Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/0DRjjmcZlOUPV43RadORGLY5fAU.roa
File:                     0DRjjmcZlOUPV43RadORGLY5fAU.roa (raw, json)
Hash identifier:          OsLSdbKdwCfPfb6fa3q09CVq+CXKI7ScoH/tLbYmOyY=
Subject key identifier:   D0:34:63:8E:67:19:94:E5:0F:57:8D:D1:69:D3:91:18:B6:39:7C:05
Certificate issuer:       /CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
Certificate serial:       019425FDD2A1545E0B2D408244EF0D2787BD
Authority key identifier: FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/0DRjjmcZlOUPV43RadORGLY5fAU.roa
Signing time:             Thu 02 Jan 2025 07:49:38 +0000
ROA not before:           Thu 02 Jan 2025 07:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35470
IP address blocks:        87.239.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d2:a1:54:5e:0b:2d:40:82:44:ef:0d:27:87:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d034638e671994e50f578dd169d39118b6397c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8e:cd:89:c2:b4:37:44:db:a2:1e:58:85:b9:
                    38:a3:76:20:2d:16:d7:d5:14:29:6f:e4:e3:8a:a2:
                    e3:50:a1:97:c8:b8:17:56:c7:d9:9d:f7:e5:ab:e7:
                    61:f7:a0:f9:9b:3e:9c:97:01:f2:2a:eb:98:3f:3e:
                    c1:a5:36:d6:01:af:9d:c3:8c:65:ff:8c:cd:73:ff:
                    c7:f6:99:49:a0:24:02:3d:07:18:ea:5a:45:ac:d0:
                    c0:f7:da:83:b8:c1:64:93:6b:e3:f1:93:d2:88:fe:
                    04:be:11:1d:80:71:a1:1e:08:c6:3b:fa:2a:89:01:
                    6b:ac:11:2a:32:83:05:06:53:9e:86:40:c7:29:81:
                    3b:f1:7c:53:f4:df:ad:36:5b:08:58:e8:01:e6:d8:
                    db:0f:17:d5:ba:c6:e7:89:b2:a7:e3:55:a8:61:0b:
                    c2:80:81:8e:28:e1:51:aa:a5:d6:1f:75:50:24:e2:
                    6e:e4:a0:34:9e:6e:9b:58:b7:fb:dc:64:63:d6:cf:
                    a8:dd:0f:49:54:1a:d5:f5:0a:7e:e6:b7:da:cd:83:
                    20:e4:ca:73:d6:39:fa:1e:1e:86:9a:28:3e:21:bd:
                    7e:99:ab:77:4c:88:db:ba:a5:97:8c:d2:f1:d8:11:
                    45:2a:a8:fe:c8:d4:45:60:b1:b4:cc:9b:29:6d:dd:
                    10:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:34:63:8E:67:19:94:E5:0F:57:8D:D1:69:D3:91:18:B6:39:7C:05
            X509v3 Authority Key Identifier:
                keyid:FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/0DRjjmcZlOUPV43RadORGLY5fAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:cc:5c:7d:5d:d0:86:ff:82:f3:39:25:a0:5e:49:fe:40:45:
         0c:bf:f1:ae:17:73:ed:d8:7a:e0:ac:e0:a2:2f:f6:dd:83:a4:
         a9:7d:5f:67:f1:53:a4:5c:f9:86:ff:4e:9b:97:5e:5c:ac:50:
         13:88:21:da:55:33:46:d5:04:4d:5f:6d:11:6b:5c:b8:bd:23:
         cd:29:06:a7:cd:46:e2:cd:b1:d2:f6:6b:57:f2:64:e5:8f:e6:
         b5:a2:e5:e5:8e:e7:e8:fe:e4:fe:44:71:4e:af:fa:29:d8:51:
         47:2f:22:07:eb:56:54:ce:d7:31:48:9b:12:01:b7:29:be:38:
         c5:73:84:fd:e1:96:3a:14:02:77:96:ad:92:72:3f:f5:45:36:
         15:c7:64:1e:fa:67:a6:15:1c:cd:f7:b9:cb:18:f1:ae:9c:99:
         7a:79:b5:82:26:a0:c1:ea:e1:eb:77:af:96:a3:37:7b:ca:cf:
         27:21:16:a8:cc:9a:63:4a:95:eb:a7:3f:4f:3b:73:35:ed:d6:
         98:38:c6:c0:00:db:80:0e:c2:80:62:25:f6:03:05:08:8c:87:
         f8:38:38:8d:8a:55:c2:8a:40:55:22:2c:f3:58:2b:2d:08:9a:
         f3:dd:75:90:02:95:07:1f:fd:49:24:1d:a5:19:b3:77:b2:d2:
         98:1e:09:79
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/dKhVF4LLUCCRO8NJ4e9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWIyNDc4ZGZlMGYzM2EyNzhiMTNmNDJkZDMxOTYwMWQ2
Mzc4YTgwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDM0NjM4ZTY3MTk5NGU1MGY1NzhkZDE2OWQzOTExOGI2Mzk3YzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw47NicK0N0Tboh5Yhbk4o3YgLRbX
1RQpb+TjiqLjUKGXyLgXVsfZnfflq+dh96D5mz6clwHyKuuYPz7BpTbWAa+dw4xl
/4zNc//H9plJoCQCPQcY6lpFrNDA99qDuMFkk2vj8ZPSiP4EvhEdgHGhHgjGO/oq
iQFrrBEqMoMFBlOehkDHKYE78XxT9N+tNlsIWOgB5tjbDxfVusbnibKn41WoYQvC
gIGOKOFRqqXWH3VQJOJu5KA0nm6bWLf73GRj1s+o3Q9JVBrV9Qp+5rfazYMg5Mpz
1jn6Hh6Gmig+Ib1+mat3TIjbuqWXjNLx2BFFKqj+yNRFYLG0zJspbd0QKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNA0Y45nGZTlD1eN0WnTkRi2OXwFMB8GA1UdIwQY
MBaAFPobJHjf4PM6J4sT9C3TGWAdY3ioMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oc2tlTl9nOHpvbml4UDBMZE1aWUIxamVLZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgy
LTJhMWNjZTdkMmM2NS8xLzBEUmpqbWNabE9VUFY0M1JhZE9SR0xZNWZBVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgyLTJhMWNjZTdkMmM2
NS8xLzEtaHNrZU5fZzh6b25peFAwTGRNWllCMWplS2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX7wsw
DQYJKoZIhvcNAQELBQADggEBAHTMXH1d0Ib/gvM5JaBeSf5ARQy/8a4Xc+3YeuCs
4KIv9t2DpKl9X2fxU6Rc+Yb/TpuXXlysUBOIIdpVM0bVBE1fbRFrXLi9I80pBqfN
RuLNsdL2a1fyZOWP5rWi5eWO5+j+5P5EcU6v+inYUUcvIgfrVlTO1zFImxIBtym+
OMVzhP3hljoUAneWrZJyP/VFNhXHZB76Z6YVHM33ucsY8a6cmXp5tYImoMHq4et3
r5ajN3vKzychFqjMmmNKleunP087czXt1pg4xsAA24AOwoBiJfYDBQiMh/g4OI2K
VcKKQFUiLPNYKy0ImvPddZAClQcf/UkkHaUZs3ey0pgeCXk=
-----END CERTIFICATE-----