Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/tD1CUDBjs22F2Vpn4D4yWrWPHZ4.roa
File:                     tD1CUDBjs22F2Vpn4D4yWrWPHZ4.roa (raw, json)
Hash identifier:          lG5gN7RKN9Uruqz8icVgVV1JmWliEhD6uso7zWpR9k4=
Subject key identifier:   B4:3D:42:50:30:63:B3:6D:85:D9:5A:67:E0:3E:32:5A:B5:8F:1D:9E
Certificate issuer:       /CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
Certificate serial:       019426D9E1E5B661AB4A6D2877347AC0D9C5
Authority key identifier: 1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/tD1CUDBjs22F2Vpn4D4yWrWPHZ4.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203936
IP address blocks:        185.238.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e1:e5:b6:61:ab:4a:6d:28:77:34:7a:c0:d9:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b43d42503063b36d85d95a67e03e325ab58f1d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:13:eb:a0:1b:0d:a7:b0:70:f3:0f:1b:cb:ea:
                    7e:17:52:84:5f:8d:a2:11:b8:05:fa:6b:d9:d8:d0:
                    1b:aa:24:6c:37:e2:c8:fd:de:13:56:fa:43:0b:4e:
                    00:56:ba:5a:eb:d7:20:cc:e7:ea:cd:37:6a:3d:4a:
                    5d:9c:45:65:bd:6a:03:75:08:0b:b1:90:56:0a:65:
                    04:7f:c8:69:61:d7:68:2c:96:67:02:b0:70:ee:f5:
                    cf:8b:6f:fa:5d:75:f8:c7:7d:04:57:c2:c2:67:21:
                    a7:b9:bd:dd:33:53:a7:7d:4e:a8:5f:b1:3f:8e:35:
                    5a:2f:8e:ac:53:05:39:59:71:5b:51:03:13:14:b1:
                    f3:f6:18:9a:28:1b:8a:c1:23:8a:a3:bc:18:b6:23:
                    2a:7d:c5:ab:01:83:fb:a8:05:42:fa:a1:80:34:d4:
                    c1:50:7f:73:96:9e:f4:55:f3:63:df:4a:b0:b4:aa:
                    6c:0e:8e:66:20:8d:72:b9:62:96:f0:e2:09:ef:66:
                    be:be:06:cd:22:1a:48:86:b2:0d:63:51:e7:40:57:
                    d3:44:f3:ec:dc:b5:cf:8c:2c:f0:5d:c4:91:5a:5f:
                    29:ed:47:81:43:b1:ff:e2:d1:41:73:03:4c:5e:17:
                    df:59:57:11:4a:48:59:53:a0:4c:a4:2c:5e:f3:b6:
                    e4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3D:42:50:30:63:B3:6D:85:D9:5A:67:E0:3E:32:5A:B5:8F:1D:9E
            X509v3 Authority Key Identifier:
                keyid:1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/tD1CUDBjs22F2Vpn4D4yWrWPHZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:62:ad:bd:e3:9e:e7:c8:29:ac:b9:09:f5:16:ca:59:c6:9e:
         f8:61:c5:60:26:e6:aa:1e:69:62:e1:68:14:32:9b:40:37:16:
         ed:a7:72:c5:7c:97:54:8d:e1:ee:7f:0f:a1:60:90:be:0d:26:
         32:d6:a6:46:f2:fb:41:b3:7b:55:21:c8:73:ad:4f:73:e8:16:
         94:49:2d:87:dd:ef:60:c2:f7:73:3d:0e:66:65:8e:b1:a9:70:
         f5:37:c4:dd:db:51:81:b8:08:28:b3:41:ae:28:59:d1:1f:c9:
         a6:36:ae:91:38:c8:d7:04:46:75:e7:1f:ce:7e:ec:1e:50:c1:
         48:a6:ea:79:a0:94:9d:9a:a9:38:a6:76:c8:a7:31:ad:78:dd:
         f0:ee:d2:46:99:a1:b7:72:4a:aa:e0:e9:85:c2:4f:3d:16:d1:
         6a:33:e4:8f:a4:e7:8a:4c:44:9d:c7:08:b7:7a:01:d4:1f:d3:
         47:15:57:98:2e:c9:9a:ff:1d:58:10:5b:31:9a:24:4e:b8:46:
         09:6d:e7:dc:05:24:78:2d:44:a0:0d:23:03:58:d5:ae:c3:7d:
         92:4d:1f:eb:a4:18:0d:04:d3:b3:33:7e:11:10:c2:1a:55:45:
         81:a7:28:a7:bd:12:ee:0f:32:c7:7e:e3:9a:2e:8f:71:c8:cc:
         69:9f:68:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eHltmGrSm0odzR6wNnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGM3ZTdiYjI3YzUzM2E5OTdkMjc3Y2FkZDQxN2VjN2Jk
Mjg0ZjAwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNkNDI1MDMwNjNiMzZkODVkOTVhNjdlMDNlMzI1YWI1OGYxZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBProBsNp7Bw8w8by+p+F1KEX42i
EbgF+mvZ2NAbqiRsN+LI/d4TVvpDC04AVrpa69cgzOfqzTdqPUpdnEVlvWoDdQgL
sZBWCmUEf8hpYddoLJZnArBw7vXPi2/6XXX4x30EV8LCZyGnub3dM1OnfU6oX7E/
jjVaL46sUwU5WXFbUQMTFLHz9hiaKBuKwSOKo7wYtiMqfcWrAYP7qAVC+qGANNTB
UH9zlp70VfNj30qwtKpsDo5mII1yuWKW8OIJ72a+vgbNIhpIhrINY1HnQFfTRPPs
3LXPjCzwXcSRWl8p7UeBQ7H/4tFBcwNMXhffWVcRSkhZU6BMpCxe87bkLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ9QlAwY7NthdlaZ+A+Mlq1jx2eMB8GA1UdIwQY
MBaAFB0MfnuyfFM6mX0nfK3UF+x70oTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFF4LWU3SjhVenFaZlNkOHJkUVg3SHZTaFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9kZGQzNDktYWM1MC00M2U1LWE4OGEt
YjI4ZjA3YjJmNDViLzEvdEQxQ1VEQmpzMjJGMlZwbjRENHlXcldQSFo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9kZGQzNDktYWM1MC00M2U1LWE4OGEtYjI4ZjA3YjJmNDVi
LzEvSFF4LWU3SjhVenFaZlNkOHJkUVg3SHZTaFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue5XMA0G
CSqGSIb3DQEBCwUAA4IBAQC0Yq29457nyCmsuQn1FspZxp74YcVgJuaqHmli4WgU
MptANxbtp3LFfJdUjeHufw+hYJC+DSYy1qZG8vtBs3tVIchzrU9z6BaUSS2H3e9g
wvdzPQ5mZY6xqXD1N8Td21GBuAgos0GuKFnRH8mmNq6ROMjXBEZ15x/OfuweUMFI
pup5oJSdmqk4pnbIpzGteN3w7tJGmaG3ckqq4OmFwk89FtFqM+SPpOeKTESdxwi3
egHUH9NHFVeYLsma/x1YEFsxmiROuEYJbefcBSR4LUSgDSMDWNWuw32STR/rpBgN
BNOzM34REMIaVUWBpyinvRLuDzLHfuOaLo9xyMxpn2gg
-----END CERTIFICATE-----