Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/0TM8RaOIPFOpyp7Wz-Yo2ky-FH4.roa
File:                     0TM8RaOIPFOpyp7Wz-Yo2ky-FH4.roa (raw, json)
Hash identifier:          XeQkg3QeFHikM/cwWNNdphRvfPZiBaMh4xO56QjpXcM=
Subject key identifier:   D1:33:3C:45:A3:88:3C:53:A9:CA:9E:D6:CF:E6:28:DA:4C:BE:14:7E
Certificate issuer:       /CN=d5f5e7dddc47c71044865bc5cdc2587efdab0b9c
Certificate serial:       019426D95346E941DBB3FFC66286F529F9D8
Authority key identifier: D5:F5:E7:DD:DC:47:C7:10:44:86:5B:C5:CD:C2:58:7E:FD:AB:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fXn3dxHxxBEhlvFzcJYfv2rC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/0TM8RaOIPFOpyp7Wz-Yo2ky-FH4.roa
Signing time:             Thu 02 Jan 2025 11:49:24 +0000
ROA not before:           Thu 02 Jan 2025 11:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212881
IP address blocks:        185.40.107.0/24 maxlen: 24
                          2a0c:ef00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/1fXn3dxHxxBEhlvFzcJYfv2rC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/1fXn3dxHxxBEhlvFzcJYfv2rC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fXn3dxHxxBEhlvFzcJYfv2rC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:53:46:e9:41:db:b3:ff:c6:62:86:f5:29:f9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f5e7dddc47c71044865bc5cdc2587efdab0b9c
        Validity
            Not Before: Jan  2 11:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1333c45a3883c53a9ca9ed6cfe628da4cbe147e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b9:f8:aa:e4:cc:1b:67:a1:95:67:01:66:97:
                    5b:1b:07:b1:c9:fa:75:e8:96:e0:91:af:b2:e3:04:
                    89:0e:05:61:2c:fd:11:c3:15:a3:24:ca:ce:59:6c:
                    18:e0:3b:4c:6b:95:58:91:f1:9e:c1:5f:59:91:a7:
                    4e:89:78:e3:a0:95:53:1f:fb:0d:36:a7:3b:d0:bb:
                    62:74:2d:6e:52:9d:40:ad:f9:6c:18:74:e8:19:94:
                    a3:19:b1:5d:2a:61:7d:5e:ab:54:f3:60:36:88:27:
                    5f:87:c2:e2:c2:51:a6:48:24:34:6d:75:dd:e9:71:
                    d3:1f:12:b1:b9:24:b8:cc:1a:51:14:f4:a7:09:75:
                    18:85:b9:f2:9b:5d:bd:7d:46:e6:a1:83:4b:02:22:
                    82:f6:b6:ca:cf:13:5c:df:c6:7e:79:7f:2c:bd:ef:
                    0b:82:65:d9:7c:f0:24:56:e7:49:be:0a:6b:63:3a:
                    cd:b4:f4:2a:8c:b7:05:ad:db:80:b5:4a:ee:99:8b:
                    93:a3:99:60:a5:a8:f9:ca:dd:24:c8:7f:3a:5d:d7:
                    ff:29:10:79:d2:ad:b7:66:a9:37:0a:c4:cf:3e:77:
                    e5:00:eb:6f:cd:7c:74:7a:a9:a6:5d:0f:18:6c:d4:
                    21:76:4a:ec:7a:d2:98:99:86:3b:cb:0b:db:88:71:
                    c9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:33:3C:45:A3:88:3C:53:A9:CA:9E:D6:CF:E6:28:DA:4C:BE:14:7E
            X509v3 Authority Key Identifier:
                keyid:D5:F5:E7:DD:DC:47:C7:10:44:86:5B:C5:CD:C2:58:7E:FD:AB:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fXn3dxHxxBEhlvFzcJYfv2rC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/0TM8RaOIPFOpyp7Wz-Yo2ky-FH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/826faf-37b4-438f-8f90-29fe7cc66c8d/1/1fXn3dxHxxBEhlvFzcJYfv2rC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.107.0/24
                IPv6:
                  2a0c:ef00::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:b4:c3:6e:2e:57:0a:a8:c4:a3:c4:80:c7:8e:a9:ad:bc:87:
         d2:99:b5:3d:62:80:00:8d:16:6e:ce:8d:99:b2:96:f1:be:9d:
         9d:c0:29:f7:11:8f:00:52:6b:ca:cf:b8:4a:2a:da:40:65:92:
         46:89:29:7f:21:85:ed:79:4c:9a:0b:43:c7:c3:de:2f:63:93:
         8f:55:a7:bb:51:dc:6d:49:b7:69:a5:ff:ad:c1:0a:e1:27:c0:
         87:65:13:1b:4f:03:7d:7e:9a:20:d0:d7:04:c1:31:0e:f1:e7:
         d9:05:fa:26:87:72:e8:7b:35:2e:49:e3:d8:a1:7b:83:59:b5:
         7c:09:3b:f7:63:7a:22:bd:26:93:1f:7b:e7:4b:71:ea:37:2f:
         6d:34:8c:31:67:5a:63:48:d2:13:15:ef:74:37:93:03:2b:d3:
         ae:4c:40:df:d6:48:8d:c1:6a:b5:d5:93:00:cf:a1:c1:e9:c6:
         43:0f:3c:dd:d1:41:d0:89:e1:1e:75:94:6a:cd:b6:d2:97:2b:
         0d:22:b1:29:e7:fa:f7:57:16:cf:65:52:51:0f:c8:6f:ba:2d:
         39:dc:66:4e:14:23:3b:50:c9:16:22:f6:f8:1e:c1:1d:0b:06:
         76:15:e2:0e:7b:4c:14:7b:ce:22:56:74:74:c4:7c:62:9c:40:
         39:83:c5:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2VNG6UHbs//GYob1KfnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjVlN2RkZGM0N2M3MTA0NDg2NWJjNWNkYzI1ODdlZmRh
YjBiOWMwHhcNMjUwMTAyMTE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTMzM2M0NWEzODgzYzUzYTljYTllZDZjZmU2MjhkYTRjYmUxNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLn4quTMG2ehlWcBZpdbGwexyfp1
6Jbgka+y4wSJDgVhLP0RwxWjJMrOWWwY4DtMa5VYkfGewV9ZkadOiXjjoJVTH/sN
Nqc70LtidC1uUp1ArflsGHToGZSjGbFdKmF9XqtU82A2iCdfh8LiwlGmSCQ0bXXd
6XHTHxKxuSS4zBpRFPSnCXUYhbnym129fUbmoYNLAiKC9rbKzxNc38Z+eX8sve8L
gmXZfPAkVudJvgprYzrNtPQqjLcFrduAtUrumYuTo5lgpaj5yt0kyH86Xdf/KRB5
0q23Zqk3CsTPPnflAOtvzXx0eqmmXQ8YbNQhdkrsetKYmYY7ywvbiHHJ9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNEzPEWjiDxTqcqe1s/mKNpMvhR+MB8GA1UdIwQY
MBaAFNX1593cR8cQRIZbxc3CWH79qwucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZYbjNkeEh4eEJFaGx2RnpjSllmdjJyQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84MjZmYWYtMzdiNC00MzhmLThmOTAt
MjlmZTdjYzY2YzhkLzEvMFRNOFJhT0lQRk9weXA3V3otWW8ya3ktRkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84MjZmYWYtMzdiNC00MzhmLThmOTAtMjlmZTdjYzY2Yzhk
LzEvMWZYbjNkeEh4eEJFaGx2RnpjSllmdjJyQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuShrMA0E
AgACMAcDBQAqDO8AMA0GCSqGSIb3DQEBCwUAA4IBAQBftMNuLlcKqMSjxIDHjqmt
vIfSmbU9YoAAjRZuzo2Zspbxvp2dwCn3EY8AUmvKz7hKKtpAZZJGiSl/IYXteUya
C0PHw94vY5OPVae7UdxtSbdppf+twQrhJ8CHZRMbTwN9fpog0NcEwTEO8efZBfom
h3LoezUuSePYoXuDWbV8CTv3Y3oivSaTH3vnS3HqNy9tNIwxZ1pjSNITFe90N5MD
K9OuTEDf1kiNwWq11ZMAz6HB6cZDDzzd0UHQieEedZRqzbbSlysNIrEp5/r3VxbP
ZVJRD8hvui053GZOFCM7UMkWIvb4HsEdCwZ2FeIOe0wUe84iVnR0xHxinEA5g8Wu
-----END CERTIFICATE-----