Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/1-zT9mAEBlOTW17BpRdhhq5CBopo.roa
File:                     1-zT9mAEBlOTW17BpRdhhq5CBopo.roa (raw, json)
Hash identifier:          fOlZL/jmt7x24Mq2vq6+5+VHvePQon8h2vdvdk/CniI=
Subject key identifier:   FB:34:FD:98:01:01:94:E4:D6:D7:B0:69:45:D8:61:AB:90:81:A2:9A
Certificate issuer:       /CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
Certificate serial:       01942747AB5BD2CF657B87065553D60B67A8
Authority key identifier: A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/1-zT9mAEBlOTW17BpRdhhq5CBopo.roa
Signing time:             Thu 02 Jan 2025 13:49:55 +0000
ROA not before:           Thu 02 Jan 2025 13:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213151
IP address blocks:        185.125.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ab:5b:d2:cf:65:7b:87:06:55:53:d6:0b:67:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
        Validity
            Not Before: Jan  2 13:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb34fd98010194e4d6d7b06945d861ab9081a29a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:60:47:54:ed:c3:0e:7b:24:cf:5f:6a:05:09:
                    00:7b:23:78:e2:ea:32:31:68:60:a5:0b:d6:cf:4c:
                    1f:2e:c7:f9:d9:8d:2b:ba:bb:00:75:db:3f:8a:fe:
                    1b:70:b3:f3:46:5a:dc:a3:98:b7:08:45:44:56:6b:
                    7f:31:9f:c8:77:35:96:6f:9f:1e:6b:2f:0e:de:69:
                    a7:d3:ae:41:54:64:94:9e:2b:96:b2:0f:54:87:91:
                    f8:d9:a3:34:a2:c6:d1:e3:17:a3:19:2e:29:4a:88:
                    96:e0:05:15:46:de:e6:eb:72:32:44:34:22:14:a8:
                    99:f7:a8:a5:9f:ed:53:17:75:09:22:b3:cd:93:e5:
                    e6:c8:7e:54:50:65:0c:8d:0a:f5:ff:07:e6:bd:ee:
                    89:20:89:4b:0f:1d:cb:4f:c0:c3:28:28:68:27:12:
                    88:0b:1f:db:b9:c4:66:d0:82:5f:bc:18:2d:45:29:
                    e5:99:51:5c:77:c8:f6:a2:26:f3:b2:3f:25:05:aa:
                    d2:fe:05:3c:a5:7a:e6:26:5d:11:73:bd:34:20:29:
                    88:29:2a:2a:30:a1:0d:55:38:c3:14:cd:94:20:64:
                    99:d9:a2:86:01:1c:4e:fe:dc:d3:c4:1e:96:8f:de:
                    5f:17:af:aa:97:0c:d9:4c:06:89:e8:55:1f:bd:5c:
                    57:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:34:FD:98:01:01:94:E4:D6:D7:B0:69:45:D8:61:AB:90:81:A2:9A
            X509v3 Authority Key Identifier:
                keyid:A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/1-zT9mAEBlOTW17BpRdhhq5CBopo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ac:b4:54:53:41:74:3c:68:08:59:0f:3d:9b:36:7a:95:00:
         34:25:f6:b3:fa:e4:7d:14:2e:2d:54:39:b2:8d:cf:d0:27:d1:
         a7:32:b8:e6:7d:04:7e:fb:e6:0d:e6:e1:27:33:49:46:32:43:
         8b:52:1e:5d:c8:79:8f:8d:1f:5b:72:93:b7:7e:d5:96:9a:b2:
         37:37:cf:be:86:42:c3:27:ed:b2:c5:d0:55:cd:db:13:5c:19:
         ea:ef:a6:c5:cd:89:73:1d:9f:08:b8:39:4a:39:66:ca:56:ba:
         bc:75:b7:cc:69:27:f5:b4:a3:07:a2:7e:2c:7b:df:72:1e:23:
         cd:a2:ee:1b:cb:d6:99:e1:41:2f:89:cb:93:f0:78:c7:40:c4:
         47:e4:aa:ad:ec:20:3c:5b:6e:14:9a:1a:16:c7:69:f9:1a:5e:
         f8:7f:d7:b5:06:36:5a:2b:a3:f1:32:84:88:2c:56:32:80:b4:
         00:ec:62:0c:3f:e1:66:00:cb:74:fb:34:e5:ff:82:a6:2b:9e:
         6b:bb:00:d5:54:8c:6a:9b:95:d9:14:c0:16:2b:c8:62:8b:b1:
         4b:52:b8:d7:eb:2a:b2:df:22:c6:3e:a2:b1:fc:b5:84:17:b9:
         40:49:02:3a:db:87:9a:93:1d:af:96:c8:de:35:f3:1a:2d:0d:
         e2:f5:06:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR6tb0s9le4cGVVPWC2eoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjA4ZDZiMGU4MGE2NDMwZmI2YWY0M2ZhZTE2OGEwZTgw
MTFmZWUwHhcNMjUwMTAyMTM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjM0ZmQ5ODAxMDE5NGU0ZDZkN2IwNjk0NWQ4NjFhYjkwODFhMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmBHVO3DDnskz19qBQkAeyN44uoy
MWhgpQvWz0wfLsf52Y0rursAdds/iv4bcLPzRlrco5i3CEVEVmt/MZ/IdzWWb58e
ay8O3mmn065BVGSUniuWsg9Uh5H42aM0osbR4xejGS4pSoiW4AUVRt7m63IyRDQi
FKiZ96iln+1TF3UJIrPNk+XmyH5UUGUMjQr1/wfmve6JIIlLDx3LT8DDKChoJxKI
Cx/bucRm0IJfvBgtRSnlmVFcd8j2oibzsj8lBarS/gU8pXrmJl0Rc700ICmIKSoq
MKENVTjDFM2UIGSZ2aKGARxO/tzTxB6Wj95fF6+qlwzZTAaJ6FUfvVxXowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPs0/ZgBAZTk1tewaUXYYauQgaKaMB8GA1UdIwQY
MBaAFKNgjWsOgKZDD7avQ/rhaKDoAR/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMt
ODNiZjcwYjFmZDZiLzEvMS16VDltQUVCbE9UVzE3QnBSZGhocTVDQm9wby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvZmI1OTEwLWZlMTQtNDQ1My04YzljLTgzYmY3MGIxZmQ2
Yi8xL28yQ05hdzZBcGtNUHRxOUQtdUZvb09nQkgtNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl9jTAN
BgkqhkiG9w0BAQsFAAOCAQEAd6y0VFNBdDxoCFkPPZs2epUANCX2s/rkfRQuLVQ5
so3P0CfRpzK45n0EfvvmDebhJzNJRjJDi1IeXch5j40fW3KTt37VlpqyNzfPvoZC
wyftssXQVc3bE1wZ6u+mxc2Jcx2fCLg5Sjlmyla6vHW3zGkn9bSjB6J+LHvfch4j
zaLuG8vWmeFBL4nLk/B4x0DER+SqrewgPFtuFJoaFsdp+Rpe+H/XtQY2Wiuj8TKE
iCxWMoC0AOxiDD/hZgDLdPs05f+Cpiuea7sA1VSMapuV2RTAFivIYouxS1K41+sq
st8ixj6isfy1hBe5QEkCOtuHmpMdr5bI3jXzGi0N4vUG5g==
-----END CERTIFICATE-----