Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/0fTzrR0FgT99fPQppUr0MJauodA.roa
File:                     0fTzrR0FgT99fPQppUr0MJauodA.roa (raw, json)
Hash identifier:          vrJgtNANw3B/qMAsMw5g4uVNE+VfKXWhBzBneo91BaY=
Subject key identifier:   D1:F4:F3:AD:1D:05:81:3F:7D:7C:F4:29:A5:4A:F4:30:96:AE:A1:D0
Certificate issuer:       /CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
Certificate serial:       0196DB698F9E6FD15B54BB2EF288274E6499
Authority key identifier: 03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/0fTzrR0FgT99fPQppUr0MJauodA.roa
Signing time:             Fri 16 May 2025 23:24:10 +0000
ROA not before:           Fri 16 May 2025 23:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        185.84.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:db:69:8f:9e:6f:d1:5b:54:bb:2e:f2:88:27:4e:64:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
        Validity
            Not Before: May 16 23:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1f4f3ad1d05813f7d7cf429a54af43096aea1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c4:64:b8:6e:62:b0:b3:65:d1:31:db:e9:fa:
                    e3:e2:82:0c:52:88:2f:a2:66:27:c5:2e:8b:9f:35:
                    89:41:b3:34:2b:e3:08:3a:44:b7:d6:ba:91:ea:47:
                    30:ef:cb:8c:fa:61:51:3f:f1:0d:47:74:f3:b0:62:
                    14:c4:55:63:5e:46:8e:a0:63:75:11:d9:88:6f:85:
                    66:6a:48:6b:3e:53:1f:7e:d6:8e:c7:7c:22:4e:b8:
                    7b:e0:e3:65:cd:12:20:29:4d:15:15:f3:f8:b1:d0:
                    6c:49:a0:13:f3:96:df:7d:e3:91:4d:5a:f6:ad:8c:
                    7a:94:54:ab:01:3b:6a:a4:b1:fe:60:a2:e8:92:67:
                    c7:eb:3c:b7:58:69:a3:bf:a7:34:9f:de:4e:b8:85:
                    7a:85:3d:3b:e3:48:68:47:7c:39:fb:7a:bd:5d:12:
                    96:b6:d1:23:29:60:c5:30:8c:66:14:b4:22:68:f9:
                    b7:09:30:9e:76:63:bd:a9:a5:3b:7f:39:59:51:8f:
                    d0:96:4f:4e:17:a1:92:de:73:45:10:a0:3d:a7:0b:
                    89:77:6e:95:45:bb:99:af:14:dc:e3:98:52:09:32:
                    4c:f4:0f:e2:7c:00:b1:3b:01:a3:ec:d0:98:ab:d2:
                    73:2b:d3:01:04:0b:cb:78:94:4a:31:19:2f:8c:af:
                    3a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F4:F3:AD:1D:05:81:3F:7D:7C:F4:29:A5:4A:F4:30:96:AE:A1:D0
            X509v3 Authority Key Identifier:
                keyid:03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/0fTzrR0FgT99fPQppUr0MJauodA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:67:47:e8:f7:79:89:c8:b3:ec:09:f5:98:ef:b9:cf:c9:d4:
         30:02:a0:67:e9:b1:b5:74:81:d5:49:44:e7:f1:cc:d8:8f:a7:
         a9:30:6d:19:98:57:11:fb:cc:1e:d7:da:af:ba:d4:8d:4e:93:
         e3:c8:64:44:63:5f:d3:91:1f:94:eb:d6:0e:63:91:df:48:a0:
         9c:0e:36:be:21:15:cd:38:55:67:68:c1:79:2d:a7:98:f3:b9:
         35:f2:f2:d7:8f:7f:40:49:c1:83:63:7e:e7:a8:6d:29:33:c4:
         80:72:dc:7e:c1:f9:6d:a7:48:92:8e:50:7e:23:67:7f:89:f8:
         f2:fb:01:1e:45:d3:44:40:19:37:51:af:4a:cb:fe:aa:7e:40:
         99:5f:64:1d:fb:c9:c6:22:39:4e:03:a2:64:2b:a1:a8:a4:ea:
         b7:89:17:98:c1:73:62:12:f2:0f:58:70:a0:e3:2c:6f:17:6e:
         8d:f1:05:4a:46:86:33:e1:34:85:b2:c2:7f:0a:b3:10:43:2c:
         a4:5e:23:43:d0:de:f2:28:c7:fc:57:c9:85:f2:e2:6e:0b:24:
         65:68:65:71:88:ad:ca:66:11:0e:2a:57:c0:12:4a:3b:be:98:
         04:70:fa:ad:27:d5:bb:dd:e5:18:93:2e:e7:de:67:46:55:97:
         21:cb:ee:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbbaY+eb9FbVLsu8ognTmSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzY0ZmNlZGQ2OTEzNTc3MzNjZDVjY2Q3MDI5ZGI4ZTYx
ZDFlM2EwHhcNMjUwNTE2MjMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY0ZjNhZDFkMDU4MTNmN2Q3Y2Y0MjlhNTRhZjQzMDk2YWVhMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysRkuG5isLNl0THb6frj4oIMUogv
omYnxS6LnzWJQbM0K+MIOkS31rqR6kcw78uM+mFRP/ENR3TzsGIUxFVjXkaOoGN1
EdmIb4VmakhrPlMfftaOx3wiTrh74ONlzRIgKU0VFfP4sdBsSaAT85bffeORTVr2
rYx6lFSrATtqpLH+YKLokmfH6zy3WGmjv6c0n95OuIV6hT0740hoR3w5+3q9XRKW
ttEjKWDFMIxmFLQiaPm3CTCedmO9qaU7fzlZUY/Qlk9OF6GS3nNFEKA9pwuJd26V
RbuZrxTc45hSCTJM9A/ifACxOwGj7NCYq9JzK9MBBAvLeJRKMRkvjK86gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH0860dBYE/fXz0KaVK9DCWrqHQMB8GA1UdIwQY
MBaAFAM2T87daRNXczzVzNcCnbjmHR46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEt
YWJmMGI1OTQ2NDZmLzEvMGZUenJSMEZnVDk5ZlBRcHBVcjBNSmF1b2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEtYWJmMGI1OTQ2NDZm
LzEvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVScMA0G
CSqGSIb3DQEBCwUAA4IBAQANZ0fo93mJyLPsCfWY77nPydQwAqBn6bG1dIHVSUTn
8czYj6epMG0ZmFcR+8we19qvutSNTpPjyGREY1/TkR+U69YOY5HfSKCcDja+IRXN
OFVnaMF5LaeY87k18vLXj39AScGDY37nqG0pM8SActx+wfltp0iSjlB+I2d/ifjy
+wEeRdNEQBk3Ua9Ky/6qfkCZX2Qd+8nGIjlOA6JkK6GopOq3iReYwXNiEvIPWHCg
4yxvF26N8QVKRoYz4TSFssJ/CrMQQyykXiND0N7yKMf8V8mF8uJuCyRlaGVxiK3K
ZhEOKlfAEko7vpgEcPqtJ9W73eUYky7n3mdGVZchy+61
-----END CERTIFICATE-----