Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/sIt3F6ds6E5Cw-7IGWGY_E58vEs.roa
File:                     sIt3F6ds6E5Cw-7IGWGY_E58vEs.roa (raw, json)
Hash identifier:          Sbu/A4tPhb/YMsWEmB4prBnkedMa/77cZPz9BrDKBSg=
Subject key identifier:   B0:8B:77:17:A7:6C:E8:4E:42:C3:EE:C8:19:61:98:FC:4E:7C:BC:4B
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CA5A1D1EB2370D7D0B49A60D5D6CA
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/sIt3F6ds6E5Cw-7IGWGY_E58vEs.roa
Signing time:             Wed 01 Jan 2025 01:48:18 +0000
ROA not before:           Wed 01 Jan 2025 01:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35404
IP address blocks:        185.241.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a5:a1:d1:eb:23:70:d7:d0:b4:9a:60:d5:d6:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b08b7717a76ce84e42c3eec8196198fc4e7cbc4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:07:2b:45:dc:c8:ac:d7:71:ab:ef:2f:d1:2a:
                    33:46:50:c8:e8:22:6f:2e:a4:80:c2:94:0e:29:6b:
                    44:16:9c:b8:86:f9:9c:41:cd:86:51:75:15:56:30:
                    69:40:19:ee:80:bb:2f:47:cd:b3:cf:3e:91:59:ba:
                    61:c8:5c:dc:ed:d8:7c:29:f6:7d:5a:ab:27:a1:92:
                    c1:ec:9c:14:a7:3a:18:48:3e:8f:9b:31:06:f6:fe:
                    7c:38:c8:9f:14:f7:27:04:55:db:0a:ab:1a:4e:d1:
                    ed:74:e4:27:32:bb:1b:09:6b:28:5e:e4:64:8c:05:
                    b2:d8:58:2f:f5:af:e7:7d:72:fc:8d:d2:a2:a2:e9:
                    74:36:18:9f:06:79:fc:db:bc:eb:6a:e0:7e:42:60:
                    8c:6c:8f:1b:c7:86:d4:a1:e6:41:e3:d4:81:b9:00:
                    41:19:c4:a2:40:70:41:e3:75:62:3a:89:f5:4b:e1:
                    3c:37:3f:ed:04:04:32:67:4a:c3:46:b9:85:16:bd:
                    f8:56:4a:0b:93:03:cc:d1:06:12:ce:7a:d5:6e:82:
                    bb:01:21:a9:5e:12:32:48:ac:57:00:37:ef:ca:aa:
                    4d:9b:5d:27:b6:b9:34:59:62:bb:f6:b4:cb:d3:0b:
                    99:2e:9a:a8:9e:90:37:37:7c:28:e4:85:78:58:73:
                    94:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:8B:77:17:A7:6C:E8:4E:42:C3:EE:C8:19:61:98:FC:4E:7C:BC:4B
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/sIt3F6ds6E5Cw-7IGWGY_E58vEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:62:af:7c:13:1a:83:ca:72:a2:29:f6:5b:6a:6b:59:1a:e2:
         08:3c:6b:ca:ee:6b:c5:eb:eb:28:f7:ed:ad:52:ee:42:c8:37:
         76:10:23:28:51:42:22:21:f2:c2:a3:3d:60:82:77:9c:b7:11:
         91:d4:31:53:7b:ee:e2:a8:24:f5:99:a5:50:9a:59:3e:47:f4:
         10:79:65:ef:68:72:93:f7:01:97:86:9f:b7:de:cc:9b:01:54:
         a0:36:47:03:c2:4c:0a:e0:91:17:d5:12:a9:12:96:e1:df:d3:
         7e:06:e8:79:3f:c4:7d:eb:8f:a1:ca:6f:8d:a5:5d:4a:6d:8c:
         ed:2b:76:47:0a:5e:46:cc:75:77:42:c6:82:51:83:04:48:6c:
         82:94:29:93:62:3e:cb:32:93:a4:a2:b6:5a:a3:a7:bf:97:3b:
         a1:cf:1c:b8:2e:c0:11:b0:18:9f:cf:3b:07:e8:dd:21:c2:65:
         6c:a5:8e:f1:49:36:ec:88:18:e2:32:a4:67:22:cc:de:b0:6b:
         dd:61:31:0b:7b:ec:23:4b:d4:4e:e7:fa:c7:f1:8e:90:87:46:
         9a:18:18:fc:02:38:b6:80:3c:66:f5:54:9a:19:f8:77:ca:9a:
         ac:ad:c1:48:56:fa:b8:09:fe:99:33:b6:9b:ed:e8:c1:f2:26:
         67:67:e2:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKWh0esjcNfQtJpg1dbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhiNzcxN2E3NmNlODRlNDJjM2VlYzgxOTYxOThmYzRlN2NiYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgcrRdzIrNdxq+8v0SozRlDI6CJv
LqSAwpQOKWtEFpy4hvmcQc2GUXUVVjBpQBnugLsvR82zzz6RWbphyFzc7dh8KfZ9
WqsnoZLB7JwUpzoYSD6PmzEG9v58OMifFPcnBFXbCqsaTtHtdOQnMrsbCWsoXuRk
jAWy2Fgv9a/nfXL8jdKioul0NhifBnn827zrauB+QmCMbI8bx4bUoeZB49SBuQBB
GcSiQHBB43ViOon1S+E8Nz/tBAQyZ0rDRrmFFr34VkoLkwPM0QYSznrVboK7ASGp
XhIySKxXADfvyqpNm10ntrk0WWK79rTL0wuZLpqonpA3N3wo5IV4WHOUcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCLdxenbOhOQsPuyBlhmPxOfLxLMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvc0l0M0Y2ZHM2RTVDdy03SUdXR1lfRTU4dkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufH3MA0G
CSqGSIb3DQEBCwUAA4IBAQBMYq98ExqDynKiKfZbamtZGuIIPGvK7mvF6+so9+2t
Uu5CyDd2ECMoUUIiIfLCoz1ggnectxGR1DFTe+7iqCT1maVQmlk+R/QQeWXvaHKT
9wGXhp+33sybAVSgNkcDwkwK4JEX1RKpEpbh39N+Buh5P8R964+hym+NpV1KbYzt
K3ZHCl5GzHV3QsaCUYMESGyClCmTYj7LMpOkorZao6e/lzuhzxy4LsARsBifzzsH
6N0hwmVspY7xSTbsiBjiMqRnIszesGvdYTELe+wjS9RO5/rH8Y6Qh0aaGBj8Aji2
gDxm9VSaGfh3ypqsrcFIVvq4Cf6ZM7ab7ejB8iZnZ+L8
-----END CERTIFICATE-----