Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/_wOAzM_uG9ZKvF1XTUYbhv67nVM.roa
File:                     _wOAzM_uG9ZKvF1XTUYbhv67nVM.roa (raw, json)
Hash identifier:          YsJJfaahevvQpOkAYhPhhrTQuZpLLWZxUc8rH3J04no=
Subject key identifier:   FF:03:80:CC:CF:EE:1B:D6:4A:BC:5D:57:4D:46:1B:86:FE:BB:9D:53
Certificate issuer:       /CN=d9486f7fe4eb6d949b8007b4e4198ce1c878302e
Certificate serial:       01942521574E247A13FCC7533008830C8A91
Authority key identifier: D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/_wOAzM_uG9ZKvF1XTUYbhv67nVM.roa
Signing time:             Thu 02 Jan 2025 03:48:49 +0000
ROA not before:           Thu 02 Jan 2025 03:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211592
IP address blocks:        185.254.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:57:4e:24:7a:13:fc:c7:53:30:08:83:0c:8a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9486f7fe4eb6d949b8007b4e4198ce1c878302e
        Validity
            Not Before: Jan  2 03:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff0380cccfee1bd64abc5d574d461b86febb9d53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5f:d4:76:91:72:e3:56:f3:95:fd:e5:39:44:
                    9b:1b:e5:61:12:b2:98:11:8f:03:51:7d:a7:ba:b0:
                    46:7f:b3:27:a7:61:36:c6:47:b9:36:42:83:b4:01:
                    29:12:c7:c2:3e:bf:86:f0:e7:fd:cb:ce:0b:f9:2e:
                    57:77:63:70:ec:85:d2:ed:de:9c:64:b0:cb:7f:ef:
                    7c:63:6e:18:b6:cc:4e:28:b5:30:08:e3:ee:02:77:
                    88:fe:17:07:a3:39:8e:06:b5:39:5e:ee:d5:0a:01:
                    a1:11:d3:61:c7:d9:77:6b:45:29:71:36:b1:cc:3a:
                    5e:89:74:1f:75:b5:82:a1:e5:f4:71:25:c7:33:bb:
                    1b:89:17:6b:58:f6:4e:8e:85:5c:84:68:33:dd:cf:
                    b3:b1:b8:01:6f:f3:81:3f:19:73:12:d6:a2:8f:98:
                    27:72:b3:58:07:d7:35:91:1e:45:2e:47:0a:89:0a:
                    57:13:85:29:00:d9:58:62:fe:49:5e:28:b6:e4:99:
                    13:e7:cf:fe:e2:af:bb:92:de:e5:89:fd:89:cd:77:
                    a3:03:0b:10:be:97:44:0e:64:ba:20:0a:a8:d2:ce:
                    8c:55:41:01:93:ae:79:4a:04:78:c3:dc:50:1f:d8:
                    4f:bc:a7:5f:f6:ce:0b:05:3d:86:26:89:d6:5d:49:
                    07:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:03:80:CC:CF:EE:1B:D6:4A:BC:5D:57:4D:46:1B:86:FE:BB:9D:53
            X509v3 Authority Key Identifier:
                keyid:D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/_wOAzM_uG9ZKvF1XTUYbhv67nVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:fa:10:4d:62:59:bf:2b:35:ae:39:b2:0e:d1:64:3b:e3:
         4e:84:43:3a:63:04:29:51:8c:34:4e:50:19:2e:d0:70:3e:c2:
         58:e6:19:14:06:30:ef:31:27:08:f4:1a:83:f2:32:87:41:91:
         8f:dd:5f:e7:3d:fd:d3:23:43:74:f9:cb:f5:e5:1f:62:23:3a:
         22:e7:8f:6d:e9:96:b6:a0:b3:90:82:e7:17:09:d6:47:27:14:
         ca:0c:48:71:6c:33:89:74:8d:c4:78:ab:f5:fd:3a:0d:b7:8c:
         9c:ee:c7:2e:64:91:0b:0b:32:b7:37:4c:54:0c:c2:14:63:8b:
         7a:70:39:fc:00:86:02:b7:ad:ac:bc:6f:a9:f7:40:3e:c6:fe:
         7a:9a:89:24:d0:26:38:ec:cb:a1:44:0f:13:a1:31:ab:46:dd:
         0c:28:62:64:8c:02:b6:e4:2f:67:9c:a3:a0:2d:55:25:c9:03:
         b4:e6:e2:0e:ec:22:2d:e8:cf:94:e5:82:e0:3b:ed:d3:3d:6e:
         5e:e4:3e:1d:ea:99:c8:a9:40:f7:d6:44:3b:7b:85:3b:1d:b3:
         81:75:dc:05:90:04:67:d9:97:7d:7f:96:a5:0b:5d:0f:17:4d:
         a7:2e:9c:00:ba:d3:3e:de:a8:4b:d0:ff:5d:64:ab:1a:3d:df:
         d8:13:95:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVdOJHoT/MdTMAiDDIqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDg2ZjdmZTRlYjZkOTQ5YjgwMDdiNGU0MTk4Y2UxYzg3
ODMwMmUwHhcNMjUwMTAyMDM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjAzODBjY2NmZWUxYmQ2NGFiYzVkNTc0ZDQ2MWI4NmZlYmI5ZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5F/UdpFy41bzlf3lOUSbG+VhErKY
EY8DUX2nurBGf7Mnp2E2xke5NkKDtAEpEsfCPr+G8Of9y84L+S5Xd2Nw7IXS7d6c
ZLDLf+98Y24YtsxOKLUwCOPuAneI/hcHozmOBrU5Xu7VCgGhEdNhx9l3a0UpcTax
zDpeiXQfdbWCoeX0cSXHM7sbiRdrWPZOjoVchGgz3c+zsbgBb/OBPxlzEtaij5gn
crNYB9c1kR5FLkcKiQpXE4UpANlYYv5JXii25JkT58/+4q+7kt7lif2JzXejAwsQ
vpdEDmS6IAqo0s6MVUEBk655SgR4w9xQH9hPvKdf9s4LBT2GJonWXUkHawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8DgMzP7hvWSrxdV01GG4b+u51TMB8GA1UdIwQY
MBaAFNlIb3/k622Um4AHtOQZjOHIeDAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVodmYtVHJiWlNiZ0FlMDVCbU00Y2g0TUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMDQyZDItNjFkMi00MzRkLThlNWIt
ODg2YzQxNmI5MDUxLzEvX3dPQXpNX3VHOVpLdkYxWFRVWWJodjY3blZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMDQyZDItNjFkMi00MzRkLThlNWItODg2YzQxNmI5MDUx
LzEvMlVodmYtVHJiWlNiZ0FlMDVCbU00Y2g0TUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf6mMA0G
CSqGSIb3DQEBCwUAA4IBAQAYw/oQTWJZvys1rjmyDtFkO+NOhEM6YwQpUYw0TlAZ
LtBwPsJY5hkUBjDvMScI9BqD8jKHQZGP3V/nPf3TI0N0+cv15R9iIzoi549t6Za2
oLOQgucXCdZHJxTKDEhxbDOJdI3EeKv1/ToNt4yc7scuZJELCzK3N0xUDMIUY4t6
cDn8AIYCt62svG+p90A+xv56mokk0CY47MuhRA8ToTGrRt0MKGJkjAK25C9nnKOg
LVUlyQO05uIO7CIt6M+U5YLgO+3TPW5e5D4d6pnIqUD31kQ7e4U7HbOBddwFkARn
2Zd9f5alC10PF02nLpwAutM+3qhL0P9dZKsaPd/YE5Ut
-----END CERTIFICATE-----