Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/pbPgbOFAYYSbv86NqTphvTqH-ss.roa
File:                     pbPgbOFAYYSbv86NqTphvTqH-ss.roa (raw, json)
Hash identifier:          2bo0N8otfq6/P5RuOu/G2vL2kcq6chqi1fFShZ0tEtA=
Subject key identifier:   A5:B3:E0:6C:E1:40:61:84:9B:BF:CE:8D:A9:3A:61:BD:3A:87:FA:CB
Certificate issuer:       /CN=7b886e33971014f0e35fae6ee355a95ee53f1397
Certificate serial:       01941FFAAF2127C648E77EC21E6EEF5BAE7B
Authority key identifier: 7B:88:6E:33:97:10:14:F0:E3:5F:AE:6E:E3:55:A9:5E:E5:3F:13:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/pbPgbOFAYYSbv86NqTphvTqH-ss.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.249.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:af:21:27:c6:48:e7:7e:c2:1e:6e:ef:5b:ae:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b886e33971014f0e35fae6ee355a95ee53f1397
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5b3e06ce14061849bbfce8da93a61bd3a87facb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d0:b3:c8:32:8a:dd:31:ca:e3:fa:c7:d3:5f:
                    d0:26:6a:d3:e8:42:c6:08:38:91:48:08:30:f7:0b:
                    e2:c7:ac:3f:16:dd:55:5d:e2:9f:9f:21:14:37:c6:
                    45:3d:76:6a:49:58:63:11:09:ba:77:0f:63:c1:6c:
                    e5:24:2b:fc:49:1b:b9:b6:7c:5f:f7:f5:a6:30:93:
                    3c:d0:47:93:53:1b:af:1a:72:41:3b:a9:c1:fe:aa:
                    e2:c8:59:a3:30:eb:24:ca:df:b2:a9:1a:c7:68:9b:
                    02:87:27:62:05:d1:84:c1:af:c9:fd:a2:09:f2:ca:
                    a4:66:84:7d:e6:79:4a:c8:83:4e:2f:8c:65:35:54:
                    86:0d:4b:48:1d:ac:83:07:6d:64:c0:df:23:00:c7:
                    b3:b8:f7:e1:a9:77:70:a7:cd:55:80:ba:4e:58:fe:
                    99:a0:c6:da:35:b1:b3:02:e7:e0:99:cf:00:89:1f:
                    11:18:60:11:de:8c:fe:4b:05:98:5c:0b:db:18:12:
                    aa:01:99:88:6c:75:86:f8:fe:ee:25:f1:55:9c:47:
                    45:d6:f5:a9:80:a0:8d:79:3d:2d:90:7d:9c:94:cc:
                    16:3b:94:9b:27:8d:49:50:37:45:82:7b:e0:94:7e:
                    61:b9:46:f3:08:45:56:2b:fb:14:9c:a6:a1:9d:49:
                    6b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B3:E0:6C:E1:40:61:84:9B:BF:CE:8D:A9:3A:61:BD:3A:87:FA:CB
            X509v3 Authority Key Identifier:
                keyid:7B:88:6E:33:97:10:14:F0:E3:5F:AE:6E:E3:55:A9:5E:E5:3F:13:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4huM5cQFPDjX65u41WpXuU_E5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/pbPgbOFAYYSbv86NqTphvTqH-ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/2b487e-0a7c-4c46-a241-3d0db8eb4e13/1/e4huM5cQFPDjX65u41WpXuU_E5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:93:96:a0:e3:76:64:d4:51:db:40:cd:18:1a:8f:06:41:44:
         c2:81:45:ba:ac:07:e2:29:cd:02:67:b2:8b:02:9c:03:ed:83:
         92:d4:5a:80:4a:51:75:28:5f:dc:30:9b:31:09:89:1d:3d:00:
         f7:d3:83:f0:85:1a:18:2b:e5:d1:d0:1a:4e:78:71:28:7f:b0:
         6c:1c:5b:c7:4f:b3:b7:39:51:41:3a:9b:89:15:3a:4a:4c:88:
         98:4e:c7:1a:34:d2:e0:01:1a:3a:8f:12:36:86:9c:dd:49:9f:
         ea:f5:32:2b:ab:6d:81:df:be:e5:5f:2a:fd:a6:53:e2:c2:bf:
         70:6d:b5:19:cb:ec:ce:7a:be:c8:0d:b5:0a:93:75:74:18:fb:
         82:f5:44:ce:05:da:70:e1:f0:fe:c2:be:2f:da:fe:ab:e7:9c:
         cb:00:e4:7f:46:fd:da:2e:c0:11:2b:24:8f:bb:08:2c:c3:98:
         5f:af:20:83:df:57:4e:e5:98:19:43:7d:e6:74:c2:6f:a5:aa:
         e9:20:a9:8c:39:ba:a8:81:e4:f5:5c:df:95:48:e5:99:95:98:
         1c:9e:60:71:77:b0:61:b1:a4:67:b9:c3:0a:6c:8a:70:18:9c:
         0e:66:91:16:02:0b:1a:5c:c2:1d:d0:f0:11:78:d5:33:ef:d4:
         a7:40:92:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+q8hJ8ZI537CHm7vW657MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODg2ZTMzOTcxMDE0ZjBlMzVmYWU2ZWUzNTVhOTVlZTUz
ZjEzOTcwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWIzZTA2Y2UxNDA2MTg0OWJiZmNlOGRhOTNhNjFiZDNhODdmYWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNCzyDKK3THK4/rH01/QJmrT6ELG
CDiRSAgw9wvix6w/Ft1VXeKfnyEUN8ZFPXZqSVhjEQm6dw9jwWzlJCv8SRu5tnxf
9/WmMJM80EeTUxuvGnJBO6nB/qriyFmjMOskyt+yqRrHaJsChydiBdGEwa/J/aIJ
8sqkZoR95nlKyINOL4xlNVSGDUtIHayDB21kwN8jAMezuPfhqXdwp81VgLpOWP6Z
oMbaNbGzAufgmc8AiR8RGGAR3oz+SwWYXAvbGBKqAZmIbHWG+P7uJfFVnEdF1vWp
gKCNeT0tkH2clMwWO5SbJ41JUDdFgnvglH5huUbzCEVWK/sUnKahnUlr+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWz4GzhQGGEm7/Ojak6Yb06h/rLMB8GA1UdIwQY
MBaAFHuIbjOXEBTw41+ubuNVqV7lPxOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRodU01Y1FGUERqWDY1dTQxV3BYdVVfRTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yYjQ4N2UtMGE3Yy00YzQ2LWEyNDEt
M2QwZGI4ZWI0ZTEzLzEvcGJQZ2JPRkFZWVNidjg2TnFUcGh2VHFILXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yYjQ4N2UtMGE3Yy00YzQ2LWEyNDEtM2QwZGI4ZWI0ZTEz
LzEvZTRodU01Y1FGUERqWDY1dTQxV3BYdVVfRTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufmfMA0G
CSqGSIb3DQEBCwUAA4IBAQB0k5ag43Zk1FHbQM0YGo8GQUTCgUW6rAfiKc0CZ7KL
ApwD7YOS1FqASlF1KF/cMJsxCYkdPQD304PwhRoYK+XR0BpOeHEof7BsHFvHT7O3
OVFBOpuJFTpKTIiYTscaNNLgARo6jxI2hpzdSZ/q9TIrq22B377lXyr9plPiwr9w
bbUZy+zOer7IDbUKk3V0GPuC9UTOBdpw4fD+wr4v2v6r55zLAOR/Rv3aLsARKySP
uwgsw5hfryCD31dO5ZgZQ33mdMJvparpIKmMObqogeT1XN+VSOWZlZgcnmBxd7Bh
saRnucMKbIpwGJwOZpEWAgsaXMId0PAReNUz79SnQJKu
-----END CERTIFICATE-----