Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/L_Mdyf7-0zU-n7Mp3Z4VrOOEu0o.roa
File:                     L_Mdyf7-0zU-n7Mp3Z4VrOOEu0o.roa (raw, json)
Hash identifier:          Smpxt0bFjzAI4Pr+hjL9xq0S0f+Eikopww0HQeDGIeo=
Subject key identifier:   2F:F3:1D:C9:FE:FE:D3:35:3E:9F:B3:29:DD:9E:15:AC:E3:84:BB:4A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D725CBFFAF5D42DC02F74A2DAD5290
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/L_Mdyf7-0zU-n7Mp3Z4VrOOEu0o.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209019
IP address blocks:        85.209.1.0/24 maxlen: 24
                          185.221.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:25:cb:ff:af:5d:42:dc:02:f7:4a:2d:ad:52:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ff31dc9fefed3353e9fb329dd9e15ace384bb4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ee:fd:8d:fd:08:95:64:74:bf:43:a7:ab:f7:
                    14:22:2b:40:5a:5c:56:63:d6:0e:e6:6d:05:f2:53:
                    d4:03:61:c7:08:11:9d:c8:88:d5:29:c4:e7:f9:92:
                    7b:a3:b4:33:a1:d1:1a:8f:15:b1:89:f4:28:79:fe:
                    d2:fe:1c:e6:18:1c:81:75:35:5d:d4:1e:f6:b4:01:
                    dd:e2:af:82:df:00:32:c4:33:ed:44:86:f1:61:6a:
                    b2:48:a3:d3:f7:02:3b:69:20:c4:d4:8c:94:f6:b1:
                    63:b3:d1:c8:23:56:58:2f:e0:19:a7:9b:d9:84:ee:
                    cb:fa:b9:32:7a:ce:83:22:8d:7b:8a:51:c6:b4:f5:
                    47:07:b5:0f:4b:55:97:7c:bb:3f:31:ff:3c:17:9d:
                    23:cf:8f:34:ab:71:2b:ba:d3:13:21:c2:70:01:3c:
                    4b:df:67:b8:8a:63:d7:a9:ee:5e:95:c8:1b:94:62:
                    5e:85:8e:5c:36:d0:c2:4b:17:56:8c:1a:e5:f5:f5:
                    fd:88:ee:74:0c:98:27:6f:71:dd:70:83:06:60:3a:
                    42:87:d9:c6:7a:71:65:78:dc:37:0f:4c:07:dd:6e:
                    c7:0a:6f:21:72:1b:be:45:d4:b2:3f:90:37:ba:b7:
                    32:8b:d8:21:1a:15:80:74:3e:d5:d7:19:6f:d2:c8:
                    5f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F3:1D:C9:FE:FE:D3:35:3E:9F:B3:29:DD:9E:15:AC:E3:84:BB:4A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/L_Mdyf7-0zU-n7Mp3Z4VrOOEu0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.1.0/24
                  185.221.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:28:c2:70:03:88:03:a1:63:c1:05:02:88:b2:13:c6:56:10:
         c6:31:4b:a1:bb:ef:32:28:20:ea:c2:d1:2b:de:8b:13:b3:a7:
         06:4c:86:4b:ba:17:9c:72:cf:da:92:c4:9e:d2:b6:65:19:c0:
         0e:fc:2b:94:48:6c:40:c5:8a:fe:5c:17:c8:db:d7:32:6f:64:
         4d:1d:da:b3:10:fe:62:25:58:d2:40:cd:d7:52:89:d8:cc:4a:
         42:2b:9f:07:21:54:5c:2e:29:6a:a1:d4:41:a9:4b:0d:d6:34:
         6d:9b:03:24:ad:c3:60:e4:1d:b4:be:07:db:e1:0c:64:8f:65:
         68:20:bd:fc:1f:a1:8f:8d:16:18:42:e7:33:c5:2e:e2:e9:4c:
         ef:0d:91:7a:c6:04:7e:8c:3a:1f:56:48:33:a2:61:47:2c:32:
         2c:4c:98:8c:cc:3c:a8:03:78:13:6b:ed:8f:d5:b9:4b:e5:09:
         32:1b:99:8a:1a:83:21:1b:29:cb:3c:fa:27:9b:e1:41:09:f7:
         f7:c0:95:de:7d:39:46:33:c5:91:ad:88:88:79:01:bf:90:ea:
         06:66:26:b6:8c:89:34:1d:ee:9b:e6:11:76:2f:bb:2f:90:96:
         53:71:c8:b6:7d:69:8b:c7:a2:f3:44:03:fa:da:bf:cd:64:9a:
         8c:97:d5:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1yXL/69dQtwC90otrVKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmYzMWRjOWZlZmVkMzM1M2U5ZmIzMjlkZDllMTVhY2UzODRiYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+79jf0IlWR0v0Onq/cUIitAWlxW
Y9YO5m0F8lPUA2HHCBGdyIjVKcTn+ZJ7o7QzodEajxWxifQoef7S/hzmGByBdTVd
1B72tAHd4q+C3wAyxDPtRIbxYWqySKPT9wI7aSDE1IyU9rFjs9HII1ZYL+AZp5vZ
hO7L+rkyes6DIo17ilHGtPVHB7UPS1WXfLs/Mf88F50jz480q3ErutMTIcJwATxL
32e4imPXqe5elcgblGJehY5cNtDCSxdWjBrl9fX9iO50DJgnb3HdcIMGYDpCh9nG
enFleNw3D0wH3W7HCm8hchu+RdSyP5A3urcyi9ghGhWAdD7V1xlv0shfXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/zHcn+/tM1Pp+zKd2eFazjhLtKMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTF9NZHlmNy0welUtbjdNcDNaNFZyT09FdTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVdEBAwQA
ud2hMA0GCSqGSIb3DQEBCwUAA4IBAQAFKMJwA4gDoWPBBQKIshPGVhDGMUuhu+8y
KCDqwtEr3osTs6cGTIZLuheccs/aksSe0rZlGcAO/CuUSGxAxYr+XBfI29cyb2RN
HdqzEP5iJVjSQM3XUonYzEpCK58HIVRcLilqodRBqUsN1jRtmwMkrcNg5B20vgfb
4Qxkj2VoIL38H6GPjRYYQuczxS7i6UzvDZF6xgR+jDofVkgzomFHLDIsTJiMzDyo
A3gTa+2P1blL5QkyG5mKGoMhGynLPPonm+FBCff3wJXefTlGM8WRrYiIeQG/kOoG
Zia2jIk0He6b5hF2L7svkJZTcci2fWmLx6LzRAP62r/NZJqMl9U1
-----END CERTIFICATE-----