Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/JfBP6dS5I5N35c7vJqB7NgG5BpQ.roa
File:                     JfBP6dS5I5N35c7vJqB7NgG5BpQ.roa (raw, json)
Hash identifier:          mlxyZUvm8D4amiftjMjNylfXPIWgAcCSgND1WevSbxo=
Subject key identifier:   25:F0:4F:E9:D4:B9:23:93:77:E5:CE:EF:26:A0:7B:36:01:B9:06:94
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       0194282560843993E6FE74E5C88DD4368F5D
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/JfBP6dS5I5N35c7vJqB7NgG5BpQ.roa
Signing time:             Thu 02 Jan 2025 17:52:05 +0000
ROA not before:           Thu 02 Jan 2025 17:52:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15924
IP address blocks:        185.205.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:60:84:39:93:e6:fe:74:e5:c8:8d:d4:36:8f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: Jan  2 17:52:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25f04fe9d4b9239377e5ceef26a07b3601b90694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:52:af:6a:d8:dd:34:9b:b2:fe:72:b0:c4:f3:
                    6e:1e:63:75:95:98:b0:da:e8:f8:a1:c8:04:29:43:
                    f9:fe:d1:e1:a1:d4:93:aa:e9:0c:c7:07:72:af:b0:
                    5c:b3:10:1f:d2:a6:5f:80:ce:5f:11:01:d9:a3:2d:
                    98:87:f2:62:8e:8d:c9:b1:cc:7b:d8:ec:1e:ef:d6:
                    31:c8:a4:69:80:c3:79:3a:c5:cf:10:3a:7f:d9:6a:
                    bb:d9:4c:38:e2:6a:50:9a:33:0f:56:c1:c1:82:fe:
                    f9:a2:4e:9c:89:b5:11:00:fe:ec:3b:5e:60:dc:63:
                    6e:65:fc:15:86:3f:99:45:cc:da:ab:aa:be:08:46:
                    0d:43:4c:1e:30:43:eb:25:7b:13:82:0b:76:a4:00:
                    a9:de:68:a2:81:b1:38:a2:fd:cc:cf:9d:e9:4b:2b:
                    3e:03:4e:ac:70:6f:2d:74:e1:29:8a:70:be:f4:06:
                    43:0d:36:17:4a:fc:91:54:b3:ea:48:60:e5:4d:05:
                    f6:4a:57:bb:2f:d9:cc:e4:24:b6:f2:24:65:ff:f2:
                    99:1a:34:61:ac:a8:60:6e:10:87:57:5e:36:c8:c4:
                    48:21:5b:76:4a:21:54:d9:e4:2b:ad:8d:04:f9:35:
                    6a:51:04:aa:72:c6:c7:4b:66:4e:01:3c:9a:4f:04:
                    f5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F0:4F:E9:D4:B9:23:93:77:E5:CE:EF:26:A0:7B:36:01:B9:06:94
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/JfBP6dS5I5N35c7vJqB7NgG5BpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:83:0b:82:21:3b:7f:69:5d:00:c0:a6:8f:21:2a:7c:ec:ac:
         9a:e1:93:9e:7b:25:b4:94:c2:d8:b8:70:c7:4b:a0:27:60:32:
         67:06:2a:fd:ec:ff:80:66:26:e7:c2:2d:03:ee:b5:0f:28:d2:
         39:e6:b2:b7:26:02:b3:76:9b:13:80:e4:f0:b2:ad:e2:e0:05:
         82:79:4c:22:c8:48:ad:00:68:ce:3f:db:59:3f:90:5f:a9:bb:
         c0:e0:12:d5:5f:17:6f:da:c3:3f:99:4e:2b:8a:e1:f6:5a:39:
         4d:73:79:fb:3e:9a:90:28:f4:ca:7d:d6:5f:4b:79:a2:6c:e5:
         98:33:2e:b7:07:c3:0b:9c:03:24:2f:33:82:ba:d7:68:e6:eb:
         f3:80:1d:fc:d0:59:5d:e6:cf:dd:b6:8f:6e:dc:9a:76:b4:06:
         ae:26:32:61:79:14:64:ca:8d:b8:d5:4a:8f:54:84:6a:e4:8f:
         0e:81:7d:29:d9:e1:f9:76:52:b2:80:53:d6:d9:63:e5:66:c8:
         16:e2:f5:94:fa:ae:87:55:80:65:aa:a4:93:0b:80:74:28:08:
         2d:c0:65:ed:00:b0:8e:85:0f:90:12:44:27:aa:21:ff:b1:52:
         93:29:48:8c:65:2d:ea:3c:bb:0d:f6:38:28:96:29:82:4c:a0:
         3a:a2:ec:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJWCEOZPm/nTlyI3UNo9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjUwMTAyMTc1MjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWYwNGZlOWQ0YjkyMzkzNzdlNWNlZWYyNmEwN2IzNjAxYjkwNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFKvatjdNJuy/nKwxPNuHmN1lZiw
2uj4ocgEKUP5/tHhodSTqukMxwdyr7BcsxAf0qZfgM5fEQHZoy2Yh/Jijo3Jscx7
2Owe79YxyKRpgMN5OsXPEDp/2Wq72Uw44mpQmjMPVsHBgv75ok6cibURAP7sO15g
3GNuZfwVhj+ZRczaq6q+CEYNQ0weMEPrJXsTggt2pACp3miigbE4ov3Mz53pSys+
A06scG8tdOEpinC+9AZDDTYXSvyRVLPqSGDlTQX2Sle7L9nM5CS28iRl//KZGjRh
rKhgbhCHV142yMRIIVt2SiFU2eQrrY0E+TVqUQSqcsbHS2ZOATyaTwT1bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXwT+nUuSOTd+XO7yagezYBuQaUMB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvSmZCUDZkUzVJNU4zNWM3dkpxQjdOZ0c1QnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc0RMA0G
CSqGSIb3DQEBCwUAA4IBAQAkgwuCITt/aV0AwKaPISp87Kya4ZOeeyW0lMLYuHDH
S6AnYDJnBir97P+AZibnwi0D7rUPKNI55rK3JgKzdpsTgOTwsq3i4AWCeUwiyEit
AGjOP9tZP5BfqbvA4BLVXxdv2sM/mU4riuH2WjlNc3n7PpqQKPTKfdZfS3mibOWY
My63B8MLnAMkLzOCutdo5uvzgB380Fld5s/dto9u3Jp2tAauJjJheRRkyo241UqP
VIRq5I8OgX0p2eH5dlKygFPW2WPlZsgW4vWU+q6HVYBlqqSTC4B0KAgtwGXtALCO
hQ+QEkQnqiH/sVKTKUiMZS3qPLsN9jgolimCTKA6ouwx
-----END CERTIFICATE-----