Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ff6dwmI06cjJNy1LAsqnZZjf6Ng.roa
File:                     ff6dwmI06cjJNy1LAsqnZZjf6Ng.roa (raw, json)
Hash identifier:          VNfMgl9lIKIQjqchJKjfSIDHFReH6U9wgyF3nqojbKA=
Subject key identifier:   7D:FE:9D:C2:62:34:E9:C8:C9:37:2D:4B:02:CA:A7:65:98:DF:E8:D8
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3B007B0DDF5DC4C6794C79D646E81
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ff6dwmI06cjJNy1LAsqnZZjf6Ng.roa
Signing time:             Thu 02 Jan 2025 15:47:54 +0000
ROA not before:           Thu 02 Jan 2025 15:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211043
IP address blocks:        185.227.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:b0:07:b0:dd:f5:dc:4c:67:94:c7:9d:64:6e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dfe9dc26234e9c8c9372d4b02caa76598dfe8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e9:af:16:78:b9:10:5a:f4:a8:d5:59:f3:11:
                    09:88:a7:23:6c:ce:b3:0b:d4:a4:90:e9:be:62:02:
                    c8:54:3c:d4:77:37:d6:bb:11:0b:e8:bb:de:b8:5a:
                    94:b5:a8:ef:54:24:72:5f:a4:b3:0e:23:9c:a4:40:
                    93:13:44:9e:54:eb:a3:59:4b:ec:89:dd:ce:cb:c5:
                    36:96:04:7e:86:a8:11:f2:56:8a:e6:70:d0:37:c7:
                    36:d9:28:49:58:1f:0f:21:2f:24:67:53:0c:94:e2:
                    cd:67:10:ed:f4:ed:88:3c:aa:0e:41:25:21:37:0e:
                    2b:81:28:61:a4:c9:86:51:96:db:6f:d9:42:bf:4b:
                    e6:d7:6c:6e:80:31:84:2b:d1:de:ee:da:7e:f3:59:
                    8b:4f:ce:69:f8:30:34:d0:71:8b:ec:84:de:75:fc:
                    5f:b9:23:6a:d4:47:4e:2a:64:38:49:e1:93:40:d3:
                    c5:b2:be:ed:f3:ad:ab:54:41:9a:23:a4:ad:29:44:
                    48:12:8d:84:02:66:a7:70:fc:30:8a:7f:45:ac:4a:
                    a6:dc:73:ac:c3:ce:18:fb:2c:4f:91:8f:ac:81:3d:
                    80:8f:8d:c0:e8:69:48:df:a7:de:e0:a1:7d:28:ce:
                    c3:b9:34:67:9d:0a:d5:20:24:c7:ea:43:27:d5:4b:
                    49:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:FE:9D:C2:62:34:E9:C8:C9:37:2D:4B:02:CA:A7:65:98:DF:E8:D8
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ff6dwmI06cjJNy1LAsqnZZjf6Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d7:88:7e:bd:e0:af:ef:4c:64:92:25:37:d5:25:7c:6e:f9:
         08:32:45:26:86:1d:81:53:05:00:3a:5e:61:fc:0a:cf:d5:a9:
         45:c7:f4:3b:b4:f5:c7:bb:ee:08:99:90:05:47:ae:d2:41:a0:
         7b:91:53:3d:65:b4:56:e1:ed:ee:57:ac:c1:7d:b0:a2:a6:94:
         69:a5:04:c0:19:6f:b6:55:69:2e:54:86:38:63:93:35:a2:9a:
         f9:59:a8:8f:79:7c:d0:9d:9b:77:00:5a:12:57:92:0e:9c:a5:
         c2:bd:81:37:56:20:d4:37:88:3e:34:1e:a2:ea:24:67:88:e6:
         ba:a9:d8:b6:c4:8a:97:81:9f:6a:09:5c:23:4c:0a:cd:9d:35:
         dd:c3:24:25:c4:d4:67:aa:91:45:ff:83:39:a8:8b:5a:97:65:
         1f:67:d1:81:ca:b8:cf:a3:d6:de:ee:11:7b:45:a6:1d:8e:4b:
         7d:28:e7:40:30:bb:2e:a8:c7:3c:e1:b3:55:8a:d6:a8:14:b4:
         d5:c0:3f:47:50:d5:5c:a1:b3:65:7b:41:db:72:da:f8:c2:6f:
         a4:c5:ed:0a:21:9e:b8:d9:e9:c2:fc:21:60:ea:84:e1:a0:27:
         e2:20:79:a0:42:e0:ad:7c:db:6f:35:23:24:3d:21:eb:3d:c6:
         b8:3b:7e:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns7AHsN313ExnlMedZG6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGZlOWRjMjYyMzRlOWM4YzkzNzJkNGIwMmNhYTc2NTk4ZGZlOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtumvFni5EFr0qNVZ8xEJiKcjbM6z
C9SkkOm+YgLIVDzUdzfWuxEL6LveuFqUtajvVCRyX6SzDiOcpECTE0SeVOujWUvs
id3Oy8U2lgR+hqgR8laK5nDQN8c22ShJWB8PIS8kZ1MMlOLNZxDt9O2IPKoOQSUh
Nw4rgShhpMmGUZbbb9lCv0vm12xugDGEK9He7tp+81mLT85p+DA00HGL7ITedfxf
uSNq1EdOKmQ4SeGTQNPFsr7t862rVEGaI6StKURIEo2EAmancPwwin9FrEqm3HOs
w84Y+yxPkY+sgT2Aj43A6GlI36fe4KF9KM7DuTRnnQrVICTH6kMn1UtJwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3+ncJiNOnIyTctSwLKp2WY3+jYMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvZmY2ZHdtSTA2Y2pKTnkxTEFzcW5aWmpmNk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueMiMA0G
CSqGSIb3DQEBCwUAA4IBAQAa14h+veCv70xkkiU31SV8bvkIMkUmhh2BUwUAOl5h
/ArP1alFx/Q7tPXHu+4ImZAFR67SQaB7kVM9ZbRW4e3uV6zBfbCippRppQTAGW+2
VWkuVIY4Y5M1opr5WaiPeXzQnZt3AFoSV5IOnKXCvYE3ViDUN4g+NB6i6iRniOa6
qdi2xIqXgZ9qCVwjTArNnTXdwyQlxNRnqpFF/4M5qItal2UfZ9GByrjPo9be7hF7
RaYdjkt9KOdAMLsuqMc84bNVitaoFLTVwD9HUNVcobNle0Hbctr4wm+kxe0KIZ64
2enC/CFg6oThoCfiIHmgQuCtfNtvNSMkPSHrPca4O36e
-----END CERTIFICATE-----