Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/abiXS2EnBdlrx-hgL1ajpSBjwVM.roa
File:                     abiXS2EnBdlrx-hgL1ajpSBjwVM.roa (raw, json)
Hash identifier:          hNAI48qZn/M1Xe7i5yShAXSttx/VVrkP47GPW168mNM=
Subject key identifier:   69:B8:97:4B:61:27:05:D9:6B:C7:E8:60:2F:56:A3:A5:20:63:C1:53
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F0B26084C514B82656E46FDF0A098
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/abiXS2EnBdlrx-hgL1ajpSBjwVM.roa
Signing time:             Thu 02 Jan 2025 05:48:38 +0000
ROA not before:           Thu 02 Jan 2025 05:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208322
IP address blocks:        85.187.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0b:26:08:4c:51:4b:82:65:6e:46:fd:f0:a0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69b8974b612705d96bc7e8602f56a3a52063c153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c4:a9:38:18:4d:26:bf:6f:72:d5:61:20:68:
                    72:af:ca:f1:4f:09:80:de:fc:ee:16:a1:43:22:b4:
                    1a:58:c5:d4:4a:8b:86:83:e9:52:a3:3c:10:cb:b6:
                    f9:77:0b:18:56:99:24:a6:44:9f:7b:68:c0:26:b1:
                    d4:ac:40:7a:80:4c:92:57:8a:4f:24:13:4c:d9:6b:
                    f0:79:76:24:bc:f6:13:b1:4a:d9:72:c5:4c:f7:d9:
                    fc:bf:e6:81:15:c4:b0:36:d6:8b:98:65:1a:0c:24:
                    2a:8a:bd:23:3f:e0:10:d9:a6:80:18:a4:bc:38:cb:
                    33:21:51:c2:ba:c0:ee:d6:f5:5f:a8:e3:ec:88:f6:
                    00:59:56:bc:81:5a:e6:f3:3e:10:3f:c3:d6:62:be:
                    c4:38:ae:a7:54:03:50:b8:ba:78:d7:9f:f5:ca:1a:
                    21:60:eb:e5:a5:8d:9e:7e:f6:dd:41:bf:43:20:89:
                    9d:99:4b:79:7d:3d:4d:f6:da:0a:9e:cb:b2:e4:69:
                    b8:e2:8e:c1:72:e1:cd:0e:5c:03:2c:51:e8:64:a7:
                    f8:99:52:27:c1:2e:a8:d7:df:0c:12:02:c1:ce:36:
                    a3:3e:59:4d:b0:ec:1d:85:48:2d:87:a2:2f:21:21:
                    6a:6d:0a:67:56:40:08:cd:1f:a8:93:42:91:9c:73:
                    e6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B8:97:4B:61:27:05:D9:6B:C7:E8:60:2F:56:A3:A5:20:63:C1:53
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/abiXS2EnBdlrx-hgL1ajpSBjwVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:fa:b6:af:45:6b:97:34:eb:fe:f0:51:4f:1e:96:16:76:13:
         9f:05:5e:09:e5:f7:c4:73:b2:34:5b:66:7c:ae:1b:fe:86:43:
         e8:c0:ad:a3:f6:c5:5f:24:ef:1d:ec:75:af:34:93:2b:58:da:
         2e:e0:0a:d1:d7:17:18:e0:a9:be:19:79:58:ea:bf:89:81:0e:
         b6:89:13:e0:a9:e9:e3:07:f0:b7:b0:fa:35:b5:f5:4d:d6:52:
         e7:77:eb:18:95:50:44:bb:98:2b:8a:c4:ca:f8:58:af:a8:4c:
         87:0c:dd:f7:ad:44:54:4d:91:ba:1d:90:ea:77:80:81:82:be:
         56:b9:17:70:77:11:bc:1a:0c:6b:2c:8c:57:84:6b:eb:60:a2:
         b8:8d:0f:85:9e:87:36:82:7d:37:13:a5:c1:76:f1:7c:64:71:
         9b:09:7e:de:27:bf:23:67:61:94:d2:8c:a1:c1:ce:3f:5b:c6:
         bf:3f:2c:b0:fc:03:b2:71:6f:e5:da:95:f7:b7:3b:65:0e:6b:
         05:00:c2:fe:f3:49:1f:11:b8:52:62:a5:8a:02:2a:57:77:a2:
         61:51:af:bc:b3:9e:13:99:95:3a:79:ed:b3:aa:99:e7:b7:f3:
         eb:c6:f0:47:56:44:28:44:6f:9a:51:6a:e5:a1:9e:cd:00:97:
         e8:41:35:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwsmCExRS4Jlbkb98KCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI4OTc0YjYxMjcwNWQ5NmJjN2U4NjAyZjU2YTNhNTIwNjNjMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcSpOBhNJr9vctVhIGhyr8rxTwmA
3vzuFqFDIrQaWMXUSouGg+lSozwQy7b5dwsYVpkkpkSfe2jAJrHUrEB6gEySV4pP
JBNM2WvweXYkvPYTsUrZcsVM99n8v+aBFcSwNtaLmGUaDCQqir0jP+AQ2aaAGKS8
OMszIVHCusDu1vVfqOPsiPYAWVa8gVrm8z4QP8PWYr7EOK6nVANQuLp415/1yhoh
YOvlpY2efvbdQb9DIImdmUt5fT1N9toKnsuy5Gm44o7BcuHNDlwDLFHoZKf4mVIn
wS6o198MEgLBzjajPllNsOwdhUgth6IvISFqbQpnVkAIzR+ok0KRnHPm7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm4l0thJwXZa8foYC9Wo6UgY8FTMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvYWJpWFMyRW5CZGxyeC1oZ0wxYWpwU0Jqd1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVbssMA0G
CSqGSIb3DQEBCwUAA4IBAQDT+ravRWuXNOv+8FFPHpYWdhOfBV4J5ffEc7I0W2Z8
rhv+hkPowK2j9sVfJO8d7HWvNJMrWNou4ArR1xcY4Km+GXlY6r+JgQ62iRPgqenj
B/C3sPo1tfVN1lLnd+sYlVBEu5grisTK+FivqEyHDN33rURUTZG6HZDqd4CBgr5W
uRdwdxG8GgxrLIxXhGvrYKK4jQ+Fnoc2gn03E6XBdvF8ZHGbCX7eJ78jZ2GU0oyh
wc4/W8a/Pyyw/AOycW/l2pX3tztlDmsFAML+80kfEbhSYqWKAipXd6JhUa+8s54T
mZU6ee2zqpnnt/PrxvBHVkQoRG+aUWrloZ7NAJfoQTUx
-----END CERTIFICATE-----