Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/CcJJz4LHqBfVmqebSCbbfSxazO4.roa
File:                     CcJJz4LHqBfVmqebSCbbfSxazO4.roa (raw, json)
Hash identifier:          NpYxNXz/TsGqoMRv+WmEIOF956M+rNYVRpeLiIuXSLs=
Subject key identifier:   09:C2:49:CF:82:C7:A8:17:D5:9A:A7:9B:48:26:DB:7D:2C:5A:CC:EE
Certificate issuer:       /CN=525b705a91dbc30ed10eb7222b7797b834e01863
Certificate serial:       019425FDE6EE33404F644D65A5AE6026AEB5
Authority key identifier: 52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/CcJJz4LHqBfVmqebSCbbfSxazO4.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208521
IP address blocks:        185.236.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e6:ee:33:40:4f:64:4d:65:a5:ae:60:26:ae:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525b705a91dbc30ed10eb7222b7797b834e01863
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09c249cf82c7a817d59aa79b4826db7d2c5accee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ad:d1:af:42:46:3b:a6:63:d9:58:59:54:4d:
                    1e:81:0b:32:6c:a6:f1:0e:5d:66:a0:c6:54:6e:ed:
                    3f:85:75:ea:83:90:f0:a4:e3:68:74:f5:6e:a8:ab:
                    0c:7b:fd:d2:2c:8d:a1:ba:4b:8b:75:c3:22:af:ca:
                    e5:ec:fb:f5:1e:7d:d1:ec:63:16:be:9e:6c:02:66:
                    a6:3f:8a:fa:f0:f5:ea:05:5b:18:58:34:1d:e1:20:
                    66:6a:ec:dc:04:37:00:73:8f:75:84:35:9f:76:1a:
                    a3:7a:05:9a:c4:17:c1:6b:e3:0a:ab:36:3a:58:e0:
                    e7:a4:8e:34:f3:8a:02:25:0d:30:49:e3:12:e5:08:
                    83:19:28:8d:3a:7e:bf:82:3f:b9:c5:77:49:40:c0:
                    0e:95:5c:ce:b1:14:05:84:15:6c:06:52:74:af:fd:
                    04:5d:87:61:07:41:18:6e:fe:3c:1b:23:86:36:bf:
                    00:b6:ba:1f:b3:66:83:72:7f:86:77:69:ef:bb:e2:
                    85:5c:30:25:38:11:92:51:d9:bb:2b:df:96:c1:87:
                    f3:ba:1e:54:1b:4b:14:35:bd:af:b5:95:aa:dd:d2:
                    55:7c:97:a5:04:d3:da:09:16:e5:bd:79:cf:fe:48:
                    42:f2:6c:36:4c:22:ed:1b:ec:5b:b0:ab:a0:ef:b6:
                    8f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C2:49:CF:82:C7:A8:17:D5:9A:A7:9B:48:26:DB:7D:2C:5A:CC:EE
            X509v3 Authority Key Identifier:
                keyid:52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/CcJJz4LHqBfVmqebSCbbfSxazO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:6c:da:bd:f2:c3:44:af:d8:04:a1:cf:ad:19:4a:4d:18:9a:
         53:96:02:9e:ce:87:ca:66:1b:36:5d:6e:ad:9c:32:23:b4:6b:
         e1:d3:a1:09:31:a7:4e:d0:6c:92:3c:d5:de:50:b1:88:33:62:
         27:a3:d8:40:88:30:e6:ca:3a:49:d8:01:49:82:37:f7:d6:96:
         f3:e8:ec:3f:77:78:0c:57:68:3c:54:92:01:2f:11:1f:27:df:
         fa:6d:14:0f:ee:8a:f3:19:05:ea:63:94:7f:fa:f2:e5:12:67:
         da:d6:4a:86:be:e1:4c:0f:18:01:5d:b5:d1:dd:46:39:0f:23:
         bf:7d:a9:42:17:68:e3:90:c1:7c:21:0a:e3:6c:a8:e8:0a:70:
         a0:80:1a:56:22:51:35:97:df:5d:c1:ea:92:b6:03:a9:b5:02:
         e6:47:c1:b9:18:aa:29:38:47:98:2b:7e:56:2a:98:77:41:0a:
         06:f8:50:4e:00:15:bd:22:5f:9e:14:c9:22:06:c9:cf:10:82:
         ef:e8:02:03:c1:48:fc:20:ea:5d:4c:b5:e0:c5:f7:5d:98:4e:
         c9:c5:70:3a:2c:63:57:19:94:e8:ee:7b:00:ba:df:e1:cb:e7:
         56:15:fe:08:28:79:b9:ed:f8:a6:9e:37:e3:6a:18:f4:79:fe:
         4c:4d:0d:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ebuM0BPZE1lpa5gJq61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWI3MDVhOTFkYmMzMGVkMTBlYjcyMjJiNzc5N2I4MzRl
MDE4NjMwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWMyNDljZjgyYzdhODE3ZDU5YWE3OWI0ODI2ZGI3ZDJjNWFjY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3q3Rr0JGO6Zj2VhZVE0egQsybKbx
Dl1moMZUbu0/hXXqg5DwpONodPVuqKsMe/3SLI2hukuLdcMir8rl7Pv1Hn3R7GMW
vp5sAmamP4r68PXqBVsYWDQd4SBmauzcBDcAc491hDWfdhqjegWaxBfBa+MKqzY6
WODnpI4084oCJQ0wSeMS5QiDGSiNOn6/gj+5xXdJQMAOlVzOsRQFhBVsBlJ0r/0E
XYdhB0EYbv48GyOGNr8Atrofs2aDcn+Gd2nvu+KFXDAlOBGSUdm7K9+WwYfzuh5U
G0sUNb2vtZWq3dJVfJelBNPaCRblvXnP/khC8mw2TCLtG+xbsKug77aPqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnCSc+Cx6gX1Zqnm0gm230sWszuMB8GA1UdIwQY
MBaAFFJbcFqR28MO0Q63Iit3l7g04BhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQt
ZjQ2ODg3ZGY5ODYzLzEvQ2NKSno0TEhxQmZWbXFlYlNDYmJmU3hhek80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQtZjQ2ODg3ZGY5ODYz
LzEvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuezxMA0G
CSqGSIb3DQEBCwUAA4IBAQAGbNq98sNEr9gEoc+tGUpNGJpTlgKezofKZhs2XW6t
nDIjtGvh06EJMadO0GySPNXeULGIM2Ino9hAiDDmyjpJ2AFJgjf31pbz6Ow/d3gM
V2g8VJIBLxEfJ9/6bRQP7orzGQXqY5R/+vLlEmfa1kqGvuFMDxgBXbXR3UY5DyO/
falCF2jjkMF8IQrjbKjoCnCggBpWIlE1l99dweqStgOptQLmR8G5GKopOEeYK35W
Kph3QQoG+FBOABW9Il+eFMkiBsnPEILv6AIDwUj8IOpdTLXgxfddmE7JxXA6LGNX
GZTo7nsAut/hy+dWFf4IKHm57fimnjfjahj0ef5MTQ2n
-----END CERTIFICATE-----