Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rWYpbMjEHCEN9aKOytJ-vOYX0FM.roa
File:                     rWYpbMjEHCEN9aKOytJ-vOYX0FM.roa (raw, json)
Hash identifier:          1I/9G8j84VYThsd0dTHCsgo/0XxikghX1mC9wLMt++k=
Subject key identifier:   AD:66:29:6C:C8:C4:1C:21:0D:F5:A2:8E:CA:D2:7E:BC:E6:17:D0:53
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0197553C326115CE95102E31AC159459A544
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rWYpbMjEHCEN9aKOytJ-vOYX0FM.roa
Signing time:             Mon 09 Jun 2025 15:08:17 +0000
ROA not before:           Mon 09 Jun 2025 15:08:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213960
IP address blocks:        185.124.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:55:3c:32:61:15:ce:95:10:2e:31:ac:15:94:59:a5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun  9 15:08:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad66296cc8c41c210df5a28ecad27ebce617d053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:10:89:ad:e1:1b:ed:1a:51:ba:ed:ff:ba:
                    43:fe:d5:cb:04:e5:44:50:8b:11:1c:33:8f:cb:6c:
                    77:e1:9f:23:c7:ab:55:38:09:38:7b:e8:22:de:73:
                    2f:da:c2:f5:3d:09:e7:5b:a9:ef:a9:24:ee:f9:80:
                    4d:02:e0:d2:2b:4b:d5:f0:ec:9f:d9:ee:59:8c:5b:
                    51:bf:2d:09:54:ff:0e:f0:0a:da:83:26:3c:86:b4:
                    fe:1f:ba:63:94:9f:03:6e:c7:1e:54:05:42:82:0c:
                    3e:bc:88:2c:6b:bf:a4:d7:a2:59:82:48:89:03:ba:
                    13:ce:2a:fc:de:56:d3:34:9c:4f:0d:ba:81:43:7b:
                    ea:1a:2d:70:4a:8d:f3:b1:3d:76:b8:01:75:05:14:
                    a2:4e:12:0d:b3:eb:fb:2a:e2:77:2b:11:64:a3:4b:
                    e9:91:12:7c:62:e0:20:d4:21:03:2b:08:9f:e5:0a:
                    fd:29:02:04:62:0d:84:08:9e:e2:65:e1:46:f6:0c:
                    4b:28:8c:df:8b:86:14:b9:c6:56:3f:09:b4:d9:84:
                    9c:20:15:a2:39:08:4a:09:41:84:bf:12:77:5e:5d:
                    9d:85:38:61:32:3f:97:17:75:3c:31:da:77:bc:84:
                    19:d2:52:5e:12:52:bc:cd:54:a8:97:ba:3a:17:3d:
                    74:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:66:29:6C:C8:C4:1C:21:0D:F5:A2:8E:CA:D2:7E:BC:E6:17:D0:53
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/rWYpbMjEHCEN9aKOytJ-vOYX0FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ad:0b:9b:08:84:dc:8e:b2:7e:73:1b:bd:d8:a3:ce:e1:85:
         e4:bd:39:df:3b:7b:52:ff:c6:16:a1:c6:1e:57:32:72:79:62:
         dc:9e:d6:0c:62:ad:c8:f6:c7:aa:79:8c:75:88:6c:56:97:d2:
         fa:09:62:f7:54:7c:34:df:8f:dc:61:2f:54:e3:b6:59:c2:17:
         88:83:6f:25:d1:5a:45:67:b1:ea:f5:13:23:17:48:01:62:b1:
         2c:b5:3b:aa:f9:b6:33:f8:6e:36:e9:1f:bf:be:72:f0:74:e0:
         f9:16:d6:14:db:57:b0:d1:b1:bb:0c:4e:d6:8b:2b:71:bb:42:
         ee:6e:5d:60:88:00:78:0e:2e:24:77:54:79:df:9b:36:93:ff:
         fc:f8:eb:c3:92:d3:17:f8:f3:dd:7d:8e:cb:fc:1c:bb:df:bc:
         21:1e:f1:fa:e1:22:a3:68:4c:aa:66:72:0a:40:c2:e4:42:6a:
         1c:b5:29:6c:92:03:22:10:f4:f7:ed:5a:bc:d8:74:f2:60:4d:
         33:de:a9:fe:d9:3e:b0:79:c7:db:49:27:d6:7b:41:34:29:8c:
         68:48:c4:e9:24:2b:2d:74:4e:07:98:34:54:02:ad:2a:f7:32:
         4a:30:a8:4d:5f:11:e5:cc:10:a0:41:b9:d8:a4:81:fb:e4:ca:
         db:a5:b1:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdVPDJhFc6VEC4xrBWUWaVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjA5MTUwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY2Mjk2Y2M4YzQxYzIxMGRmNWEyOGVjYWQyN2ViY2U2MTdkMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT4Qia3hG+0aUbrt/7pD/tXLBOVE
UIsRHDOPy2x34Z8jx6tVOAk4e+gi3nMv2sL1PQnnW6nvqSTu+YBNAuDSK0vV8Oyf
2e5ZjFtRvy0JVP8O8AragyY8hrT+H7pjlJ8DbsceVAVCggw+vIgsa7+k16JZgkiJ
A7oTzir83lbTNJxPDbqBQ3vqGi1wSo3zsT12uAF1BRSiThINs+v7KuJ3KxFko0vp
kRJ8YuAg1CEDKwif5Qr9KQIEYg2ECJ7iZeFG9gxLKIzfi4YUucZWPwm02YScIBWi
OQhKCUGEvxJ3Xl2dhThhMj+XF3U8Mdp3vIQZ0lJeElK8zVSol7o6Fz10+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1mKWzIxBwhDfWijsrSfrzmF9BTMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvcldZcGJNakVIQ0VOOWFLT3l0Si12T1lYMEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXyuMA0G
CSqGSIb3DQEBCwUAA4IBAQA6rQubCITcjrJ+cxu92KPO4YXkvTnfO3tS/8YWocYe
VzJyeWLcntYMYq3I9seqeYx1iGxWl9L6CWL3VHw034/cYS9U47ZZwheIg28l0VpF
Z7Hq9RMjF0gBYrEstTuq+bYz+G426R+/vnLwdOD5FtYU21ew0bG7DE7Wiytxu0Lu
bl1giAB4Di4kd1R535s2k//8+OvDktMX+PPdfY7L/By737whHvH64SKjaEyqZnIK
QMLkQmoctSlskgMiEPT37Vq82HTyYE0z3qn+2T6wecfbSSfWe0E0KYxoSMTpJCst
dE4HmDRUAq0q9zJKMKhNXxHlzBCgQbnYpIH75MrbpbGI
-----END CERTIFICATE-----