Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/07X0hen1-KbW9Uhkt7xjA-PCLGU.roa
File:                     07X0hen1-KbW9Uhkt7xjA-PCLGU.roa (raw, json)
Hash identifier:          8+QD86bIku1q5HIr9iB6Xu8OCMzU+b8rQ15QGWkM/rs=
Subject key identifier:   D3:B5:F4:85:E9:F5:F8:A6:D6:F5:48:64:B7:BC:63:03:E3:C2:2C:65
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       019427B660F4C409A5ECBED8DFC5375819F0
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/07X0hen1-KbW9Uhkt7xjA-PCLGU.roa
Signing time:             Thu 02 Jan 2025 15:50:51 +0000
ROA not before:           Thu 02 Jan 2025 15:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        194.6.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:60:f4:c4:09:a5:ec:be:d8:df:c5:37:58:19:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Jan  2 15:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3b5f485e9f5f8a6d6f54864b7bc6303e3c22c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c7:23:1b:4a:1b:26:61:9b:35:1e:27:2e:18:
                    48:fe:de:13:5a:56:3e:90:97:7a:b6:0f:18:c0:c4:
                    39:d1:7e:d5:2e:25:ab:63:96:da:20:83:9a:a6:d8:
                    85:bc:3c:a9:9a:81:cf:fe:39:9e:0f:b6:da:87:91:
                    86:05:81:a7:e4:24:bb:95:59:77:be:5c:63:63:2a:
                    67:a4:9b:35:dc:81:53:a4:7e:fb:35:e9:f5:a2:b7:
                    87:e9:da:45:fa:51:77:86:a8:a3:98:9d:e7:1d:16:
                    44:09:71:39:78:67:7a:04:b9:29:81:ec:b5:21:11:
                    30:fd:eb:aa:ec:41:f1:17:f9:50:07:53:a5:ee:30:
                    e5:5c:99:d5:27:d1:cd:03:77:05:f0:10:44:0e:12:
                    ed:cd:59:54:38:52:3b:16:bb:0b:42:b1:48:c0:b3:
                    de:43:cf:e8:a3:48:a2:d0:a6:ff:56:d3:ba:1f:a1:
                    19:b7:7d:5d:3d:21:96:79:61:48:22:33:e8:8a:b0:
                    f5:9f:c3:1f:ed:ea:7c:12:d3:d0:bb:64:6f:17:46:
                    59:84:9e:06:c1:eb:10:f5:3c:62:c0:cb:f9:28:bc:
                    f9:fb:59:5a:27:ab:b2:77:4d:68:76:f1:c9:10:c0:
                    bd:6b:2f:d4:18:80:c0:b0:25:2a:08:e8:4e:66:34:
                    ee:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B5:F4:85:E9:F5:F8:A6:D6:F5:48:64:B7:BC:63:03:E3:C2:2C:65
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/07X0hen1-KbW9Uhkt7xjA-PCLGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:86:41:3f:76:e9:d2:3b:ce:6e:b9:83:3f:06:72:71:80:cd:
         1a:f2:5d:28:f5:4c:5f:a2:09:06:73:5e:56:59:4f:55:83:7a:
         6f:5c:de:65:89:11:e7:b9:29:da:26:3e:d4:b8:62:26:7a:b8:
         54:f5:12:29:8b:6d:c3:b9:ec:70:d4:b7:59:05:c8:d2:20:61:
         41:bb:e1:ea:44:45:65:16:54:60:d2:ec:ff:1c:b0:e4:f2:42:
         72:6f:a4:7b:7a:a7:f2:7e:63:9f:73:28:2b:a5:b9:3b:92:ba:
         3b:42:38:21:8c:34:e7:b5:a4:75:c1:4a:14:49:33:8e:34:22:
         98:c7:a0:9b:25:a3:f4:30:4f:d3:02:e8:44:7e:41:44:e4:86:
         79:90:d6:a2:a3:d0:3e:d6:59:e3:32:2e:1c:e0:49:07:c5:c2:
         94:ec:b0:17:42:5f:d3:37:7d:28:8f:6d:a0:a5:8e:d5:14:cc:
         21:27:4c:07:ad:26:67:27:a8:77:9e:07:4e:0c:60:0a:27:b8:
         29:5c:5c:18:14:24:72:cd:29:6e:c3:0d:7e:70:9d:0d:9e:df:
         ae:bb:3f:ba:27:ea:a4:55:c2:8a:ab:e1:47:72:22:00:da:a6:
         04:ce:14:2c:6a:41:3e:9f:5b:b9:cb:9f:85:d1:fa:6a:10:3d:
         7b:22:da:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntmD0xAml7L7Y38U3WBnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjUwMTAyMTU1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I1ZjQ4NWU5ZjVmOGE2ZDZmNTQ4NjRiN2JjNjMwM2UzYzIyYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmccjG0obJmGbNR4nLhhI/t4TWlY+
kJd6tg8YwMQ50X7VLiWrY5baIIOaptiFvDypmoHP/jmeD7bah5GGBYGn5CS7lVl3
vlxjYypnpJs13IFTpH77Nen1oreH6dpF+lF3hqijmJ3nHRZECXE5eGd6BLkpgey1
IREw/euq7EHxF/lQB1Ol7jDlXJnVJ9HNA3cF8BBEDhLtzVlUOFI7FrsLQrFIwLPe
Q8/oo0ii0Kb/VtO6H6EZt31dPSGWeWFIIjPoirD1n8Mf7ep8EtPQu2RvF0ZZhJ4G
wesQ9TxiwMv5KLz5+1laJ6uyd01odvHJEMC9ay/UGIDAsCUqCOhOZjTuRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO19IXp9fim1vVIZLe8YwPjwixlMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvMDdYMGhlbjEtS2JXOVVoa3Q3eGpBLVBDTEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgbvMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhkE/dunSO85uuYM/BnJxgM0a8l0o9UxfogkGc15W
WU9Vg3pvXN5liRHnuSnaJj7UuGImerhU9RIpi23Duexw1LdZBcjSIGFBu+HqREVl
FlRg0uz/HLDk8kJyb6R7eqfyfmOfcygrpbk7kro7QjghjDTntaR1wUoUSTOONCKY
x6CbJaP0ME/TAuhEfkFE5IZ5kNaio9A+1lnjMi4c4EkHxcKU7LAXQl/TN30oj22g
pY7VFMwhJ0wHrSZnJ6h3ngdODGAKJ7gpXFwYFCRyzSluww1+cJ0Nnt+uuz+6J+qk
VcKKq+FHciIA2qYEzhQsakE+n1u5y5+F0fpqED17Itpk
-----END CERTIFICATE-----