Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Af8LoP7Lc3Ri1EjEl2aPSimN8N8.roa
File:                     Af8LoP7Lc3Ri1EjEl2aPSimN8N8.roa (raw, json)
Hash identifier:          K3jq+ZPDX3ZWFw5k3Zz+FhB98xNgrxje9TzL4q7xQ84=
Subject key identifier:   01:FF:0B:A0:FE:CB:73:74:62:D4:48:C4:97:66:8F:4A:29:8D:F0:DF
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019425FDC936AABAE3B4D4446C7C029D4D21
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Af8LoP7Lc3Ri1EjEl2aPSimN8N8.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211195
IP address blocks:        185.65.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c9:36:aa:ba:e3:b4:d4:44:6c:7c:02:9d:4d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01ff0ba0fecb737462d448c497668f4a298df0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9c:e0:1e:1f:4e:ca:bd:15:0a:e6:14:73:f1:
                    fd:b9:fa:00:90:28:33:dc:b5:1b:74:be:32:dc:8d:
                    84:49:68:62:a1:07:fd:0e:87:ca:7b:c5:a6:97:04:
                    94:03:e9:09:46:95:d3:1b:07:21:ed:b6:b2:e3:cc:
                    7d:2f:7c:f4:65:e3:fc:b8:23:42:f6:dd:02:d6:1e:
                    ec:f1:20:f3:7b:51:73:d0:fc:e3:5d:5d:0c:21:2b:
                    2a:87:aa:98:7d:c5:c8:15:ec:19:62:47:22:e5:12:
                    c1:30:e2:f7:91:7b:23:fc:c4:c7:70:56:28:a5:01:
                    fa:7f:47:40:80:ed:00:38:56:ca:42:86:c8:f1:a3:
                    e2:b4:bd:35:58:3a:46:cc:9a:1a:e7:b1:41:1a:01:
                    08:f7:e9:64:21:38:5f:87:58:21:a9:a9:f6:1a:e0:
                    8b:58:d1:33:72:9a:1b:79:9d:66:21:66:b0:72:d6:
                    f4:60:38:dc:2e:d5:7b:43:ae:2b:66:c7:66:a2:5a:
                    c7:01:24:c1:5d:ab:f8:b2:44:90:f1:14:6b:c4:3e:
                    77:d7:03:57:2b:10:9d:38:cb:65:5f:d5:a5:e2:67:
                    0b:8a:b4:4e:61:53:4c:e9:8c:42:58:95:19:66:b0:
                    a4:38:27:4e:e6:19:57:83:ae:47:77:30:a2:b4:61:
                    2e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FF:0B:A0:FE:CB:73:74:62:D4:48:C4:97:66:8F:4A:29:8D:F0:DF
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Af8LoP7Lc3Ri1EjEl2aPSimN8N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:7b:f1:1d:81:d4:e8:41:30:af:86:04:1f:d5:46:23:ab:58:
         c2:9d:00:74:77:8c:70:1a:12:d7:91:18:9a:38:e4:01:2e:4c:
         00:a5:27:e7:69:d3:2b:73:04:eb:36:e3:02:c3:fa:ae:4f:eb:
         e5:78:87:f0:4e:09:e0:b7:7a:4d:41:a8:f5:92:4f:15:c6:08:
         22:31:e1:89:5d:83:d1:86:90:e1:3c:b4:e7:a4:5d:e3:3d:70:
         92:ec:17:9e:38:fb:04:8c:09:cb:13:b3:c1:b0:f6:4a:51:42:
         34:b1:05:4a:52:03:a9:48:49:d4:65:df:aa:3e:69:a6:b4:9f:
         73:c0:5b:66:0a:02:39:82:93:92:81:93:d6:7f:0e:6a:a2:1f:
         2d:c4:a3:1e:d6:82:9d:d1:8e:3a:f4:10:5c:05:14:0a:27:40:
         02:e8:ba:cd:86:2c:16:a7:5e:75:8c:bc:3e:14:93:60:33:05:
         75:4b:b0:b1:ab:2b:56:48:43:9e:4e:41:5e:75:18:57:33:e2:
         ab:b2:1a:d5:1c:56:71:be:eb:cd:52:03:d7:2b:4a:ca:b0:47:
         37:a5:e2:54:2c:40:2f:89:3a:3e:c5:36:62:b3:5e:9e:8e:08:
         d7:d3:f8:d7:cd:ea:5a:0d:10:62:ad:fb:4c:ac:92:be:66:10:
         cc:86:98:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ck2qrrjtNREbHwCnU0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWZmMGJhMGZlY2I3Mzc0NjJkNDQ4YzQ5NzY2OGY0YTI5OGRmMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZzgHh9Oyr0VCuYUc/H9ufoAkCgz
3LUbdL4y3I2ESWhioQf9DofKe8WmlwSUA+kJRpXTGwch7bay48x9L3z0ZeP8uCNC
9t0C1h7s8SDze1Fz0PzjXV0MISsqh6qYfcXIFewZYkci5RLBMOL3kXsj/MTHcFYo
pQH6f0dAgO0AOFbKQobI8aPitL01WDpGzJoa57FBGgEI9+lkIThfh1ghqan2GuCL
WNEzcpobeZ1mIWawctb0YDjcLtV7Q64rZsdmolrHASTBXav4skSQ8RRrxD531wNX
KxCdOMtlX9Wl4mcLirROYVNM6YxCWJUZZrCkOCdO5hlXg65HdzCitGEuVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAH/C6D+y3N0YtRIxJdmj0opjfDfMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvQWY4TG9QN0xjM1JpMUVqRWwyYVBTaW1OOE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUFHMA0G
CSqGSIb3DQEBCwUAA4IBAQAVe/EdgdToQTCvhgQf1UYjq1jCnQB0d4xwGhLXkRia
OOQBLkwApSfnadMrcwTrNuMCw/quT+vleIfwTgngt3pNQaj1kk8VxggiMeGJXYPR
hpDhPLTnpF3jPXCS7BeeOPsEjAnLE7PBsPZKUUI0sQVKUgOpSEnUZd+qPmmmtJ9z
wFtmCgI5gpOSgZPWfw5qoh8txKMe1oKd0Y469BBcBRQKJ0AC6LrNhiwWp151jLw+
FJNgMwV1S7CxqytWSEOeTkFedRhXM+KrshrVHFZxvuvNUgPXK0rKsEc3peJULEAv
iTo+xTZis16ejgjX0/jXzepaDRBirftMrJK+ZhDMhpjK
-----END CERTIFICATE-----