Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/j-eMIttscanFAqtICoI80Cr1JzI.roa
File:                     j-eMIttscanFAqtICoI80Cr1JzI.roa (raw, json)
Hash identifier:          9wKinY0pxocac6rpiGpVi4F+dA87gof09Z9RuDhbY0A=
Subject key identifier:   8F:E7:8C:22:DB:6C:71:A9:C5:02:AB:48:0A:82:3C:D0:2A:F5:27:32
Certificate issuer:       /CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
Certificate serial:       019427B471DF0601C1ECF852CC85D52D7A82
Authority key identifier: F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/j-eMIttscanFAqtICoI80Cr1JzI.roa
Signing time:             Thu 02 Jan 2025 15:48:44 +0000
ROA not before:           Thu 02 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        185.71.216.0/24 maxlen: 24
                          185.71.217.0/24 maxlen: 24
                          185.71.218.0/24 maxlen: 24
                          185.71.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:71:df:06:01:c1:ec:f8:52:cc:85:d5:2d:7a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f53353f368dd801cd6102232dfa1cea69dd8cb6c
        Validity
            Not Before: Jan  2 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fe78c22db6c71a9c502ab480a823cd02af52732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:e9:0f:92:66:16:da:f3:41:6d:59:23:67:
                    b1:20:b8:8f:bf:c4:cf:74:3c:2b:18:cc:16:7a:57:
                    73:65:0b:75:8d:8b:99:ad:eb:93:5b:46:ea:47:36:
                    2b:70:e4:6f:90:f7:d0:58:77:a0:92:3a:d8:63:7c:
                    c5:43:3b:43:a6:0d:1b:4c:84:0f:18:d5:3c:ed:85:
                    9b:60:06:bd:72:18:ef:8f:cb:b6:52:a2:d0:ff:1b:
                    aa:75:79:59:ca:a4:9e:ee:74:8d:31:97:f2:b3:a0:
                    5c:8d:dd:65:4c:8b:07:df:c3:dc:6b:c1:58:2f:b8:
                    ff:05:6d:3b:17:34:92:bf:ae:21:0e:b2:f0:1c:ad:
                    8b:ec:5a:60:52:4b:5a:c2:c7:65:b9:2d:e2:04:ed:
                    32:e3:9f:90:14:12:af:e4:6f:2c:ed:4c:c4:39:dd:
                    65:57:34:d8:f0:b4:55:90:81:c9:24:ec:a6:a8:ee:
                    c2:d7:2c:ac:67:20:1b:a4:e5:8b:21:f1:ad:a5:bd:
                    1b:6a:b2:bf:41:16:d4:83:8d:ff:00:3a:31:b3:09:
                    65:90:29:f8:1c:f0:8e:a5:38:3c:09:d7:ed:a5:28:
                    ef:2a:bf:73:a2:a4:7e:3c:35:21:a5:13:86:b1:1e:
                    69:50:d2:a3:b0:3e:48:7b:89:16:48:ed:ff:ea:6f:
                    69:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E7:8C:22:DB:6C:71:A9:C5:02:AB:48:0A:82:3C:D0:2A:F5:27:32
            X509v3 Authority Key Identifier:
                keyid:F5:33:53:F3:68:DD:80:1C:D6:10:22:32:DF:A1:CE:A6:9D:D8:CB:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TNT82jdgBzWECIy36HOpp3Yy2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/j-eMIttscanFAqtICoI80Cr1JzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b8097a-4eed-463b-b65a-0ec7ecb25030/1/9TNT82jdgBzWECIy36HOpp3Yy2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:2e:23:c8:85:19:d8:29:fe:fb:35:f1:c5:fc:97:3c:89:2f:
         1f:69:28:77:7a:59:68:13:cc:bb:9c:5f:3d:63:12:99:3f:09:
         69:e8:71:78:a8:15:80:b7:50:c1:40:47:39:8d:bd:d7:60:e5:
         00:d0:ab:d2:f1:d1:64:76:0c:1b:e2:6b:8a:a6:c7:1c:e9:fa:
         74:ab:51:9d:6f:6c:b9:92:0a:9f:c5:1e:81:6d:88:e0:9b:6f:
         95:0d:41:e4:3c:d5:61:4b:f7:66:1c:b4:49:24:a2:cd:24:de:
         b5:2c:dd:68:65:80:f3:fc:c3:83:bc:67:4e:59:15:70:15:06:
         37:c4:5f:57:f7:df:e6:89:df:d1:8e:35:41:e8:15:a2:03:ba:
         73:f5:a5:e1:48:42:2a:5e:f4:d1:98:bc:93:f2:cf:6a:22:f0:
         a2:ea:eb:a8:58:f5:a2:65:50:20:9a:2c:44:9b:4b:0b:9a:de:
         59:3b:2c:b1:7e:a4:63:c1:8e:c3:a2:8a:d9:43:82:05:45:76:
         25:c3:53:5f:04:ce:a6:04:d1:96:23:20:03:0d:81:db:ba:ff:
         1e:e8:67:2c:e1:66:e8:a6:d7:d7:5d:ea:3b:a7:d6:91:f8:91:
         2c:b3:70:c7:27:34:d0:a8:4a:22:dc:96:af:eb:a1:e8:3d:5d:
         a2:ae:42:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntHHfBgHB7PhSzIXVLXqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzM1M2YzNjhkZDgwMWNkNjEwMjIzMmRmYTFjZWE2OWRk
OGNiNmMwHhcNMjUwMTAyMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmU3OGMyMmRiNmM3MWE5YzUwMmFiNDgwYTgyM2NkMDJhZjUyNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHnpD5JmFtrzQW1ZI2exILiPv8TP
dDwrGMwWeldzZQt1jYuZreuTW0bqRzYrcORvkPfQWHegkjrYY3zFQztDpg0bTIQP
GNU87YWbYAa9chjvj8u2UqLQ/xuqdXlZyqSe7nSNMZfys6Bcjd1lTIsH38Pca8FY
L7j/BW07FzSSv64hDrLwHK2L7FpgUktawsdluS3iBO0y45+QFBKv5G8s7UzEOd1l
VzTY8LRVkIHJJOymqO7C1yysZyAbpOWLIfGtpb0barK/QRbUg43/ADoxswllkCn4
HPCOpTg8CdftpSjvKr9zoqR+PDUhpROGsR5pUNKjsD5Ie4kWSO3/6m9pVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/njCLbbHGpxQKrSAqCPNAq9ScyMB8GA1UdIwQY
MBaAFPUzU/No3YAc1hAiMt+hzqad2MtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEt
MGVjN2VjYjI1MDMwLzEvai1lTUl0dHNjYW5GQXF0SUNvSTgwQ3IxSnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iODA5N2EtNGVlZC00NjNiLWI2NWEtMGVjN2VjYjI1MDMw
LzEvOVROVDgyamRnQnpXRUNJeTM2SE9wcDNZeTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUfYMA0G
CSqGSIb3DQEBCwUAA4IBAQB4LiPIhRnYKf77NfHF/Jc8iS8faSh3elloE8y7nF89
YxKZPwlp6HF4qBWAt1DBQEc5jb3XYOUA0KvS8dFkdgwb4muKpscc6fp0q1Gdb2y5
kgqfxR6BbYjgm2+VDUHkPNVhS/dmHLRJJKLNJN61LN1oZYDz/MODvGdOWRVwFQY3
xF9X99/mid/RjjVB6BWiA7pz9aXhSEIqXvTRmLyT8s9qIvCi6uuoWPWiZVAgmixE
m0sLmt5ZOyyxfqRjwY7DoorZQ4IFRXYlw1NfBM6mBNGWIyADDYHbuv8e6Gcs4Wbo
ptfXXeo7p9aR+JEss3DHJzTQqEoi3Jav66HoPV2irkLs
-----END CERTIFICATE-----