Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/pY1evXi7L-RhS1kANnlGqZjoa4g.roa
File:                     pY1evXi7L-RhS1kANnlGqZjoa4g.roa (raw, json)
Hash identifier:          MHMoXswoxGYwux8eQ8dSbb24gK19/XF6bugh3G8kZT0=
Subject key identifier:   A5:8D:5E:BD:78:BB:2F:E4:61:4B:59:00:36:79:46:A9:98:E8:6B:88
Certificate issuer:       /CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
Certificate serial:       01942444C547EC9BC7A731B3B437D7D8665C
Authority key identifier: D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/pY1evXi7L-RhS1kANnlGqZjoa4g.roa
Signing time:             Wed 01 Jan 2025 23:47:54 +0000
ROA not before:           Wed 01 Jan 2025 23:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35732
IP address blocks:        185.118.24.0/24 maxlen: 24
                          185.118.25.0/24 maxlen: 24
                          185.118.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c5:47:ec:9b:c7:a7:31:b3:b4:37:d7:d8:66:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
        Validity
            Not Before: Jan  1 23:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a58d5ebd78bb2fe4614b5900367946a998e86b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:47:90:ef:8d:94:d1:17:2c:44:48:ee:a0:e1:
                    63:a2:df:f5:8f:43:95:8d:09:f6:b8:cd:6f:60:ca:
                    90:5e:e6:ef:a7:61:fa:49:1c:b9:ed:62:70:56:5b:
                    da:ef:01:0a:9b:3d:06:71:1f:38:81:96:50:8e:2a:
                    1b:ce:b8:6f:e6:13:d5:6b:9b:67:d9:2e:04:31:75:
                    15:b0:78:30:95:29:41:c0:ae:93:fe:a7:9e:66:ea:
                    eb:42:09:46:7b:03:7f:8f:97:9a:02:1a:60:43:55:
                    3f:9b:e1:ec:af:01:4d:d4:51:80:da:b7:b2:c5:54:
                    62:9c:7c:5c:8d:c2:3e:97:49:13:fd:6b:03:7c:30:
                    68:45:a5:47:16:94:25:82:c8:c6:81:f2:3b:b7:64:
                    08:2b:4b:cb:7d:40:8b:26:cf:ec:b2:cf:5a:76:96:
                    77:ed:99:63:09:03:26:1c:32:27:ae:3a:19:b7:ce:
                    34:a4:9c:29:c6:6c:54:0c:99:c0:5f:60:5f:c3:1f:
                    82:c7:ee:42:6c:20:01:ff:fa:96:74:b2:f7:00:de:
                    83:32:16:52:f7:da:6b:48:7c:75:e5:df:2b:b3:79:
                    b1:06:7a:ed:4c:0b:c3:fb:7d:37:40:19:a2:42:6d:
                    47:11:f5:74:a8:48:d1:87:84:f6:7d:8d:9f:4e:79:
                    87:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:8D:5E:BD:78:BB:2F:E4:61:4B:59:00:36:79:46:A9:98:E8:6B:88
            X509v3 Authority Key Identifier:
                keyid:D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/pY1evXi7L-RhS1kANnlGqZjoa4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.24.0/23
                  185.118.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6c:e4:e8:b7:54:a6:57:fd:33:d4:79:1c:b9:ff:ba:48:52:
         69:76:dd:85:d2:bd:fe:40:05:6f:0d:9d:c2:49:20:c8:b7:6d:
         0c:cc:84:60:0e:d2:f3:47:14:b1:34:9c:00:88:4d:40:e3:07:
         4a:ca:1e:9a:9f:9f:83:88:18:ec:15:13:88:ac:c3:ef:15:11:
         6d:ba:17:30:b2:89:12:83:5c:02:3c:72:23:19:39:8e:8a:ae:
         f7:ba:67:54:3c:5d:a0:ac:6a:72:3c:0d:98:92:d5:16:4c:ea:
         bc:1b:cf:0f:a7:9b:cc:d0:ce:9e:ae:28:04:a3:5e:20:f0:9d:
         f7:46:3a:7f:56:bf:dc:55:17:9b:4c:63:15:81:f4:c4:6f:d3:
         bf:6c:41:81:70:3d:47:c3:e2:e0:38:2b:0e:77:11:03:78:45:
         d4:db:15:42:c6:55:21:67:7f:b4:04:2e:b6:19:db:e6:4b:1b:
         1f:0f:ba:59:bc:07:d8:65:39:a1:e0:2f:48:01:a1:49:12:fe:
         11:ad:93:cf:8e:32:b7:1c:cc:3b:83:00:22:b6:5c:f1:6b:b2:
         28:3b:75:94:e3:3e:67:10:3a:d1:70:50:a9:1a:99:7d:ad:04:
         8c:54:dc:4e:66:de:ad:72:b0:90:e0:61:ad:8c:67:85:ba:f8:
         10:17:75:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRMVH7JvHpzGztDfX2GZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZjdmMTZiMDVhMTEyMzE1MWE2NzdhNDdhYzJkOGQ5MDYx
ZGYzOTAwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThkNWViZDc4YmIyZmU0NjE0YjU5MDAzNjc5NDZhOTk4ZTg2Yjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEeQ742U0RcsREjuoOFjot/1j0OV
jQn2uM1vYMqQXubvp2H6SRy57WJwVlva7wEKmz0GcR84gZZQjiobzrhv5hPVa5tn
2S4EMXUVsHgwlSlBwK6T/qeeZurrQglGewN/j5eaAhpgQ1U/m+HsrwFN1FGA2rey
xVRinHxcjcI+l0kT/WsDfDBoRaVHFpQlgsjGgfI7t2QIK0vLfUCLJs/sss9adpZ3
7ZljCQMmHDInrjoZt840pJwpxmxUDJnAX2Bfwx+Cx+5CbCAB//qWdLL3AN6DMhZS
99prSHx15d8rs3mxBnrtTAvD+303QBmiQm1HEfV0qEjRh4T2fY2fTnmH3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKWNXr14uy/kYUtZADZ5RqmY6GuIMB8GA1UdIwQY
MBaAFNf38WsFoRIxUaZ3pHrC2NkGHfOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMV9meGF3V2hFakZScG5la2VzTFkyUVlkODVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wMjI3YjctNTRjYS00ZjU2LWJlMjYt
NmNiZTk0OTUzMmU0LzEvcFkxZXZYaTdMLVJoUzFrQU5ubEdxWmpvYTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wMjI3YjctNTRjYS00ZjU2LWJlMjYtNmNiZTk0OTUzMmU0
LzEvMV9meGF3V2hFakZScG5la2VzTFkyUVlkODVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuXYYAwQA
uXYbMA0GCSqGSIb3DQEBCwUAA4IBAQAcbOTot1SmV/0z1Hkcuf+6SFJpdt2F0r3+
QAVvDZ3CSSDIt20MzIRgDtLzRxSxNJwAiE1A4wdKyh6an5+DiBjsFROIrMPvFRFt
uhcwsokSg1wCPHIjGTmOiq73umdUPF2grGpyPA2YktUWTOq8G88Pp5vM0M6erigE
o14g8J33Rjp/Vr/cVRebTGMVgfTEb9O/bEGBcD1Hw+LgOCsOdxEDeEXU2xVCxlUh
Z3+0BC62GdvmSxsfD7pZvAfYZTmh4C9IAaFJEv4RrZPPjjK3HMw7gwAitlzxa7Io
O3WU4z5nEDrRcFCpGpl9rQSMVNxOZt6tcrCQ4GGtjGeFuvgQF3Uv
-----END CERTIFICATE-----