Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/ftPX6ru82FwqHJ4CTaIfY0kPRSU.roa
File:                     ftPX6ru82FwqHJ4CTaIfY0kPRSU.roa (raw, json)
Hash identifier:          iKc9aP9F91n3SzRk10qNjCoKwRfXAgJ0qpka/jBdSo4=
Subject key identifier:   7E:D3:D7:EA:BB:BC:D8:5C:2A:1C:9E:02:4D:A2:1F:63:49:0F:45:25
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       019422FB9E202D27EBDDD8B93BF98EF08069
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/ftPX6ru82FwqHJ4CTaIfY0kPRSU.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15704
IP address blocks:        185.111.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9e:20:2d:27:eb:dd:d8:b9:3b:f9:8e:f0:80:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ed3d7eabbbcd85c2a1c9e024da21f63490f4525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ce:93:a7:1f:92:5d:56:f5:1a:19:de:2f:63:
                    17:97:b3:7b:32:b4:0e:91:30:62:98:f1:bd:26:d8:
                    83:d4:7f:6b:c5:18:0b:0e:08:02:9d:0f:4b:02:66:
                    3f:8a:50:b1:f8:8c:60:6e:21:6e:51:8d:ff:eb:05:
                    4a:df:5f:57:1c:e6:2d:96:9d:8c:c8:0c:47:b8:e3:
                    d2:00:f4:59:4d:37:d4:da:df:75:db:35:ad:86:9e:
                    fe:89:92:13:53:0b:fa:a4:22:d0:bb:2b:d8:d7:52:
                    58:5d:63:b9:6f:34:b3:63:28:8d:d8:f0:51:0c:bb:
                    1c:e7:28:f2:fa:63:b1:5e:35:55:d9:81:9e:99:af:
                    67:86:44:8b:9b:9f:a0:d0:8d:c1:b8:07:16:97:77:
                    da:66:bf:a7:45:a8:1b:c6:b7:37:30:82:0b:34:4b:
                    49:d2:a9:16:a3:36:9c:87:70:eb:f1:01:54:83:38:
                    ce:22:d2:7f:7a:86:7d:df:a6:2f:08:2b:51:ce:ae:
                    0a:9a:0c:bf:cd:a2:49:c3:66:e0:69:8b:1b:89:2b:
                    b5:08:36:2e:ad:4f:b5:68:21:3b:ef:a0:c1:13:3c:
                    85:f2:48:a9:0a:da:6d:20:95:f3:00:58:68:0d:8f:
                    8b:27:af:16:d6:75:25:1b:61:09:74:ac:35:8c:be:
                    04:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D3:D7:EA:BB:BC:D8:5C:2A:1C:9E:02:4D:A2:1F:63:49:0F:45:25
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/ftPX6ru82FwqHJ4CTaIfY0kPRSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:98:91:97:46:75:6f:11:dd:13:e3:b7:63:01:c7:0e:b6:e2:
         c2:b5:08:bf:7b:be:76:22:f2:31:b5:67:ef:92:77:84:f8:3a:
         6f:f6:c5:76:95:20:02:f4:4d:08:ed:75:cd:d3:ad:05:da:b5:
         56:80:e8:74:f4:12:13:cb:db:f7:25:a0:1a:6e:e4:29:e3:4c:
         5f:8b:4a:8f:4a:6a:7e:ca:6e:e6:7a:90:5e:7e:12:71:1b:e0:
         76:7e:77:ff:14:c6:d9:20:aa:67:f2:c1:56:b4:74:18:65:f7:
         80:3d:c2:77:b6:73:43:03:61:ba:2a:ed:eb:ab:91:6e:8b:da:
         9d:d6:b8:f3:98:e8:a5:4b:0a:1f:8d:1f:95:8b:16:d6:58:eb:
         72:2b:5f:b1:12:e4:e0:a2:97:e7:2f:23:d2:1b:52:33:9d:c6:
         e7:42:16:df:f2:e7:0a:c9:7f:f5:b0:ac:2f:ea:b8:70:0b:0d:
         b3:cc:87:86:a8:0a:dd:10:52:c8:e7:b0:36:c9:a3:61:c9:f5:
         30:98:0b:8e:07:89:ab:d4:5a:06:60:3d:b0:19:e8:89:a3:a8:
         c8:be:88:bb:4e:e4:9b:40:6d:c5:22:d1:46:de:21:33:cf:80:
         72:15:a9:98:cf:b1:03:75:40:e7:44:9a:2a:90:17:29:a1:bc:
         4f:b3:0e:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+54gLSfr3di5O/mO8IBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTc1ODAyZTdlZmI4NjUzZTNhZjU5Y2JmMWJjMDY1Mzhi
Y2E2NzEwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQzZDdlYWJiYmNkODVjMmExYzllMDI0ZGEyMWY2MzQ5MGY0NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc6Tpx+SXVb1GhneL2MXl7N7MrQO
kTBimPG9JtiD1H9rxRgLDggCnQ9LAmY/ilCx+IxgbiFuUY3/6wVK319XHOYtlp2M
yAxHuOPSAPRZTTfU2t912zWthp7+iZITUwv6pCLQuyvY11JYXWO5bzSzYyiN2PBR
DLsc5yjy+mOxXjVV2YGema9nhkSLm5+g0I3BuAcWl3faZr+nRagbxrc3MIILNEtJ
0qkWozach3Dr8QFUgzjOItJ/eoZ936YvCCtRzq4Kmgy/zaJJw2bgaYsbiSu1CDYu
rU+1aCE776DBEzyF8kipCtptIJXzAFhoDY+LJ68W1nUlG2EJdKw1jL4ECwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7T1+q7vNhcKhyeAk2iH2NJD0UlMB8GA1UdIwQY
MBaAFKjnWALn77hlPjr1nL8bwGU4vKZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjkt
NDExZjU4MzdmZWZhLzEvZnRQWDZydTgyRndxSEo0Q1RhSWZZMGtQUlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjktNDExZjU4MzdmZWZh
LzEvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/8MA0G
CSqGSIb3DQEBCwUAA4IBAQCMmJGXRnVvEd0T47djAccOtuLCtQi/e752IvIxtWfv
kneE+Dpv9sV2lSAC9E0I7XXN060F2rVWgOh09BITy9v3JaAabuQp40xfi0qPSmp+
ym7mepBefhJxG+B2fnf/FMbZIKpn8sFWtHQYZfeAPcJ3tnNDA2G6Ku3rq5Fui9qd
1rjzmOilSwofjR+VixbWWOtyK1+xEuTgopfnLyPSG1IzncbnQhbf8ucKyX/1sKwv
6rhwCw2zzIeGqArdEFLI57A2yaNhyfUwmAuOB4mr1FoGYD2wGeiJo6jIvoi7TuSb
QG3FItFG3iEzz4ByFamYz7EDdUDnRJoqkBcpobxPsw5q
-----END CERTIFICATE-----