Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/8jvY6gdKf49fsHMa8JzUxLXy6Co.roa
File:                     8jvY6gdKf49fsHMa8JzUxLXy6Co.roa (raw, json)
Hash identifier:          zq4v0B4wOz8tRoHJTPQ0OEhJqUOFXXY6z/cXiV3Bsic=
Subject key identifier:   F2:3B:D8:EA:07:4A:7F:8F:5F:B0:73:1A:F0:9C:D4:C4:B5:F2:E8:2A
Certificate issuer:       /CN=1c97b4823d3c9e121ec649821e00f0a79aeb9b8d
Certificate serial:       019426D9AC2BA9F58C2240CF9EF72359BBC5
Authority key identifier: 1C:97:B4:82:3D:3C:9E:12:1E:C6:49:82:1E:00:F0:A7:9A:EB:9B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJe0gj08nhIexkmCHgDwp5rrm40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/8jvY6gdKf49fsHMa8JzUxLXy6Co.roa
Signing time:             Thu 02 Jan 2025 11:49:47 +0000
ROA not before:           Thu 02 Jan 2025 11:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212492
IP address blocks:        185.61.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/HJe0gj08nhIexkmCHgDwp5rrm40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/HJe0gj08nhIexkmCHgDwp5rrm40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJe0gj08nhIexkmCHgDwp5rrm40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ac:2b:a9:f5:8c:22:40:cf:9e:f7:23:59:bb:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c97b4823d3c9e121ec649821e00f0a79aeb9b8d
        Validity
            Not Before: Jan  2 11:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f23bd8ea074a7f8f5fb0731af09cd4c4b5f2e82a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5d:15:d4:25:00:e6:c5:6c:a5:6a:0e:a4:31:
                    50:db:32:da:d9:f4:ba:e4:3f:48:e8:1a:01:5c:bb:
                    12:60:14:65:80:c4:1d:31:96:df:d3:d8:d3:75:42:
                    c7:40:dd:c8:a2:a6:6a:71:90:e1:25:cf:52:8e:13:
                    96:dd:24:0c:dd:23:ce:10:f5:fd:69:23:c1:fe:4b:
                    1f:45:37:55:1e:f7:dc:ca:c4:3a:4a:6c:51:c2:77:
                    1d:f8:7a:a3:bc:e0:21:c5:7c:5f:49:2a:05:4d:48:
                    52:b3:23:9d:8f:34:d7:a7:3a:8e:11:aa:a3:06:e5:
                    bb:db:69:59:b5:08:b5:41:be:b4:9a:fa:88:eb:44:
                    dd:49:a7:44:4c:6b:ea:a1:5c:d1:b6:a7:78:88:92:
                    1d:55:05:5b:55:ae:7b:fd:75:9a:38:de:9f:d5:8a:
                    f2:23:64:45:ff:15:77:cb:e0:c1:f7:65:79:4e:80:
                    0c:61:91:56:6d:6f:89:8c:54:39:4f:77:1e:d5:2a:
                    e4:56:8b:cd:fd:a9:53:4d:1d:14:e6:7f:3d:f8:47:
                    f1:e6:fd:29:b5:8c:99:46:a5:75:54:b7:50:bb:9e:
                    9e:5d:da:2c:09:17:c1:a5:6e:c1:4f:8e:d9:6c:53:
                    bf:2d:da:eb:1b:da:8d:84:7e:17:55:d0:13:52:ee:
                    ec:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3B:D8:EA:07:4A:7F:8F:5F:B0:73:1A:F0:9C:D4:C4:B5:F2:E8:2A
            X509v3 Authority Key Identifier:
                keyid:1C:97:B4:82:3D:3C:9E:12:1E:C6:49:82:1E:00:F0:A7:9A:EB:9B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJe0gj08nhIexkmCHgDwp5rrm40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/8jvY6gdKf49fsHMa8JzUxLXy6Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/15641a-6614-45e4-a2a9-9b9cd89659e0/1/HJe0gj08nhIexkmCHgDwp5rrm40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8f:9d:bf:20:7f:9c:6e:da:f6:9a:cb:a6:f8:13:e3:0f:c9:
         03:29:47:e6:ac:d4:36:0c:5c:25:d9:67:d9:78:ed:56:1f:33:
         85:6e:67:77:14:d0:fe:b6:36:7e:78:87:f0:af:8c:4f:02:20:
         c4:63:6e:a2:2c:e6:c3:c4:5e:ab:5a:8b:c9:37:28:fc:a3:cc:
         2a:b7:65:f8:e3:d6:61:cd:7e:67:f7:cf:fc:a3:56:72:bf:31:
         43:3f:ff:b3:88:68:4c:ef:54:03:2e:04:cb:74:0f:f0:bf:f2:
         08:8d:4e:be:3e:54:32:61:ab:d1:a8:fe:04:99:3a:82:11:e3:
         73:aa:f4:fc:25:2b:4c:15:17:18:56:d1:31:d5:36:3c:43:d5:
         83:1c:c9:cf:06:bd:cb:86:a6:d6:3f:fa:34:06:3b:b0:8b:73:
         c7:46:88:f6:10:9a:bf:58:bf:27:b2:66:18:fb:8f:d4:cb:10:
         e8:6d:b2:fa:db:c2:74:ef:f6:61:f5:67:88:84:a6:18:65:fc:
         c5:d5:d0:b2:33:1c:43:a8:c5:d0:6f:23:43:10:73:7b:b1:00:
         b9:cd:81:5e:6c:69:5b:9a:4e:77:b8:9a:45:98:64:dd:64:07:
         6a:12:06:95:33:bb:ae:69:c9:fb:bf:10:71:d7:46:2a:1c:5c:
         97:3e:f6:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2awrqfWMIkDPnvcjWbvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTdiNDgyM2QzYzllMTIxZWM2NDk4MjFlMDBmMGE3OWFl
YjliOGQwHhcNMjUwMTAyMTE0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjNiZDhlYTA3NGE3ZjhmNWZiMDczMWFmMDljZDRjNGI1ZjJlODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx10V1CUA5sVspWoOpDFQ2zLa2fS6
5D9I6BoBXLsSYBRlgMQdMZbf09jTdULHQN3IoqZqcZDhJc9SjhOW3SQM3SPOEPX9
aSPB/ksfRTdVHvfcysQ6SmxRwncd+HqjvOAhxXxfSSoFTUhSsyOdjzTXpzqOEaqj
BuW722lZtQi1Qb60mvqI60TdSadETGvqoVzRtqd4iJIdVQVbVa57/XWaON6f1Yry
I2RF/xV3y+DB92V5ToAMYZFWbW+JjFQ5T3ce1SrkVovN/alTTR0U5n89+Efx5v0p
tYyZRqV1VLdQu56eXdosCRfBpW7BT47ZbFO/LdrrG9qNhH4XVdATUu7sPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI72OoHSn+PX7BzGvCc1MS18ugqMB8GA1UdIwQY
MBaAFByXtII9PJ4SHsZJgh4A8Kea65uNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEplMGdqMDhuaElleGttQ0hnRHdwNXJybTQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xNTY0MWEtNjYxNC00NWU0LWEyYTkt
OWI5Y2Q4OTY1OWUwLzEvOGp2WTZnZEtmNDlmc0hNYThKelV4TFh5NkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xNTY0MWEtNjYxNC00NWU0LWEyYTktOWI5Y2Q4OTY1OWUw
LzEvSEplMGdqMDhuaElleGttQ0hnRHdwNXJybTQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT06MA0G
CSqGSIb3DQEBCwUAA4IBAQCSj52/IH+cbtr2msum+BPjD8kDKUfmrNQ2DFwl2WfZ
eO1WHzOFbmd3FND+tjZ+eIfwr4xPAiDEY26iLObDxF6rWovJNyj8o8wqt2X449Zh
zX5n98/8o1ZyvzFDP/+ziGhM71QDLgTLdA/wv/IIjU6+PlQyYavRqP4EmTqCEeNz
qvT8JStMFRcYVtEx1TY8Q9WDHMnPBr3LhqbWP/o0Bjuwi3PHRoj2EJq/WL8nsmYY
+4/UyxDobbL628J07/Zh9WeIhKYYZfzF1dCyMxxDqMXQbyNDEHN7sQC5zYFebGlb
mk53uJpFmGTdZAdqEgaVM7uuacn7vxBx10YqHFyXPvZE
-----END CERTIFICATE-----