Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/Xz1rL6dK4mQZieGCdBgSZgZHbZ4.roa
File:                     Xz1rL6dK4mQZieGCdBgSZgZHbZ4.roa (raw, json)
Hash identifier:          gmK1QKVfo/W+VuZX9S2XVVxCk24nsYt3d8ghU+Ddwrs=
Subject key identifier:   5F:3D:6B:2F:A7:4A:E2:64:19:89:E1:82:74:18:12:66:06:47:6D:9E
Certificate issuer:       /CN=835fbb927b295062b7d0a72047b6b4aa1b0f9b29
Certificate serial:       01941FFA31A1D247F76166514EB5A3E29B60
Authority key identifier: 83:5F:BB:92:7B:29:50:62:B7:D0:A7:20:47:B6:B4:AA:1B:0F:9B:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/Xz1rL6dK4mQZieGCdBgSZgZHbZ4.roa
Signing time:             Wed 01 Jan 2025 03:47:57 +0000
ROA not before:           Wed 01 Jan 2025 03:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206909
IP address blocks:        185.172.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:31:a1:d2:47:f7:61:66:51:4e:b5:a3:e2:9b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835fbb927b295062b7d0a72047b6b4aa1b0f9b29
        Validity
            Not Before: Jan  1 03:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f3d6b2fa74ae2641989e1827418126606476d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3e:4f:26:4b:06:14:19:11:07:fb:d0:15:7e:
                    48:29:d8:bd:c8:21:84:ba:b7:a0:30:da:ea:5e:2d:
                    43:61:e2:ed:18:a0:e4:08:11:e1:61:a9:f1:f9:7a:
                    f2:d6:0c:02:27:f3:56:c6:5d:29:1b:87:32:0d:b5:
                    ce:89:a1:e7:3c:f4:24:2a:15:dd:86:09:df:1e:af:
                    22:c3:79:bb:a1:57:0c:eb:03:b8:cd:a3:39:16:ad:
                    51:05:86:3e:42:51:0b:34:bd:2d:36:57:00:a0:05:
                    30:17:bc:9f:22:9b:4e:74:b1:6b:2c:1c:12:24:4f:
                    06:95:b0:ba:20:fd:d8:f5:e3:fe:4e:32:34:41:4a:
                    77:41:c4:ed:12:f7:f4:54:f7:43:cb:88:cf:b4:0e:
                    75:5f:fa:34:8d:b2:76:50:64:01:05:16:4e:e8:d9:
                    83:03:6a:48:b3:61:9e:66:a9:72:ae:85:bc:94:14:
                    1a:47:3b:1f:cf:16:18:63:16:81:49:19:7e:52:c0:
                    68:6b:05:8a:21:b6:35:9d:a3:eb:54:e5:c3:6e:7b:
                    8c:3d:19:16:07:d2:db:63:5c:ef:e3:3c:52:13:e9:
                    80:49:98:2d:32:90:35:88:26:43:dd:cd:75:a8:46:
                    34:fa:f1:d7:81:b9:2e:6c:60:1a:ea:a3:17:a5:7d:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3D:6B:2F:A7:4A:E2:64:19:89:E1:82:74:18:12:66:06:47:6D:9E
            X509v3 Authority Key Identifier:
                keyid:83:5F:BB:92:7B:29:50:62:B7:D0:A7:20:47:B6:B4:AA:1B:0F:9B:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/Xz1rL6dK4mQZieGCdBgSZgZHbZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:bb:2c:41:50:96:f1:5c:3b:4f:58:45:bc:6d:f7:a4:56:49:
         3f:5d:58:80:d7:2d:3d:ed:0b:7a:75:c1:8d:13:53:9b:59:a0:
         1d:47:77:76:25:01:d8:52:42:98:64:04:3d:f6:7a:b3:c5:72:
         e3:e5:22:a2:f0:fd:d6:69:45:0b:b4:86:d7:b9:e2:12:01:15:
         6f:35:71:f4:68:3f:71:c2:a8:70:9e:a6:b1:b0:2b:0d:d2:8b:
         eb:9e:7d:0e:af:ff:5c:ed:9b:e4:ff:87:d2:de:2d:26:de:c3:
         5f:6c:1b:25:f1:f1:68:2a:28:01:39:61:6d:af:de:5a:5d:0e:
         8d:b8:68:bc:0c:8a:b4:a3:eb:10:e7:8c:a4:56:50:52:14:bd:
         38:3f:da:c3:9d:48:2b:95:1b:b5:2b:a4:57:39:14:21:02:5f:
         96:e6:aa:d7:35:8b:a4:f3:29:5d:a4:88:0c:1a:67:92:b6:25:
         a7:c8:7f:de:7a:5e:82:0b:cb:d9:91:df:e8:2c:22:13:36:08:
         44:df:48:cf:4c:53:bc:42:af:0e:40:8b:eb:97:56:06:25:7b:
         17:f0:9b:a3:ec:f5:3a:6b:b0:14:00:55:51:57:00:40:09:db:
         ee:06:97:c4:74:91:19:10:12:dd:1a:8a:41:84:6b:9e:c5:7a:
         e7:33:32:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jGh0kf3YWZRTrWj4ptgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWZiYjkyN2IyOTUwNjJiN2QwYTcyMDQ3YjZiNGFhMWIw
ZjliMjkwHhcNMjUwMTAxMDM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNkNmIyZmE3NGFlMjY0MTk4OWUxODI3NDE4MTI2NjA2NDc2ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz5PJksGFBkRB/vQFX5IKdi9yCGE
uregMNrqXi1DYeLtGKDkCBHhYanx+Xry1gwCJ/NWxl0pG4cyDbXOiaHnPPQkKhXd
hgnfHq8iw3m7oVcM6wO4zaM5Fq1RBYY+QlELNL0tNlcAoAUwF7yfIptOdLFrLBwS
JE8GlbC6IP3Y9eP+TjI0QUp3QcTtEvf0VPdDy4jPtA51X/o0jbJ2UGQBBRZO6NmD
A2pIs2GeZqlyroW8lBQaRzsfzxYYYxaBSRl+UsBoawWKIbY1naPrVOXDbnuMPRkW
B9LbY1zv4zxSE+mASZgtMpA1iCZD3c11qEY0+vHXgbkubGAa6qMXpX3HkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF89ay+nSuJkGYnhgnQYEmYGR22eMB8GA1UdIwQY
MBaAFINfu5J7KVBit9CnIEe2tKobD5spMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzEtN2tuc3BVR0szMEtjZ1I3YTBxaHNQbXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9jNjRiZjQtYzYwNS00NjFhLWJiNzQt
YjE4ZjhmN2Q5MGU4LzEvWHoxckw2ZEs0bVFaaWVHQ2RCZ1NaZ1pIYlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9jNjRiZjQtYzYwNS00NjFhLWJiNzQtYjE4ZjhmN2Q5MGU4
LzEvZzEtN2tuc3BVR0szMEtjZ1I3YTBxaHNQbXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaxoMA0G
CSqGSIb3DQEBCwUAA4IBAQAeuyxBUJbxXDtPWEW8bfekVkk/XViA1y097Qt6dcGN
E1ObWaAdR3d2JQHYUkKYZAQ99nqzxXLj5SKi8P3WaUULtIbXueISARVvNXH0aD9x
wqhwnqaxsCsN0ovrnn0Or/9c7Zvk/4fS3i0m3sNfbBsl8fFoKigBOWFtr95aXQ6N
uGi8DIq0o+sQ54ykVlBSFL04P9rDnUgrlRu1K6RXORQhAl+W5qrXNYuk8yldpIgM
GmeStiWnyH/eel6CC8vZkd/oLCITNghE30jPTFO8Qq8OQIvrl1YGJXsX8Juj7PU6
a7AUAFVRVwBACdvuBpfEdJEZEBLdGopBhGuexXrnMzLt
-----END CERTIFICATE-----