Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/f_BAmJDU6YD_W-jGGFTEv2Fs7Ak.roa
File:                     f_BAmJDU6YD_W-jGGFTEv2Fs7Ak.roa (raw, json)
Hash identifier:          PaLYZLAv0TrU+Bsc9bxTmK6PnOfA5lCBIqcJSl9Ay7o=
Subject key identifier:   7F:F0:40:98:90:D4:E9:80:FF:5B:E8:C6:18:54:C4:BF:61:6C:EC:09
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       0194F96A5441E9FFDF2F211E6DEB35816ADA
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/f_BAmJDU6YD_W-jGGFTEv2Fs7Ak.roa
Signing time:             Wed 12 Feb 2025 09:08:02 +0000
ROA not before:           Wed 12 Feb 2025 09:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.239.177.0/24 maxlen: 24
                          185.239.178.0/24 maxlen: 24
                          185.239.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f9:6a:54:41:e9:ff:df:2f:21:1e:6d:eb:35:81:6a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Feb 12 09:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ff0409890d4e980ff5be8c61854c4bf616cec09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4e:84:b3:d5:14:fe:ce:5a:eb:1c:73:fa:50:
                    d7:08:aa:24:57:9a:c4:19:6b:6f:bb:62:0c:45:af:
                    cd:53:3c:02:66:89:12:f4:16:7c:f4:c1:64:75:e2:
                    d3:ba:67:d7:b9:60:3e:2c:e3:53:81:7c:a4:8b:b2:
                    e6:e7:0c:a7:97:58:bd:3e:7a:bb:8b:5b:1b:e5:87:
                    c4:5e:24:fb:b1:50:a5:01:e1:1c:07:40:6c:c9:7c:
                    89:17:8f:4d:81:7b:4e:1d:df:c6:d6:f3:14:92:12:
                    60:93:23:35:6c:45:e4:33:bc:25:50:5e:74:fe:f0:
                    0b:bf:03:99:3b:6b:c5:0f:d5:62:da:07:68:68:4b:
                    c3:7b:23:36:1e:20:c6:dd:ea:3d:73:1d:8f:26:35:
                    5a:d1:f7:ff:c1:eb:c3:7a:26:28:f5:79:ef:c8:03:
                    8b:8c:ea:16:91:50:8a:11:9b:5f:3a:b5:a0:34:9d:
                    8f:54:ce:a0:13:90:f3:37:7f:ea:6d:2d:ba:3e:b8:
                    ed:8b:be:22:1e:f5:f9:7f:42:4d:28:3f:6f:0e:d5:
                    16:aa:eb:89:14:e5:dc:ea:da:32:4c:5b:8c:85:a1:
                    9a:3c:bc:4d:b1:c3:3d:4f:1d:62:1e:90:a6:45:87:
                    fe:13:bb:c4:49:f1:79:63:7a:82:e9:cd:87:8c:d7:
                    3a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F0:40:98:90:D4:E9:80:FF:5B:E8:C6:18:54:C4:BF:61:6C:EC:09
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/f_BAmJDU6YD_W-jGGFTEv2Fs7Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.177.0-185.239.179.255

    Signature Algorithm: sha256WithRSAEncryption
         c5:ff:8f:02:7d:b8:05:ca:9d:55:69:54:c4:c5:d9:8a:a5:22:
         07:00:26:e1:67:c9:ae:e2:3b:57:56:3f:1a:90:5f:0d:ec:39:
         0b:31:d0:a9:80:b5:87:71:26:34:76:fe:af:d3:13:02:c4:3d:
         84:f2:24:bf:e7:b8:e4:33:dd:e5:58:4f:43:84:b1:22:a3:a1:
         bc:f8:fa:8b:b5:2f:39:c0:33:01:e5:a1:53:06:4c:23:6f:ea:
         61:c1:36:15:0e:3a:a8:d4:17:65:db:95:fb:55:69:b6:da:34:
         bc:31:5c:94:9f:c1:21:80:da:eb:05:6c:4a:37:98:ad:ec:d5:
         0f:10:a2:cd:0e:e4:83:3d:e3:82:4a:43:38:03:f6:6b:26:18:
         8b:fc:15:ae:b9:73:9a:fc:f6:0c:a0:73:4d:73:43:2d:ce:dd:
         13:15:4d:7b:68:34:4d:81:38:1f:71:4a:2e:d1:05:9f:65:12:
         c5:58:1e:45:a6:39:63:a8:11:06:fc:e7:3b:d1:5e:81:f6:a0:
         47:2c:75:34:75:6c:b5:ac:20:e1:11:0e:05:e2:39:13:8e:b7:
         46:e6:ac:be:aa:d4:ca:7a:3c:b7:ce:10:16:76:f2:e0:58:5d:
         1d:e3:93:3f:7d:da:eb:07:20:a0:78:61:37:fc:2f:4e:5c:07:
         95:a9:b2:69
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZT5alRB6f/fLyEebes1gWraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjUwMjEyMDkwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYwNDA5ODkwZDRlOTgwZmY1YmU4YzYxODU0YzRiZjYxNmNlYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok6Es9UU/s5a6xxz+lDXCKokV5rE
GWtvu2IMRa/NUzwCZokS9BZ89MFkdeLTumfXuWA+LONTgXyki7Lm5wynl1i9Pnq7
i1sb5YfEXiT7sVClAeEcB0BsyXyJF49NgXtOHd/G1vMUkhJgkyM1bEXkM7wlUF50
/vALvwOZO2vFD9Vi2gdoaEvDeyM2HiDG3eo9cx2PJjVa0ff/wevDeiYo9XnvyAOL
jOoWkVCKEZtfOrWgNJ2PVM6gE5DzN3/qbS26Prjti74iHvX5f0JNKD9vDtUWquuJ
FOXc6toyTFuMhaGaPLxNscM9Tx1iHpCmRYf+E7vESfF5Y3qC6c2HjNc6UQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH/wQJiQ1OmA/1voxhhUxL9hbOwJMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvZl9CQW1KRFU2WURfVy1qR0dGVEV2MkZzN0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC577ED
BAK577AwDQYJKoZIhvcNAQELBQADggEBAMX/jwJ9uAXKnVVpVMTF2YqlIgcAJuFn
ya7iO1dWPxqQXw3sOQsx0KmAtYdxJjR2/q/TEwLEPYTyJL/nuOQz3eVYT0OEsSKj
obz4+ou1LznAMwHloVMGTCNv6mHBNhUOOqjUF2XblftVabbaNLwxXJSfwSGA2usF
bEo3mK3s1Q8Qos0O5IM944JKQzgD9msmGIv8Fa65c5r89gygc01zQy3O3RMVTXto
NE2BOB9xSi7RBZ9lEsVYHkWmOWOoEQb85zvRXoH2oEcsdTR1bLWsIOERDgXiOROO
t0bmrL6q1Mp6PLfOEBZ28uBYXR3jkz992usHIKB4YTf8L05cB5Wpsmk=
-----END CERTIFICATE-----