae:98:3e:50:8b:be:89:b0:
         f2:73:81:cb:ff:f8:71:7c:89:10:0c:ca:1a:2c:b6:a1:f5:d2:
         0c:9c:36:eb:07:26:7e:f0:eb:0f:25:fc:43:d8:1a:50:dd:c5:
         a1:ae:79:80:87:bf:d3:92:64:b5:d2:f7:db:16:34:e1:05:c2:
         60:6a:3d:2e:5d:85:57:95:ca:87:4e:04:29:51:d7:37:06:01:
         10:af:e1:37:66:ff:b0:8c:66:f2:54:a9:da:3e:bd:75:a1:9f:
         1d:01:5c:e5:18:9f:cb:68:ce:d9:30:07:53:04:e7:0d:4d:48:
         ce:2a:6b:92:22:3e:40:49:8c:37:ce:b0:fe:a5:90:c1:52:da:
         22:25:e5:b4:16:f3:d1:fd:cf:5f:a9:ad:04:2c:19:3c:04:4f:
         4f:45:c8:e8:0d:9a:16:fc:51:16:80:7e:d2:23:7b:26:28:eb:
         61:44:32:de:b8:b9:d7:c4:fa:b0:e5:a4:75:c0:5b:24:7d:76:
         ff:ee:b1:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntS5S9/iRewPu063u08PLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YjdkNWNjZGFmMDMzMDk3NDk3NDU3NjQyMDBhNzI3Mjc2
NDczMGEwHhcNMjUwMTAyMTU0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZThmNTliNzk1YWY3ODYyNGI5YWRhM2ViYTI1OWViNjA2NDI1ZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTdVlJL8o+SSMEdL5hnGoeU0Fwgv
oDGXLlFU2rbQzM7dN3Hnh3qo+LWhLbgUtsM/rWrtmkK2pZeSIJV8DbbzOPIKJGd2
ZRmsPvT1hCVOTRrKba2feQ5RbKGzAX42D9aUNjsQfut+mhrHgYGa+uuP6IPaIJHI
Ol4ZZzKR5LSszat0lpmxF+nA5OfvdLXhI8mkG7OyaoxxtftDTviQ7Zet2J8iXeSO
hzMLGfR25Na73KGb4d+j5RViahxCIxzalia0jmzDAX0vxztkFeyh0XAqa73y+wC4
sECrV9tF0/puJB/0XbArxSP+6OWUy1nwkXJWwdXeJXM7nk386YOUswUH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6PWbeVr3hiS5raProlnrYGQl+0MB8GA1UdIwQY
MBaAFIW31cza8DMJdJdFdkIApycnZHMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGJmVnpOcndNd2wwbDBWMlFnQ25KeWRrY3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTM3ZDgtMWQzNi00MWJiLWI3ZmEt
NDA5NDkzNjk0YTUyLzEvYm85WnQ1V3ZlR0pMbXRvLXVpV2V0Z1pDWDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTM3ZDgtMWQzNi00MWJiLWI3ZmEtNDA5NDkzNjk0YTUy
LzEvaGJmVnpOcndNd2wwbDBWMlFnQ25KeWRrY3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9IOMA0G
CSqGSIb3DQEBCwUAA4IBAQALGdUWeIr4rg98Gu373eJU73iS7rdfFEH2MIBeAObm
1GPqKs20vErEa9i0vlDCFsxR3LNrKwm6heAr1e+fttbVrpg+UIu+ibDyc4HL//hx
fIkQDMoaLLah9dIMnDbrByZ+8OsPJfxD2BpQ3cWhrnmAh7/TkmS10vfbFjThBcJg
aj0uXYVXlcqHTgQpUdc3BgEQr+E3Zv+wjGbyVKnaPr11oZ8dAVzlGJ/LaM7ZMAdT
BOcNTUjOKmuSIj5ASYw3zrD+pZDBUtoiJeW0FvPR/c9fqa0ELBk8BE9PRcjoDZoW
/FEWgH7SI3smKOthRDLeuLnXxPqw5aR1wFskfXb/7rEt
-----END CERTIFICATE-----