Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/xzcqcrFf-ra6k9gJVEfYsUOL7r0.roa
File:                     xzcqcrFf-ra6k9gJVEfYsUOL7r0.roa (raw, json)
Hash identifier:          tLEmQ4Ip0nJAlYr4VF0AY9UERYkLlEbUUc3k5bIYBQM=
Subject key identifier:   C7:37:2A:72:B1:5F:FA:B6:BA:93:D8:09:54:47:D8:B1:43:8B:EE:BD
Certificate issuer:       /CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
Certificate serial:       0194258ED7F64684FA6E6DD22C2F924948CC
Authority key identifier: 43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/xzcqcrFf-ra6k9gJVEfYsUOL7r0.roa
Signing time:             Thu 02 Jan 2025 05:48:25 +0000
ROA not before:           Thu 02 Jan 2025 05:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62119
IP address blocks:        185.137.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d7:f6:46:84:fa:6e:6d:d2:2c:2f:92:49:48:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
        Validity
            Not Before: Jan  2 05:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7372a72b15ffab6ba93d8095447d8b1438beebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:af:48:2e:86:b2:d8:78:0a:b1:81:01:3e:9b:
                    e3:3d:48:dd:e8:ec:c1:90:d9:b0:4f:97:56:76:22:
                    23:98:4c:71:1e:e2:db:3e:d8:a4:e1:f6:7b:8c:ab:
                    2e:26:19:e2:10:ce:dd:0c:ff:46:26:e6:d1:ce:6c:
                    6d:01:98:43:60:4c:96:1a:db:63:41:99:d2:65:ba:
                    36:77:6b:38:c6:2a:f8:59:3e:30:2d:e2:05:25:bf:
                    de:2c:62:43:a1:02:38:b9:2d:57:d6:64:c1:3c:05:
                    48:29:5b:14:72:89:55:5a:ed:81:d6:c4:d6:cf:44:
                    9a:8a:4c:9c:00:be:62:b5:f9:73:92:bb:24:3f:34:
                    28:41:47:2c:de:86:dd:cb:3d:e5:8f:b9:2c:7b:d2:
                    c1:14:53:5a:41:69:43:63:9d:7a:9d:b0:02:f9:4d:
                    ad:11:b0:48:36:e1:e8:8a:5c:95:d6:fd:b2:fa:7e:
                    d3:74:83:5f:de:c8:e5:26:ef:b4:64:7f:9e:3a:d0:
                    37:39:6d:7b:e3:a5:a3:8a:c5:ab:1d:3e:26:3d:12:
                    bd:2c:7a:a7:59:57:e6:b5:ad:07:50:6b:b7:35:10:
                    df:f3:dd:2d:59:75:01:c6:60:87:ed:fd:46:f8:f0:
                    ae:fa:b3:ff:a4:c6:3a:b6:37:93:3c:4b:08:b4:0d:
                    83:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:37:2A:72:B1:5F:FA:B6:BA:93:D8:09:54:47:D8:B1:43:8B:EE:BD
            X509v3 Authority Key Identifier:
                keyid:43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/xzcqcrFf-ra6k9gJVEfYsUOL7r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ea:86:f7:56:4a:2b:a1:f4:82:be:a6:3a:95:30:ec:83:f4:
         20:c1:d0:93:91:93:4b:e5:95:e1:5a:67:6c:48:9f:fb:76:ce:
         3e:db:1c:9d:79:ac:1d:a1:71:c7:b1:71:2a:d6:66:ed:1d:c3:
         3b:9f:ea:c8:7d:21:1f:06:10:25:e7:25:e3:ba:5a:24:dd:ca:
         3d:80:1a:a4:9e:7a:ce:61:35:01:2c:da:b7:b5:5d:08:d5:5e:
         e3:0d:81:49:49:52:94:85:c8:cc:e9:ee:f2:48:1c:d8:5e:70:
         63:49:74:f8:11:d3:92:9d:e8:d3:7a:80:e1:e0:3f:82:f6:2c:
         4e:38:33:74:c6:12:0e:97:f5:c2:7c:a5:27:a9:24:d1:79:95:
         5b:78:b4:3f:4d:13:f5:d0:cb:55:00:80:a8:22:7c:81:2e:3f:
         71:3d:c1:88:91:39:96:26:30:c2:b8:99:dd:29:7d:d2:22:c7:
         87:65:4f:1b:dd:cc:cb:7a:e1:8e:c8:04:bb:8e:1d:d9:51:2e:
         dc:a3:da:7e:e3:78:6f:5b:f9:98:6d:4d:5f:b7:f8:02:c9:95:
         ae:a5:08:f6:ea:7c:c1:ac:35:77:0b:ff:2b:66:3f:6a:50:a8:
         5f:bd:ff:e7:ae:f1:f8:73:4e:6c:29:8b:36:51:72:e5:df:55:
         8e:7b:16:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljtf2RoT6bm3SLC+SSUjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTRhNDE5MjI1ZDVkNzlmNGExYWUxNTIwYTNiMWE1NmQ0
NTI2OGMwHhcNMjUwMTAyMDU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM3MmE3MmIxNWZmYWI2YmE5M2Q4MDk1NDQ3ZDhiMTQzOGJlZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq9ILoay2HgKsYEBPpvjPUjd6OzB
kNmwT5dWdiIjmExxHuLbPtik4fZ7jKsuJhniEM7dDP9GJubRzmxtAZhDYEyWGttj
QZnSZbo2d2s4xir4WT4wLeIFJb/eLGJDoQI4uS1X1mTBPAVIKVsUcolVWu2B1sTW
z0SaikycAL5itflzkrskPzQoQUcs3obdyz3lj7kse9LBFFNaQWlDY516nbAC+U2t
EbBINuHoilyV1v2y+n7TdINf3sjlJu+0ZH+eOtA3OW1746WjisWrHT4mPRK9LHqn
WVfmta0HUGu3NRDf890tWXUBxmCH7f1G+PCu+rP/pMY6tjeTPEsItA2DqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc3KnKxX/q2upPYCVRH2LFDi+69MB8GA1UdIwQY
MBaAFENUpBkiXV159KGuFSCjsaVtRSaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEt
Njg4ZDUxYTQ0NDQ4LzEveHpjcWNyRmYtcmE2azlnSlZFZllzVU9MN3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEtNjg4ZDUxYTQ0NDQ4
LzEvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAo6ob3VkorofSCvqY6lTDsg/QgwdCTkZNL5ZXhWmds
SJ/7ds4+2xydeawdoXHHsXEq1mbtHcM7n+rIfSEfBhAl5yXjulok3co9gBqknnrO
YTUBLNq3tV0I1V7jDYFJSVKUhcjM6e7ySBzYXnBjSXT4EdOSnejTeoDh4D+C9ixO
ODN0xhIOl/XCfKUnqSTReZVbeLQ/TRP10MtVAICoInyBLj9xPcGIkTmWJjDCuJnd
KX3SIseHZU8b3czLeuGOyAS7jh3ZUS7co9p+43hvW/mYbU1ft/gCyZWupQj26nzB
rDV3C/8rZj9qUKhfvf/nrvH4c05sKYs2UXLl31WOexYw
-----END CERTIFICATE-----