Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/dqRRF9NrCy7kpjHElym2fRaWWpg.roa
File:                     dqRRF9NrCy7kpjHElym2fRaWWpg.roa (raw, json)
Hash identifier:          yVbcvUrGd5qHEf8kKaXL1t+AGyhms8ILF9sbmeot86I=
Subject key identifier:   76:A4:51:17:D3:6B:0B:2E:E4:A6:31:C4:97:29:B6:7D:16:96:5A:98
Certificate issuer:       /CN=53787cd7946e10d88646ac79de57cc6ec59e4132
Certificate serial:       019422FB5F42B91AC0421C5087122773A755
Authority key identifier: 53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/dqRRF9NrCy7kpjHElym2fRaWWpg.roa
Signing time:             Wed 01 Jan 2025 17:48:06 +0000
ROA not before:           Wed 01 Jan 2025 17:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.54.124.0/24 maxlen: 24
                          185.54.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5f:42:b9:1a:c0:42:1c:50:87:12:27:73:a7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53787cd7946e10d88646ac79de57cc6ec59e4132
        Validity
            Not Before: Jan  1 17:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76a45117d36b0b2ee4a631c49729b67d16965a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:60:cf:4e:aa:50:3c:f2:82:9a:d5:0c:a1:
                    80:24:6b:46:fa:60:9b:62:4f:ab:b2:98:42:2c:f0:
                    44:80:83:a8:8b:50:80:a8:35:7b:45:06:ed:1b:19:
                    7c:da:c2:61:ba:7c:9f:4d:32:26:b8:ae:e7:f8:ec:
                    dc:07:34:c3:2e:b9:3d:43:d7:5f:24:a3:66:03:46:
                    70:44:0c:1c:18:d2:7e:db:bc:29:e3:c8:3b:96:8e:
                    45:ee:6e:2b:45:1c:2b:15:12:ff:ad:15:59:4d:3d:
                    98:4d:92:f9:f1:ee:db:90:8d:66:88:b9:ec:f4:3b:
                    f0:2f:39:57:db:a8:fd:59:81:9f:ac:ce:e2:c4:9b:
                    a5:1e:a4:d3:e6:76:85:9a:2c:2a:4b:d8:c3:eb:22:
                    2c:9b:c3:37:bc:59:d7:02:dc:b9:9c:db:ec:6f:d7:
                    93:12:83:c3:06:e4:65:e8:76:a9:6e:39:9b:7d:77:
                    63:fb:1e:52:61:0a:9f:b1:1b:11:b4:1d:0c:f9:c4:
                    9e:f4:df:63:6b:40:df:ad:40:47:34:4e:b2:9a:89:
                    19:cd:83:6f:6d:4b:8d:2c:44:f7:35:bd:71:d4:cd:
                    76:f5:36:39:14:62:71:25:8e:19:3c:32:18:fd:26:
                    03:3e:d0:87:d6:9f:4e:35:40:f6:28:b5:bd:e1:50:
                    6e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A4:51:17:D3:6B:0B:2E:E4:A6:31:C4:97:29:B6:7D:16:96:5A:98
            X509v3 Authority Key Identifier:
                keyid:53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/dqRRF9NrCy7kpjHElym2fRaWWpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.124.0/24
                  185.54.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a6:27:14:b6:16:24:30:5e:7e:ce:ad:fc:84:05:4e:8a:ec:
         71:14:c8:23:b5:50:50:f6:e8:a1:b0:35:d0:7f:28:35:fe:d6:
         9e:5a:aa:72:86:00:67:8e:aa:c8:9b:ab:bb:6c:68:e6:3b:9d:
         81:8d:84:ce:f5:d8:36:0f:c2:c4:ae:f0:a2:0f:01:16:93:7e:
         cc:56:00:bd:ea:a1:25:cc:6d:82:6c:95:43:c7:5b:92:71:92:
         75:28:fa:4a:e0:dc:85:45:5e:2c:95:bb:81:c8:f3:d5:d9:68:
         95:0e:a4:aa:5f:06:00:31:3d:91:92:65:24:32:27:12:4d:20:
         aa:56:5c:96:e4:09:ae:6f:39:a3:00:5d:4b:05:6c:8a:d8:b3:
         08:2b:8e:aa:a8:97:33:a2:a2:d1:ff:3a:65:71:91:98:a8:d6:
         65:86:3d:4b:26:bd:c4:1d:a1:da:25:bb:e7:90:39:ab:1b:05:
         eb:47:27:21:56:a9:f4:1a:c4:63:81:1f:6f:73:2d:cb:15:10:
         07:ab:a1:4e:87:6c:84:58:ba:82:ee:09:80:e4:5e:3f:ac:9e:
         c6:72:66:57:72:85:90:5c:21:f2:68:6c:fb:78:2c:5e:86:b8:
         62:67:98:b7:37:6d:a7:e8:7b:3f:cf:02:e5:05:00:5a:e2:31:
         1d:0e:5e:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+19CuRrAQhxQhxInc6dVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzg3Y2Q3OTQ2ZTEwZDg4NjQ2YWM3OWRlNTdjYzZlYzU5
ZTQxMzIwHhcNMjUwMTAxMTc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmE0NTExN2QzNmIwYjJlZTRhNjMxYzQ5NzI5YjY3ZDE2OTY1YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMZgz06qUDzygprVDKGAJGtG+mCb
Yk+rsphCLPBEgIOoi1CAqDV7RQbtGxl82sJhunyfTTImuK7n+OzcBzTDLrk9Q9df
JKNmA0ZwRAwcGNJ+27wp48g7lo5F7m4rRRwrFRL/rRVZTT2YTZL58e7bkI1miLns
9DvwLzlX26j9WYGfrM7ixJulHqTT5naFmiwqS9jD6yIsm8M3vFnXAty5nNvsb9eT
EoPDBuRl6HapbjmbfXdj+x5SYQqfsRsRtB0M+cSe9N9ja0DfrUBHNE6ymokZzYNv
bUuNLET3Nb1x1M129TY5FGJxJY4ZPDIY/SYDPtCH1p9ONUD2KLW94VBuiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHakURfTawsu5KYxxJcptn0WllqYMB8GA1UdIwQY
MBaAFFN4fNeUbhDYhkased5XzG7FnkEyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAt
NTIzZmQ4NmEwN2M3LzEvZHFSUkY5TnJDeTdrcGpIRWx5bTJmUmFXV3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAtNTIzZmQ4NmEwN2M3
LzEvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTZ8AwQA
uTZ+MA0GCSqGSIb3DQEBCwUAA4IBAQBSpicUthYkMF5+zq38hAVOiuxxFMgjtVBQ
9uihsDXQfyg1/taeWqpyhgBnjqrIm6u7bGjmO52BjYTO9dg2D8LErvCiDwEWk37M
VgC96qElzG2CbJVDx1uScZJ1KPpK4NyFRV4slbuByPPV2WiVDqSqXwYAMT2RkmUk
MicSTSCqVlyW5AmubzmjAF1LBWyK2LMIK46qqJczoqLR/zplcZGYqNZlhj1LJr3E
HaHaJbvnkDmrGwXrRychVqn0GsRjgR9vcy3LFRAHq6FOh2yEWLqC7gmA5F4/rJ7G
cmZXcoWQXCHyaGz7eCxehrhiZ5i3N22n6Hs/zwLlBQBa4jEdDl44
-----END CERTIFICATE-----