Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/anyb0S2isVZ6Se4Mftij8iSLpPk.roa
File:                     anyb0S2isVZ6Se4Mftij8iSLpPk.roa (raw, json)
Hash identifier:          8kZzLUilTF5CneX4LxuRFJNuwebJiucwE+f4bJOwZpY=
Subject key identifier:   6A:7C:9B:D1:2D:A2:B1:56:7A:49:EE:0C:7E:D8:A3:F2:24:8B:A4:F9
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F930B47189ABA168844851B59CFF4
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/anyb0S2isVZ6Se4Mftij8iSLpPk.roa
Signing time:             Wed 01 Jan 2025 13:48:02 +0000
ROA not before:           Wed 01 Jan 2025 13:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211526
IP address blocks:        85.14.56.0/24 maxlen: 24
                          85.14.57.0/24 maxlen: 24
                          89.252.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:93:0b:47:18:9a:ba:16:88:44:85:1b:59:cf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a7c9bd12da2b1567a49ee0c7ed8a3f2248ba4f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:da:64:e4:a0:64:b4:a7:e2:f2:f3:d3:ee:0a:
                    44:e1:4a:f3:7a:28:fe:39:86:65:70:6c:db:2f:7d:
                    d9:69:a3:d0:e6:c3:85:cb:42:f2:a4:0b:49:87:a4:
                    e0:3c:1a:be:c6:9a:cd:10:3c:70:bd:79:7a:1e:3f:
                    28:c1:bc:56:e7:83:bf:b7:23:f3:b7:bb:bf:67:6f:
                    26:dc:c3:54:0a:33:b1:35:f5:59:4c:5c:e3:da:bd:
                    5c:33:ec:4e:85:cd:d4:64:70:03:c6:76:9b:46:ec:
                    c0:b8:a9:8b:4b:ef:0b:ed:0c:d2:c1:2d:61:d7:5b:
                    eb:f5:f8:94:8e:91:6a:e0:b2:e3:10:cc:0a:64:a9:
                    79:2d:1b:f8:eb:41:5d:36:20:77:6a:27:98:f4:cd:
                    01:8a:ad:ec:97:b1:42:b4:23:63:2e:7e:be:59:f0:
                    5f:f8:47:9f:22:97:14:6f:ef:bf:43:73:29:27:48:
                    a8:8a:54:f7:36:36:d2:f0:1a:db:45:c4:96:25:0d:
                    8d:6b:9e:90:8c:f7:ca:cd:8b:73:50:a8:ba:c6:79:
                    3c:ee:10:5c:88:3c:81:3a:09:84:b4:1e:8c:42:31:
                    94:b7:14:bd:0d:81:d4:33:3d:c8:4f:ea:45:e5:97:
                    32:28:05:22:8f:7e:ec:29:74:6f:4d:0f:54:a3:3a:
                    fe:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7C:9B:D1:2D:A2:B1:56:7A:49:EE:0C:7E:D8:A3:F2:24:8B:A4:F9
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/anyb0S2isVZ6Se4Mftij8iSLpPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.56.0/23
                  89.252.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:0f:e0:be:d5:63:08:d1:0d:d6:f8:b7:30:be:4d:bc:de:9e:
         6b:33:57:f5:77:11:f8:52:75:d4:7e:a8:49:94:93:be:a3:30:
         03:a5:ae:c3:72:75:ce:be:b6:0c:5d:84:1d:d0:2b:0f:e5:f3:
         35:1d:59:43:44:6f:12:da:89:fd:93:1f:83:08:c3:fd:e7:f2:
         25:a0:48:6a:ac:89:ed:7e:b1:e6:8f:be:ca:e5:26:de:f4:51:
         69:41:c0:9d:92:93:d1:38:73:06:fe:25:0b:71:61:93:87:3e:
         bf:23:ae:1e:bb:55:52:4e:54:78:af:df:68:ee:65:91:75:ce:
         d0:42:bd:66:1b:32:75:30:d7:79:04:43:6d:bc:62:fa:fb:ef:
         a3:3d:af:df:6b:bb:a2:aa:91:36:0a:d8:34:6c:bc:94:27:bb:
         83:6c:41:66:c8:80:56:f0:76:29:da:7a:d3:e6:f0:fb:f5:51:
         f0:0f:9c:d5:21:7c:c8:6d:04:19:87:5a:ae:0c:63:1a:eb:d7:
         7f:6c:8d:e5:f3:de:96:11:7f:b5:80:fa:75:e7:ea:92:16:c8:
         8a:b7:54:e3:90:4a:e4:43:40:dc:68:f2:00:eb:66:c0:9a:bf:
         09:78:fe:7f:72:df:a9:ca:d1:ab:bd:b5:70:b6:0d:0e:a0:ff:
         5a:25:9f:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH5MLRxiauhaIRIUbWc/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTdjOWJkMTJkYTJiMTU2N2E0OWVlMGM3ZWQ4YTNmMjI0OGJhNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNpk5KBktKfi8vPT7gpE4Urzeij+
OYZlcGzbL33ZaaPQ5sOFy0LypAtJh6TgPBq+xprNEDxwvXl6Hj8owbxW54O/tyPz
t7u/Z28m3MNUCjOxNfVZTFzj2r1cM+xOhc3UZHADxnabRuzAuKmLS+8L7QzSwS1h
11vr9fiUjpFq4LLjEMwKZKl5LRv460FdNiB3aieY9M0Biq3sl7FCtCNjLn6+WfBf
+EefIpcUb++/Q3MpJ0ioilT3NjbS8BrbRcSWJQ2Na56QjPfKzYtzUKi6xnk87hBc
iDyBOgmEtB6MQjGUtxS9DYHUMz3IT+pF5ZcyKAUij37sKXRvTQ9Uozr+QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGp8m9EtorFWeknuDH7Yo/Iki6T5MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvYW55YjBTMmlzVlo2U2U0TWZ0aWo4aVNMcFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVQ44AwQA
WfzGMA0GCSqGSIb3DQEBCwUAA4IBAQCND+C+1WMI0Q3W+Lcwvk283p5rM1f1dxH4
UnXUfqhJlJO+ozADpa7DcnXOvrYMXYQd0CsP5fM1HVlDRG8S2on9kx+DCMP95/Il
oEhqrIntfrHmj77K5Sbe9FFpQcCdkpPROHMG/iULcWGThz6/I64eu1VSTlR4r99o
7mWRdc7QQr1mGzJ1MNd5BENtvGL6+++jPa/fa7uiqpE2Ctg0bLyUJ7uDbEFmyIBW
8HYp2nrT5vD79VHwD5zVIXzIbQQZh1quDGMa69d/bI3l896WEX+1gPp15+qSFsiK
t1TjkErkQ0DcaPIA62bAmr8JeP5/ct+pytGrvbVwtg0OoP9aJZ8U
-----END CERTIFICATE-----