Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/x423Qg-1avZ4oW3pFs6-yIbSTBk.roa
File:                     x423Qg-1avZ4oW3pFs6-yIbSTBk.roa (raw, json)
Hash identifier:          XTyglL2KSQkSQ4UFrHYw6XJW8KrCd2T/dmRINsB6tIs=
Subject key identifier:   C7:8D:B7:42:0F:B5:6A:F6:78:A1:6D:E9:16:CE:BE:C8:86:D2:4C:19
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDE1B6CAB037391D2F318C99550188
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/x423Qg-1avZ4oW3pFs6-yIbSTBk.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206313
IP address blocks:        185.197.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 16:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e1:b6:ca:b0:37:39:1d:2f:31:8c:99:55:01:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c78db7420fb56af678a16de916cebec886d24c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fd:c6:e6:8b:18:90:da:34:22:d2:df:a6:52:
                    be:e0:0d:39:c4:b9:7a:5b:26:f5:30:a9:55:e7:b0:
                    50:d5:e1:ab:8b:83:d4:da:8e:c6:64:22:9e:53:62:
                    3b:14:d2:ed:41:41:a2:6a:8c:38:62:5e:c3:3b:c6:
                    96:db:c1:35:aa:5f:89:84:b7:b3:74:58:e1:b0:da:
                    4f:d2:e0:00:b3:73:2a:3f:09:e2:99:32:dc:09:6f:
                    56:03:d5:fe:7b:b0:26:06:18:2b:5c:85:ff:6e:c3:
                    bd:f9:a5:b6:37:bc:8a:ad:5b:a6:64:c6:87:a4:c8:
                    42:82:a0:fc:d3:09:f5:13:be:48:af:71:df:d3:0a:
                    65:46:53:57:cd:96:e6:85:66:cf:20:91:b9:be:f0:
                    78:41:cc:84:48:e3:b9:0a:14:8a:87:6e:af:57:13:
                    05:f4:9c:f3:d1:c4:ab:a9:00:cc:72:96:ea:10:7f:
                    61:6f:81:74:a2:14:10:68:ff:11:2d:fb:82:33:1e:
                    9d:87:fc:4d:b7:27:1a:c5:b9:ca:f7:bc:0b:27:1f:
                    cb:07:fe:41:7d:aa:5f:08:35:a1:b5:72:2b:c4:4a:
                    b5:b9:5e:59:39:82:0a:77:e1:69:56:74:96:7b:48:
                    26:03:e9:7a:fa:92:ce:28:b0:80:a8:03:ea:54:60:
                    f7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8D:B7:42:0F:B5:6A:F6:78:A1:6D:E9:16:CE:BE:C8:86:D2:4C:19
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/x423Qg-1avZ4oW3pFs6-yIbSTBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:a7:74:28:9d:95:90:73:70:e2:79:ea:bc:68:fc:3a:9f:e6:
         bf:e5:5d:1e:d4:5f:dc:6b:51:8e:3a:1e:95:61:0b:35:f8:6e:
         7f:05:89:f1:68:a4:eb:1b:01:4e:10:a2:80:f7:4f:43:8c:58:
         7c:14:88:8e:bc:30:ec:f1:05:1e:df:d8:b7:7c:d3:fb:d8:ab:
         fb:3d:64:95:1d:78:fa:b4:d5:04:d0:54:3c:86:25:bf:a6:ea:
         b5:63:73:bd:a3:87:f2:72:ac:09:c5:0b:96:06:17:7e:a4:6e:
         0c:db:39:32:91:8d:73:c9:5d:0e:66:31:3e:12:c5:cd:14:23:
         e8:f3:d4:38:5f:51:37:e0:1c:aa:bb:c5:95:1d:bc:72:53:98:
         e3:80:52:5a:ee:45:93:2c:96:b2:28:67:f7:94:fe:ab:7a:67:
         73:0e:7b:11:1b:3b:4c:a8:95:c5:9e:30:69:6b:53:0b:50:88:
         aa:94:f8:36:6f:fb:ad:c7:9c:6d:23:67:8f:55:57:95:44:6b:
         52:53:59:a8:72:f8:c1:a1:7c:49:07:97:92:c3:24:96:76:d4:
         f5:11:1b:5d:5d:13:61:ca:33:b9:fd:a5:39:7b:97:79:3f:f3:
         c8:86:75:3a:f0:14:90:d7:0b:84:86:46:c3:a3:b1:c6:e2:97:
         a8:e8:bf:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eG2yrA3OR0vMYyZVQGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhkYjc0MjBmYjU2YWY2NzhhMTZkZTkxNmNlYmVjODg2ZDI0YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP3G5osYkNo0ItLfplK+4A05xLl6
Wyb1MKlV57BQ1eGri4PU2o7GZCKeU2I7FNLtQUGiaow4Yl7DO8aW28E1ql+JhLez
dFjhsNpP0uAAs3MqPwnimTLcCW9WA9X+e7AmBhgrXIX/bsO9+aW2N7yKrVumZMaH
pMhCgqD80wn1E75Ir3Hf0wplRlNXzZbmhWbPIJG5vvB4QcyESOO5ChSKh26vVxMF
9Jzz0cSrqQDMcpbqEH9hb4F0ohQQaP8RLfuCMx6dh/xNtycaxbnK97wLJx/LB/5B
fapfCDWhtXIrxEq1uV5ZOYIKd+FpVnSWe0gmA+l6+pLOKLCAqAPqVGD3xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeNt0IPtWr2eKFt6RbOvsiG0kwZMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEveDQyM1FnLTFhdlo0b1czcEZzNi15SWJTVEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucWEMA0G
CSqGSIb3DQEBCwUAA4IBAQA/p3QonZWQc3Dieeq8aPw6n+a/5V0e1F/ca1GOOh6V
YQs1+G5/BYnxaKTrGwFOEKKA909DjFh8FIiOvDDs8QUe39i3fNP72Kv7PWSVHXj6
tNUE0FQ8hiW/puq1Y3O9o4fycqwJxQuWBhd+pG4M2zkykY1zyV0OZjE+EsXNFCPo
89Q4X1E34Byqu8WVHbxyU5jjgFJa7kWTLJayKGf3lP6remdzDnsRGztMqJXFnjBp
a1MLUIiqlPg2b/utx5xtI2ePVVeVRGtSU1mocvjBoXxJB5eSwySWdtT1ERtdXRNh
yjO5/aU5e5d5P/PIhnU68BSQ1wuEhkbDo7HG4peo6L/R
-----END CERTIFICATE-----