Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1-VoUxB16sFUpabKYYCaz09m0veQ.roa
File:                     1-VoUxB16sFUpabKYYCaz09m0veQ.roa (raw, json)
Hash identifier:          jBzaCnK55nBqjAgFzIbfoxSdnwHfF10JuSwdasZO+DQ=
Subject key identifier:   F9:5A:14:C4:1D:7A:B0:55:29:69:B2:98:60:26:B3:D3:D9:B4:BD:E4
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019424457239FF0295E8620FD1BC0D980D18
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1-VoUxB16sFUpabKYYCaz09m0veQ.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202855
IP address blocks:        168.199.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:72:39:ff:02:95:e8:62:0f:d1:bc:0d:98:0d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f95a14c41d7ab0552969b2986026b3d3d9b4bde4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:66:10:25:7e:e9:7d:8a:ec:c8:c6:56:89:f7:
                    46:9f:d5:d4:2d:88:62:f8:58:70:d3:8f:80:8a:ef:
                    f4:dd:6c:60:18:37:3f:25:88:16:61:18:e8:f2:f5:
                    75:43:67:68:8d:0a:5c:9e:0c:f4:01:b7:d8:18:5e:
                    7b:b9:6e:a3:c7:1b:7f:df:0c:7a:29:8a:84:be:eb:
                    9d:12:6b:1f:3b:d7:1b:ac:ef:6d:25:f0:0d:f5:ec:
                    73:25:46:47:28:32:89:31:fc:91:73:33:ff:56:b0:
                    e6:06:20:4b:d0:c0:41:ec:b9:e3:64:55:b5:23:e4:
                    c9:58:1e:a5:60:5c:f0:a8:e2:f7:85:c5:d9:33:ad:
                    36:95:93:2f:3b:57:b9:4d:3b:3e:59:d2:e4:c3:b9:
                    16:25:3f:04:42:c4:3a:1c:cd:aa:88:e1:ce:12:6e:
                    4f:fb:c6:99:98:ee:14:48:00:ba:bd:d8:48:8b:b2:
                    7a:bb:81:7c:00:7e:f7:e9:1b:17:38:c5:2d:61:16:
                    8e:15:df:d3:37:4c:ba:e2:82:6d:f5:54:5f:38:37:
                    5e:e8:2c:1f:66:24:0d:40:1a:2a:a5:51:2a:b7:85:
                    dd:6a:31:be:d3:4a:f5:72:e9:d9:d0:78:b3:0a:3e:
                    c9:89:23:23:a6:a8:12:f8:28:43:2a:cc:7d:8c:e6:
                    52:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5A:14:C4:1D:7A:B0:55:29:69:B2:98:60:26:B3:D3:D9:B4:BD:E4
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1-VoUxB16sFUpabKYYCaz09m0veQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:77:71:51:3b:46:4e:49:84:cf:89:4d:79:29:93:2e:98:a9:
         85:f0:30:3e:d0:b6:ec:1e:65:70:24:c6:c1:72:68:bd:76:ad:
         a3:eb:7f:0b:a9:b8:5e:db:3f:49:e3:7e:05:5d:73:65:01:ad:
         47:0a:fd:3f:59:22:fb:1c:a7:30:99:35:65:70:8f:e3:f1:c9:
         85:bd:e5:30:b2:3a:1c:d2:2c:63:86:4c:22:9c:8c:6e:46:47:
         db:05:cc:b0:04:ef:30:aa:76:7a:a0:08:5d:68:e2:6c:3f:73:
         66:0c:4a:c0:bb:f2:08:ee:3c:cb:26:cd:87:6d:e6:b6:91:b4:
         4f:17:35:81:23:6c:d6:33:10:38:58:f1:3b:c8:f2:15:05:3a:
         c7:eb:21:f8:78:9e:05:1b:dc:b3:53:dd:3c:ea:b6:e5:bd:7d:
         97:be:39:14:c4:20:b3:d6:17:7a:d7:d8:b8:fa:f0:b6:41:fc:
         b4:54:63:83:f4:0c:55:97:f7:ef:5e:d7:fb:dc:4f:f9:b9:3f:
         37:88:65:67:72:de:d5:07:3d:3c:ef:59:ac:90:6e:ef:c5:1a:
         81:fd:9b:56:04:24:ce:87:03:c4:c7:5c:99:bd:9e:e9:e1:8c:
         28:3c:3e:ba:c2:ec:a5:2b:30:fc:d2:0d:2c:54:04:2d:88:6a:
         23:b8:9c:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRXI5/wKV6GIP0bwNmA0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTVhMTRjNDFkN2FiMDU1Mjk2OWIyOTg2MDI2YjNkM2Q5YjRiZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWYQJX7pfYrsyMZWifdGn9XULYhi
+Fhw04+Aiu/03WxgGDc/JYgWYRjo8vV1Q2dojQpcngz0AbfYGF57uW6jxxt/3wx6
KYqEvuudEmsfO9cbrO9tJfAN9exzJUZHKDKJMfyRczP/VrDmBiBL0MBB7LnjZFW1
I+TJWB6lYFzwqOL3hcXZM602lZMvO1e5TTs+WdLkw7kWJT8EQsQ6HM2qiOHOEm5P
+8aZmO4USAC6vdhIi7J6u4F8AH736RsXOMUtYRaOFd/TN0y64oJt9VRfODde6Cwf
ZiQNQBoqpVEqt4XdajG+00r1cunZ0HizCj7JiSMjpqgS+ChDKsx9jOZSfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlaFMQderBVKWmymGAms9PZtL3kMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvMS1Wb1V4QjE2c0ZVcGFiS1lZQ2F6MDltMHZlUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvZmJjYzMyLTMzYzgtNDFmZi04OWZhLTJkMTkxOGJhMWMw
ZS8xL2dtWUZ0TkpfRTVhT2g1VG03d2tTSTNTSUY5Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKjHEjAN
BgkqhkiG9w0BAQsFAAOCAQEAcXdxUTtGTkmEz4lNeSmTLpiphfAwPtC27B5lcCTG
wXJovXato+t/C6m4Xts/SeN+BV1zZQGtRwr9P1ki+xynMJk1ZXCP4/HJhb3lMLI6
HNIsY4ZMIpyMbkZH2wXMsATvMKp2eqAIXWjibD9zZgxKwLvyCO48yybNh23mtpG0
Txc1gSNs1jMQOFjxO8jyFQU6x+sh+HieBRvcs1PdPOq25b19l745FMQgs9YXetfY
uPrwtkH8tFRjg/QMVZf3717X+9xP+bk/N4hlZ3Le1Qc9PO9ZrJBu78Uagf2bVgQk
zocDxMdcmb2e6eGMKDw+usLspSsw/NINLFQELYhqI7icZA==
-----END CERTIFICATE-----