Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/u0DOKBtKEXfOYPXrhlfb2Ryk4Zc.roa
File:                     u0DOKBtKEXfOYPXrhlfb2Ryk4Zc.roa (raw, json)
Hash identifier:          VOn09+bdFNjvpl/Gu+Ha0G2LvOgVJGvmVcF7NTjr9S0=
Subject key identifier:   BB:40:CE:28:1B:4A:11:77:CE:60:F5:EB:86:57:DB:D9:1C:A4:E1:97
Certificate issuer:       /CN=14268e4c2e025330df26fd404cae0f6af26ccc23
Certificate serial:       019421B208372FCCE1DA42FCC5959160E755
Authority key identifier: 14:26:8E:4C:2E:02:53:30:DF:26:FD:40:4C:AE:0F:6A:F2:6C:CC:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FCaOTC4CUzDfJv1ATK4PavJszCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/u0DOKBtKEXfOYPXrhlfb2Ryk4Zc.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210424
IP address blocks:        185.65.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/FCaOTC4CUzDfJv1ATK4PavJszCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/FCaOTC4CUzDfJv1ATK4PavJszCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FCaOTC4CUzDfJv1ATK4PavJszCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:08:37:2f:cc:e1:da:42:fc:c5:95:91:60:e7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14268e4c2e025330df26fd404cae0f6af26ccc23
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb40ce281b4a1177ce60f5eb8657dbd91ca4e197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:98:be:e2:32:4b:f6:a1:b1:26:68:7b:a8:13:
                    73:d4:0b:40:5e:c5:70:4b:a9:02:6c:08:b8:67:c0:
                    13:78:b7:40:e8:81:45:1a:28:fe:79:54:be:48:00:
                    e8:2c:42:35:c2:fa:5d:32:8c:ec:9d:46:17:e0:27:
                    25:25:c2:0a:cd:42:4c:f8:5a:75:a9:0a:3e:82:df:
                    0f:7b:80:24:f3:1a:fc:c4:63:0b:29:ac:a4:d9:99:
                    56:da:8f:5f:b7:85:31:80:96:db:14:9b:a7:6c:d5:
                    4c:ba:53:e0:27:55:67:34:bf:7a:83:05:ee:93:52:
                    dd:cb:fb:82:88:2f:23:ad:2a:c8:31:da:f0:65:18:
                    e3:db:70:f3:19:d6:a9:f4:ee:9f:e2:f5:d9:a8:63:
                    e0:00:7b:3c:a6:56:80:26:8a:80:82:6d:87:78:e2:
                    91:86:c7:35:2b:9a:af:22:1e:cb:4b:02:da:8e:aa:
                    8f:61:7e:72:0e:c3:cd:d2:ca:43:3e:0c:7b:d3:85:
                    9a:0e:00:72:fe:2a:5a:00:ab:d3:94:18:5b:bc:e8:
                    ff:f3:6a:fe:fe:9f:75:50:9d:6b:03:c5:25:00:9c:
                    c2:82:43:87:64:17:0d:a3:4c:f1:ee:e1:96:4f:a4:
                    53:28:a8:87:c7:da:05:68:51:c8:c1:7c:33:6f:e7:
                    a4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:40:CE:28:1B:4A:11:77:CE:60:F5:EB:86:57:DB:D9:1C:A4:E1:97
            X509v3 Authority Key Identifier:
                keyid:14:26:8E:4C:2E:02:53:30:DF:26:FD:40:4C:AE:0F:6A:F2:6C:CC:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FCaOTC4CUzDfJv1ATK4PavJszCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/u0DOKBtKEXfOYPXrhlfb2Ryk4Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1f8a09-4365-4bba-8e35-5ee274eb7eab/1/FCaOTC4CUzDfJv1ATK4PavJszCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ee:f8:d9:e6:5b:9f:3b:4b:ef:f0:36:01:41:7a:17:bc:92:
         fb:53:09:f2:c9:f5:1d:cf:3f:6a:bf:90:3c:eb:76:bc:d1:35:
         67:ff:9c:d9:f9:54:0a:fa:09:5a:d5:4d:aa:81:fb:d4:05:7f:
         da:04:3a:8e:ef:b1:e5:a7:df:f4:99:4e:b8:35:de:e4:0c:35:
         8a:77:e4:00:c1:fc:e1:ab:d9:21:0c:f0:1b:42:f0:0f:a3:90:
         b2:39:63:5b:88:b2:72:f1:23:28:71:f6:31:c6:41:01:c0:9c:
         3c:d1:08:a3:ae:3c:24:cc:df:33:b7:8b:c3:ff:0d:d6:46:fb:
         7e:16:c6:53:b3:d2:b2:8d:c3:6d:a8:33:99:e4:56:84:7a:a7:
         51:3f:2a:b2:45:84:1a:df:b0:86:5b:e6:b7:6b:0b:5b:db:af:
         f5:67:50:2a:bd:82:8b:2a:74:26:c4:92:68:d7:95:eb:b2:0f:
         07:8b:0f:1c:ae:b3:66:86:52:01:85:fb:95:fc:1d:bf:8c:cb:
         77:76:36:57:18:4a:ee:bb:23:1e:d2:a3:d6:7d:d0:d2:3d:65:
         97:55:af:f4:17:1a:4c:a0:10:3a:83:32:ee:19:d6:ee:f9:9e:
         55:67:0a:64:30:5a:e3:36:b4:82:80:8e:77:5f:ea:32:8e:ed:
         ea:2b:50:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgg3L8zh2kL8xZWRYOdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MjY4ZTRjMmUwMjUzMzBkZjI2ZmQ0MDRjYWUwZjZhZjI2
Y2NjMjMwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQwY2UyODFiNGExMTc3Y2U2MGY1ZWI4NjU3ZGJkOTFjYTRlMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZi+4jJL9qGxJmh7qBNz1AtAXsVw
S6kCbAi4Z8ATeLdA6IFFGij+eVS+SADoLEI1wvpdMozsnUYX4CclJcIKzUJM+Fp1
qQo+gt8Pe4Ak8xr8xGMLKayk2ZlW2o9ft4UxgJbbFJunbNVMulPgJ1VnNL96gwXu
k1Ldy/uCiC8jrSrIMdrwZRjj23DzGdap9O6f4vXZqGPgAHs8plaAJoqAgm2HeOKR
hsc1K5qvIh7LSwLajqqPYX5yDsPN0spDPgx704WaDgBy/ipaAKvTlBhbvOj/82r+
/p91UJ1rA8UlAJzCgkOHZBcNo0zx7uGWT6RTKKiHx9oFaFHIwXwzb+ek3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtAzigbShF3zmD164ZX29kcpOGXMB8GA1UdIwQY
MBaAFBQmjkwuAlMw3yb9QEyuD2rybMwjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkNhT1RDNENVekRmSnYxQVRLNFBhdkpzekNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8xZjhhMDktNDM2NS00YmJhLThlMzUt
NWVlMjc0ZWI3ZWFiLzEvdTBET0tCdEtFWGZPWVBYcmhsZmIyUnlrNFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8xZjhhMDktNDM2NS00YmJhLThlMzUtNWVlMjc0ZWI3ZWFi
LzEvRkNhT1RDNENVekRmSnYxQVRLNFBhdkpzekNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUFNMA0G
CSqGSIb3DQEBCwUAA4IBAQBU7vjZ5lufO0vv8DYBQXoXvJL7UwnyyfUdzz9qv5A8
63a80TVn/5zZ+VQK+gla1U2qgfvUBX/aBDqO77Hlp9/0mU64Nd7kDDWKd+QAwfzh
q9khDPAbQvAPo5CyOWNbiLJy8SMocfYxxkEBwJw80QijrjwkzN8zt4vD/w3WRvt+
FsZTs9KyjcNtqDOZ5FaEeqdRPyqyRYQa37CGW+a3awtb26/1Z1AqvYKLKnQmxJJo
15Xrsg8Hiw8crrNmhlIBhfuV/B2/jMt3djZXGEruuyMe0qPWfdDSPWWXVa/0FxpM
oBA6gzLuGdbu+Z5VZwpkMFrjNrSCgI53X+oyju3qK1Bx
-----END CERTIFICATE-----