Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/teJ51KVPIWV36Tlu6BnhXD2AUD4.roa
File:                     teJ51KVPIWV36Tlu6BnhXD2AUD4.roa (raw, json)
Hash identifier:          iirQ6/n4/0a+w6plKlxP3E2dDeNQoZhhCXUm/2+ugFU=
Subject key identifier:   B5:E2:79:D4:A5:4F:21:65:77:E9:39:6E:E8:19:E1:5C:3D:80:50:3E
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       0194228D21DA9A318FEFF6DF24345D72E464
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/teJ51KVPIWV36Tlu6BnhXD2AUD4.roa
Signing time:             Wed 01 Jan 2025 15:47:42 +0000
ROA not before:           Wed 01 Jan 2025 15:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49805
IP address blocks:        185.118.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:21:da:9a:31:8f:ef:f6:df:24:34:5d:72:e4:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Jan  1 15:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5e279d4a54f216577e9396ee819e15c3d80503e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:66:f6:26:37:b9:f0:88:6d:f4:c3:51:d5:17:
                    df:26:b4:6f:94:ee:c2:eb:73:ef:f3:73:eb:25:1d:
                    74:13:50:49:e5:da:f0:76:61:44:9a:2d:5f:76:f2:
                    39:a3:dc:0c:b1:d4:bc:4b:42:2c:f3:20:4d:5b:de:
                    01:78:01:58:6c:6a:13:5b:f0:5e:57:7c:6a:a8:aa:
                    db:33:3d:14:84:04:69:66:5b:dc:2e:61:ce:d1:5e:
                    dc:9a:12:b2:e0:f6:0a:ec:4e:dc:bd:39:ef:1d:bc:
                    78:21:9b:3d:b4:74:70:6b:dc:35:cc:05:9f:03:51:
                    97:d0:d9:55:15:ff:fd:fe:71:45:73:63:13:5b:44:
                    63:1f:4b:18:77:f8:3e:8f:f3:ea:b3:25:40:df:a5:
                    48:62:57:b4:b8:ac:66:89:92:a6:dd:fc:de:c3:ba:
                    c5:3c:9d:40:0f:d5:52:12:de:9e:13:4b:f6:97:e3:
                    fa:ca:d1:70:76:f4:28:79:47:b1:5c:24:54:a7:b5:
                    04:07:50:d6:73:20:81:d5:73:a9:0e:da:01:d3:65:
                    56:e6:15:28:6f:b0:84:9c:10:6c:ef:70:2c:56:37:
                    29:7e:5e:20:73:ef:2e:59:cc:13:6c:88:2b:ff:81:
                    40:00:c3:c7:8d:ec:da:1d:1c:a9:b2:a4:6e:75:96:
                    c7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E2:79:D4:A5:4F:21:65:77:E9:39:6E:E8:19:E1:5C:3D:80:50:3E
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/teJ51KVPIWV36Tlu6BnhXD2AUD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:98:d8:19:07:91:39:68:cd:de:c3:0e:d8:72:40:65:d1:49:
         aa:a6:3f:50:25:38:47:14:a3:25:d1:c0:83:37:e6:08:b8:f9:
         f9:87:f1:3a:c3:56:9d:8d:6f:d6:30:2d:ac:42:29:0b:84:37:
         e0:34:c1:7a:2a:2d:d9:54:5f:0f:70:18:61:8b:43:09:0e:17:
         a6:5f:85:e2:02:be:6b:9a:d4:d2:b4:00:3d:83:a2:c5:a4:fa:
         84:aa:ca:0b:a4:47:10:da:a7:a0:a9:7e:11:e8:4e:42:75:da:
         ab:71:fe:ba:6a:e8:0d:cf:48:45:c0:76:a7:58:f7:a3:07:dd:
         cf:d2:38:0b:7f:e7:29:f4:df:7a:1f:9f:41:b4:5a:22:aa:e0:
         48:75:64:16:6e:6a:00:66:8f:dc:f7:e7:97:95:67:b4:f8:8d:
         81:79:bf:26:23:65:fb:dc:d7:17:28:95:39:de:71:d3:a1:40:
         5c:ee:a1:c7:84:e5:bf:d6:d3:cb:04:3e:06:e2:cb:fb:7e:27:
         64:7e:7b:8e:72:0c:17:a0:0f:20:31:f1:7f:b0:c4:8f:41:37:
         61:b4:b3:75:4e:10:1d:86:c1:57:c7:50:6f:08:c7:1a:c3:12:
         d2:1a:a2:4d:03:48:d4:bb:22:4c:27:3d:21:bf:bc:29:7b:d6:
         d5:1a:6b:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSHamjGP7/bfJDRdcuRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwMTAxMTU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWUyNzlkNGE1NGYyMTY1NzdlOTM5NmVlODE5ZTE1YzNkODA1MDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWb2Jje58Iht9MNR1RffJrRvlO7C
63Pv83PrJR10E1BJ5drwdmFEmi1fdvI5o9wMsdS8S0Is8yBNW94BeAFYbGoTW/Be
V3xqqKrbMz0UhARpZlvcLmHO0V7cmhKy4PYK7E7cvTnvHbx4IZs9tHRwa9w1zAWf
A1GX0NlVFf/9/nFFc2MTW0RjH0sYd/g+j/PqsyVA36VIYle0uKxmiZKm3fzew7rF
PJ1AD9VSEt6eE0v2l+P6ytFwdvQoeUexXCRUp7UEB1DWcyCB1XOpDtoB02VW5hUo
b7CEnBBs73AsVjcpfl4gc+8uWcwTbIgr/4FAAMPHjezaHRypsqRudZbHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXiedSlTyFld+k5bugZ4Vw9gFA+MB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvdGVKNTFLVlBJV1YzNlRsdTZCbmhYRDJBVUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXaNMA0G
CSqGSIb3DQEBCwUAA4IBAQBrmNgZB5E5aM3eww7YckBl0Umqpj9QJThHFKMl0cCD
N+YIuPn5h/E6w1adjW/WMC2sQikLhDfgNMF6Ki3ZVF8PcBhhi0MJDhemX4XiAr5r
mtTStAA9g6LFpPqEqsoLpEcQ2qegqX4R6E5Cddqrcf66augNz0hFwHanWPejB93P
0jgLf+cp9N96H59BtFoiquBIdWQWbmoAZo/c9+eXlWe0+I2Beb8mI2X73NcXKJU5
3nHToUBc7qHHhOW/1tPLBD4G4sv7fidkfnuOcgwXoA8gMfF/sMSPQTdhtLN1ThAd
hsFXx1BvCMcawxLSGqJNA0jUuyJMJz0hv7wpe9bVGmuu
-----END CERTIFICATE-----