Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/ekIp6fDV1LgphH3Gi1AHo6rI6Cs.roa
File:                     ekIp6fDV1LgphH3Gi1AHo6rI6Cs.roa (raw, json)
Hash identifier:          cb15BXttM7ZNQB0xO/TZjjNsA01W0R9hxNFRQ8FNS94=
Subject key identifier:   7A:42:29:E9:F0:D5:D4:B8:29:84:7D:C6:8B:50:07:A3:AA:C8:E8:2B
Certificate issuer:       /CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
Certificate serial:       019424B3AB30BBD065753701AF8D7BB104E8
Authority key identifier: 5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/ekIp6fDV1LgphH3Gi1AHo6rI6Cs.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35773
IP address blocks:        84.54.148.0/24 maxlen: 24
                          84.54.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ab:30:bb:d0:65:75:37:01:af:8d:7b:b1:04:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a4229e9f0d5d4b829847dc68b5007a3aac8e82b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0f:ef:84:94:5b:1c:cf:0e:59:61:74:46:a9:
                    a1:74:8a:80:50:30:87:1a:6e:4e:30:fb:39:67:08:
                    4e:2b:8f:2f:6f:77:32:92:3e:5e:b0:99:5b:0e:a9:
                    d9:26:6b:f6:5f:7d:87:d7:f3:74:3d:c1:9b:fc:d3:
                    d7:ac:6d:f7:90:fa:43:4c:10:07:fe:95:a7:97:8b:
                    6e:4f:ff:de:8b:03:15:4a:cc:34:35:02:ff:56:f9:
                    69:84:c2:68:dd:08:e3:84:27:f2:1f:c9:a8:fa:69:
                    27:ea:e8:5f:87:48:6d:69:c5:f9:67:6a:33:e4:11:
                    be:44:e6:c7:5a:c8:2a:bc:2d:99:9d:57:22:8a:1f:
                    9e:06:2a:39:1a:6a:8c:42:0a:64:ed:65:28:36:7e:
                    78:58:55:f3:9e:36:61:65:6b:48:c0:e2:59:f2:e0:
                    40:93:02:74:1b:23:f2:20:74:01:28:a8:06:4d:ba:
                    7c:83:31:2f:a7:73:d0:4f:cf:4c:31:a6:9a:d6:cc:
                    72:43:fe:bb:36:fc:75:65:04:35:45:65:51:e0:4d:
                    53:be:37:4d:92:6a:d0:b2:bd:07:a2:e1:e3:6e:cf:
                    80:d3:e9:64:71:db:4e:d3:12:b3:cb:48:bb:a1:7b:
                    1a:07:84:55:ac:df:31:40:80:b3:b8:11:5f:52:e1:
                    ee:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:42:29:E9:F0:D5:D4:B8:29:84:7D:C6:8B:50:07:A3:AA:C8:E8:2B
            X509v3 Authority Key Identifier:
                keyid:5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/ekIp6fDV1LgphH3Gi1AHo6rI6Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.148.0/24
                  84.54.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:20:3b:51:ad:e9:4d:d9:28:ea:11:3b:f3:51:24:72:1a:0e:
         32:fa:0f:1c:51:50:e1:36:45:13:05:82:05:64:11:09:94:89:
         50:ec:3a:88:b3:92:ce:08:48:56:19:3d:30:c0:e8:1b:e7:ba:
         79:4b:5b:81:c5:6d:ca:c3:77:08:3e:fb:2c:d2:09:ed:39:d1:
         86:c7:9e:8f:33:50:8a:55:f6:68:ba:28:bb:78:98:6b:e8:7d:
         f9:e7:97:66:ac:23:85:d2:7b:73:41:b4:0f:0c:2b:4d:f1:39:
         ca:11:57:7b:55:3d:5d:95:45:2e:ea:71:2e:d0:51:32:45:68:
         f1:bc:4e:15:30:20:ac:5f:43:5b:6b:2e:c3:02:7c:53:c4:ee:
         94:8d:ae:d2:c1:e8:d4:d7:17:e4:15:4c:82:22:a2:01:1d:84:
         bd:a2:69:cf:8f:dc:23:e3:93:b5:ca:7d:b2:b6:01:4c:a6:82:
         e8:d2:3b:92:f2:53:4d:83:2d:74:5a:b7:04:63:21:40:62:33:
         5f:21:66:e2:89:f9:ed:8e:95:07:e2:a9:b2:01:83:d2:40:a6:
         1d:bb:5d:1a:c8:3a:76:9d:88:cc:55:25:81:8f:20:aa:42:ea:
         5b:d7:d6:01:cd:e4:ca:6b:4f:54:ad:c9:2f:a4:a9:ce:d3:bc:
         9f:cd:9b:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks6swu9BldTcBr417sQToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODhlNGY3YTMwMjQxMmMzMTZhM2JiNTk5Y2RkMjA0MmI1
ZmY0ODUwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQyMjllOWYwZDVkNGI4Mjk4NDdkYzY4YjUwMDdhM2FhYzhlODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw/vhJRbHM8OWWF0RqmhdIqAUDCH
Gm5OMPs5ZwhOK48vb3cykj5esJlbDqnZJmv2X32H1/N0PcGb/NPXrG33kPpDTBAH
/pWnl4tuT//eiwMVSsw0NQL/VvlphMJo3QjjhCfyH8mo+mkn6uhfh0htacX5Z2oz
5BG+RObHWsgqvC2ZnVciih+eBio5GmqMQgpk7WUoNn54WFXznjZhZWtIwOJZ8uBA
kwJ0GyPyIHQBKKgGTbp8gzEvp3PQT89MMaaa1sxyQ/67Nvx1ZQQ1RWVR4E1TvjdN
kmrQsr0HouHjbs+A0+lkcdtO0xKzy0i7oXsaB4RVrN8xQICzuBFfUuHuOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHpCKenw1dS4KYR9xotQB6OqyOgrMB8GA1UdIwQY
MBaAFF2I5PejAkEsMWo7tZnN0gQrX/SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGIt
NTdlMWQ1YjcyYjJkLzEvZWtJcDZmRFYxTGdwaEgzR2kxQUhvNnJJNkNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGItNTdlMWQ1YjcyYjJk
LzEvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVDaUAwQA
VDaWMA0GCSqGSIb3DQEBCwUAA4IBAQApIDtRrelN2SjqETvzUSRyGg4y+g8cUVDh
NkUTBYIFZBEJlIlQ7DqIs5LOCEhWGT0wwOgb57p5S1uBxW3Kw3cIPvss0gntOdGG
x56PM1CKVfZouii7eJhr6H3555dmrCOF0ntzQbQPDCtN8TnKEVd7VT1dlUUu6nEu
0FEyRWjxvE4VMCCsX0Nbay7DAnxTxO6Uja7SwejU1xfkFUyCIqIBHYS9omnPj9wj
45O1yn2ytgFMpoLo0juS8lNNgy10WrcEYyFAYjNfIWbiifntjpUH4qmyAYPSQKYd
u10ayDp2nYjMVSWBjyCqQupb19YBzeTKa09UrckvpKnO07yfzZtf
-----END CERTIFICATE-----