Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/CT1kamAbdTERZN5ZltlxdxMLAEM.roa
File:                     CT1kamAbdTERZN5ZltlxdxMLAEM.roa (raw, json)
Hash identifier:          Gs4RzH5oW89pHjmwmYDa+uB2nJFgP0SD0MJwKdrwMXw=
Subject key identifier:   09:3D:64:6A:60:1B:75:31:11:64:DE:59:96:D9:71:77:13:0B:00:43
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F0F3B6801701E3F526D1378D5980F
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/CT1kamAbdTERZN5ZltlxdxMLAEM.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273373
IP address blocks:        185.255.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0f:3b:68:01:70:1e:3f:52:6d:13:78:d5:98:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=093d646a601b75311164de5996d97177130b0043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:10:fd:5d:3d:e5:8a:b4:a6:e8:d8:0d:cf:c9:
                    b6:76:d8:13:3f:64:2a:6d:2b:a0:cd:00:ab:69:8d:
                    2a:f1:29:dc:9e:46:4b:5b:03:e1:53:e4:53:f3:e2:
                    67:ac:64:b9:74:d2:1b:4d:54:c1:b7:c8:2b:45:d9:
                    27:bb:6d:15:9f:d5:99:5c:97:fd:ae:c4:aa:cd:c9:
                    90:8b:26:af:bb:bb:77:2f:5c:10:91:49:0b:62:ac:
                    95:bd:20:4d:d6:dc:a4:ce:65:13:39:38:48:06:c6:
                    43:12:ac:b2:6e:53:04:d1:10:bc:53:2b:dc:f6:8c:
                    49:e6:51:39:bb:fa:8d:3d:1c:c6:83:6f:d0:21:d6:
                    bc:8a:7c:4c:01:c6:85:17:58:dd:38:86:5a:7c:86:
                    79:02:18:14:ab:3e:b5:88:df:0e:e4:63:89:fb:2a:
                    f5:e3:d6:a1:a7:8b:db:ac:7d:22:10:c8:84:01:10:
                    9c:b2:4d:f5:e7:7d:63:8e:d0:61:fe:05:b2:ae:29:
                    0d:37:49:46:30:a3:a7:05:e4:92:62:8c:6b:8b:d4:
                    5a:d8:14:5d:b4:bb:c8:cb:a2:1e:a4:7c:a8:34:33:
                    6e:55:cf:94:00:f3:14:fb:c4:bf:74:b9:d6:d5:8a:
                    a0:de:16:d8:fd:da:73:88:9d:69:bc:0e:81:e0:ce:
                    1a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3D:64:6A:60:1B:75:31:11:64:DE:59:96:D9:71:77:13:0B:00:43
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/CT1kamAbdTERZN5ZltlxdxMLAEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:7a:3d:a9:6e:0d:48:d9:50:c7:0a:d9:f8:ce:5c:0c:7c:05:
         32:19:eb:b5:6c:ab:2c:67:fe:f9:bd:6b:c4:c4:e4:9c:67:c7:
         90:d9:13:76:f1:4f:be:ed:e1:81:ef:74:60:05:da:5d:7e:10:
         b0:0d:c6:d2:69:b7:6e:69:29:bb:34:ea:c3:d0:34:2f:68:37:
         01:4e:df:e3:12:b6:ed:7b:3f:1b:87:fb:f5:b9:6a:d4:99:23:
         6b:0d:9e:d6:68:df:50:67:78:34:72:05:a2:ea:83:f6:5f:63:
         81:ad:14:8c:90:f2:a3:42:71:83:50:82:98:1c:22:bb:2b:1f:
         dc:8e:d0:71:38:bf:be:2f:9e:ae:e2:86:fa:f4:59:47:07:c0:
         24:c6:d8:2e:57:a1:5d:de:47:ae:8e:d7:0a:e3:ea:a0:4b:45:
         2c:92:de:79:e1:b2:6b:35:42:88:03:f2:40:eb:0a:43:9a:37:
         b0:98:a1:12:27:a8:bc:29:57:f5:6a:96:ee:ff:54:be:84:12:
         6d:3d:07:50:23:60:f5:ee:65:d0:b9:16:42:93:96:d9:e4:3d:
         02:89:07:95:8b:a1:4e:bc:ab:ea:00:7e:78:a8:01:39:34:e4:
         05:ff:62:b9:80:eb:5d:c4:6b:aa:45:a6:1c:a3:c0:51:d5:16:
         9f:ef:a2:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljw87aAFwHj9SbRN41ZgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNkNjQ2YTYwMWI3NTMxMTE2NGRlNTk5NmQ5NzE3NzEzMGIwMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthD9XT3lirSm6NgNz8m2dtgTP2Qq
bSugzQCraY0q8SncnkZLWwPhU+RT8+JnrGS5dNIbTVTBt8grRdknu20Vn9WZXJf9
rsSqzcmQiyavu7t3L1wQkUkLYqyVvSBN1tykzmUTOThIBsZDEqyyblME0RC8Uyvc
9oxJ5lE5u/qNPRzGg2/QIda8inxMAcaFF1jdOIZafIZ5AhgUqz61iN8O5GOJ+yr1
49ahp4vbrH0iEMiEARCcsk31531jjtBh/gWyrikNN0lGMKOnBeSSYoxri9Ra2BRd
tLvIy6IepHyoNDNuVc+UAPMU+8S/dLnW1Yqg3hbY/dpziJ1pvA6B4M4afQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk9ZGpgG3UxEWTeWZbZcXcTCwBDMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvQ1Qxa2FtQWJkVEVSWk41Wmx0bHhkeE1MQUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuf84MA0G
CSqGSIb3DQEBCwUAA4IBAQAkej2pbg1I2VDHCtn4zlwMfAUyGeu1bKssZ/75vWvE
xOScZ8eQ2RN28U++7eGB73RgBdpdfhCwDcbSabduaSm7NOrD0DQvaDcBTt/jErbt
ez8bh/v1uWrUmSNrDZ7WaN9QZ3g0cgWi6oP2X2OBrRSMkPKjQnGDUIKYHCK7Kx/c
jtBxOL++L56u4ob69FlHB8AkxtguV6Fd3keujtcK4+qgS0Uskt554bJrNUKIA/JA
6wpDmjewmKESJ6i8KVf1apbu/1S+hBJtPQdQI2D17mXQuRZCk5bZ5D0CiQeVi6FO
vKvqAH54qAE5NOQF/2K5gOtdxGuqRaYco8BR1Raf76I+
-----END CERTIFICATE-----