Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/eZ9lsBSBE-9HylowSORYyQP1H3Y.roa
File:                     eZ9lsBSBE-9HylowSORYyQP1H3Y.roa (raw, json)
Hash identifier:          4bc1g2EfiPBsisazV/A2lyPDwqt6FApY78qkMRjIEcc=
Subject key identifier:   79:9F:65:B0:14:81:13:EF:47:CA:5A:30:48:E4:58:C9:03:F5:1F:76
Certificate issuer:       /CN=b799ac989c44b2e1cdabc258e96ca93caad4bd64
Certificate serial:       01941F8C3F5FA1CD10A2336155CFD40C1371
Authority key identifier: B7:99:AC:98:9C:44:B2:E1:CD:AB:C2:58:E9:6C:A9:3C:AA:D4:BD:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/eZ9lsBSBE-9HylowSORYyQP1H3Y.roa
Signing time:             Wed 01 Jan 2025 01:47:52 +0000
ROA not before:           Wed 01 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206359
IP address blocks:        185.242.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3f:5f:a1:cd:10:a2:33:61:55:cf:d4:0c:13:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b799ac989c44b2e1cdabc258e96ca93caad4bd64
        Validity
            Not Before: Jan  1 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=799f65b0148113ef47ca5a3048e458c903f51f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:41:a6:d8:a6:98:81:dc:ba:81:27:cf:ec:af:
                    2b:1c:ec:2f:06:f2:f4:5e:b3:24:07:bd:8a:4d:85:
                    f4:7b:9e:27:71:9e:e3:ce:52:ba:2f:ef:0e:f4:0c:
                    8c:e7:d1:5c:0e:d0:f2:21:94:7e:d9:64:9f:b1:60:
                    a3:84:ed:c4:2e:ac:5a:ff:fa:54:da:9a:28:38:ec:
                    00:4f:f1:25:a5:7e:96:7d:ac:bf:8c:06:76:82:37:
                    c6:e3:bd:18:cf:d0:f8:f3:f7:f6:c8:80:0c:0a:4e:
                    d5:02:f0:11:68:38:81:1e:b6:18:1d:e3:03:b3:b9:
                    78:ce:1d:ea:08:de:c9:ac:11:19:73:a7:17:5b:96:
                    a7:9d:69:4b:ed:f6:cf:82:98:5c:64:59:7d:6d:4c:
                    c7:58:3c:9d:e3:83:b3:2f:3e:fe:25:89:19:55:9e:
                    c8:08:ff:91:7a:ef:43:c0:e8:53:83:56:78:29:87:
                    20:60:cc:11:56:0e:14:de:a7:57:57:44:6d:07:41:
                    8b:73:73:03:1c:cd:89:98:82:5c:39:94:95:51:2f:
                    ff:d2:95:cc:19:25:4f:90:56:40:e4:9a:44:66:da:
                    b4:ad:b3:c3:33:84:dc:e5:95:65:8c:24:6b:04:5f:
                    f6:11:9b:f1:28:70:74:3a:53:81:dc:25:ce:8e:22:
                    7c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9F:65:B0:14:81:13:EF:47:CA:5A:30:48:E4:58:C9:03:F5:1F:76
            X509v3 Authority Key Identifier:
                keyid:B7:99:AC:98:9C:44:B2:E1:CD:AB:C2:58:E9:6C:A9:3C:AA:D4:BD:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/eZ9lsBSBE-9HylowSORYyQP1H3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:05:09:42:77:4c:11:77:4b:b0:20:05:95:7f:c3:a0:ab:b8:
         3c:d6:f9:27:6d:57:f4:93:fe:b7:19:95:8d:46:dc:b9:c8:1a:
         b6:b2:d0:f5:8a:8d:32:70:00:17:86:a4:d5:c5:f7:01:cb:2b:
         b4:34:b6:40:8d:e4:c5:ab:12:9b:08:9f:1a:73:d0:e1:78:44:
         a7:0f:98:89:a2:cc:77:0e:70:68:73:6c:60:ad:61:07:dc:57:
         3f:80:22:d7:7d:b7:cb:3d:5c:c9:68:c3:73:3b:01:dc:79:20:
         95:ae:de:b5:96:10:d8:fd:5d:54:b0:c6:08:d7:7c:a6:b6:d4:
         9b:35:58:56:3b:2d:83:0b:82:c7:09:ec:b3:aa:0c:4e:75:1d:
         05:bc:dc:b8:84:ca:2c:1b:34:6a:0a:3f:ea:ce:0c:77:b6:18:
         b1:c0:39:2c:cc:ba:ec:80:7d:ba:e7:a4:13:0e:af:53:0d:8a:
         35:28:33:69:6c:dc:0f:11:ec:9c:5b:9f:4c:32:c7:21:92:d5:
         cd:6c:96:03:7b:52:7f:dc:43:e8:46:67:15:69:ef:dd:c7:60:
         f0:a9:61:af:a2:b9:a1:63:bb:fb:99:86:95:7e:87:11:8e:53:
         98:2e:a3:79:54:28:6c:8e:dc:52:2f:a2:47:75:18:36:34:b5:
         a0:35:77:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjD9foc0QojNhVc/UDBNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTlhYzk4OWM0NGIyZTFjZGFiYzI1OGU5NmNhOTNjYWFk
NGJkNjQwHhcNMjUwMTAxMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTlmNjViMDE0ODExM2VmNDdjYTVhMzA0OGU0NThjOTAzZjUxZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEGm2KaYgdy6gSfP7K8rHOwvBvL0
XrMkB72KTYX0e54ncZ7jzlK6L+8O9AyM59FcDtDyIZR+2WSfsWCjhO3ELqxa//pU
2pooOOwAT/ElpX6Wfay/jAZ2gjfG470Yz9D48/f2yIAMCk7VAvARaDiBHrYYHeMD
s7l4zh3qCN7JrBEZc6cXW5annWlL7fbPgphcZFl9bUzHWDyd44OzLz7+JYkZVZ7I
CP+Reu9DwOhTg1Z4KYcgYMwRVg4U3qdXV0RtB0GLc3MDHM2JmIJcOZSVUS//0pXM
GSVPkFZA5JpEZtq0rbPDM4Tc5ZVljCRrBF/2EZvxKHB0OlOB3CXOjiJ8QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmfZbAUgRPvR8paMEjkWMkD9R92MB8GA1UdIwQY
MBaAFLeZrJicRLLhzavCWOlsqTyq1L1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVtc21KeEVzdUhOcThKWTZXeXBQS3JVdldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTVjNDktMGQ3NC00ODdhLWE4MWMt
OTE3NGRmNGRkYjlhLzEvZVo5bHNCU0JFLTlIeWxvd1NPUll5UVAxSDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTVjNDktMGQ3NC00ODdhLWE4MWMtOTE3NGRmNGRkYjlh
LzEvdDVtc21KeEVzdUhOcThKWTZXeXBQS3JVdldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufKIMA0G
CSqGSIb3DQEBCwUAA4IBAQAXBQlCd0wRd0uwIAWVf8Ogq7g81vknbVf0k/63GZWN
Rty5yBq2stD1io0ycAAXhqTVxfcByyu0NLZAjeTFqxKbCJ8ac9DheESnD5iJosx3
DnBoc2xgrWEH3Fc/gCLXfbfLPVzJaMNzOwHceSCVrt61lhDY/V1UsMYI13ymttSb
NVhWOy2DC4LHCeyzqgxOdR0FvNy4hMosGzRqCj/qzgx3thixwDkszLrsgH2656QT
Dq9TDYo1KDNpbNwPEeycW59MMschktXNbJYDe1J/3EPoRmcVae/dx2DwqWGvormh
Y7v7mYaVfocRjlOYLqN5VChsjtxSL6JHdRg2NLWgNXel
-----END CERTIFICATE-----