Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/xKY8IzQ2skdO2j6b-9Nje_P42ZM.roa
File:                     xKY8IzQ2skdO2j6b-9Nje_P42ZM.roa (raw, json)
Hash identifier:          FO50+0Bv0UTkxnFBKac0wF3ON0aLSEXsEeZdHRUd87w=
Subject key identifier:   C4:A6:3C:23:34:36:B2:47:4E:DA:3E:9B:FB:D3:63:7B:F3:F8:D9:93
Certificate issuer:       /CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
Certificate serial:       019426D90FB5A82A9171FD3AB8CCC6DFF9B0
Authority key identifier: FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/xKY8IzQ2skdO2j6b-9Nje_P42ZM.roa
Signing time:             Thu 02 Jan 2025 11:49:07 +0000
ROA not before:           Thu 02 Jan 2025 11:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208864
IP address blocks:        185.42.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:0f:b5:a8:2a:91:71:fd:3a:b8:cc:c6:df:f9:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
        Validity
            Not Before: Jan  2 11:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4a63c233436b2474eda3e9bfbd3637bf3f8d993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d0:32:dc:52:38:62:7c:57:cc:2c:63:11:8a:
                    66:5f:42:2b:42:56:0a:3a:35:d4:eb:34:29:94:7d:
                    c5:d0:91:f3:b5:e3:90:fc:a5:3b:0b:72:5d:1b:0f:
                    6f:aa:40:60:d4:a6:e4:46:42:8f:a2:af:6e:3f:18:
                    5f:4f:f0:9e:bb:1f:91:f7:83:0e:6d:e8:ac:76:9e:
                    47:48:d4:12:6e:68:e9:a4:8f:ba:04:cc:b5:fc:63:
                    f3:65:9a:bb:b6:96:22:18:4d:40:1d:2d:3a:67:95:
                    a5:8a:1e:c5:60:be:47:73:91:85:51:d4:79:cb:b1:
                    e7:95:9f:02:54:65:bc:92:92:88:5e:80:88:5d:0a:
                    be:41:5d:ba:0d:17:5a:10:4e:fc:06:70:1c:f5:c2:
                    4b:7c:68:43:6a:fe:3e:b2:32:a2:1c:88:cf:34:b9:
                    c4:b9:cf:e1:b8:3a:4b:77:68:96:47:13:78:6b:06:
                    63:0d:e9:fd:ad:71:0a:84:fc:73:46:bd:4f:0b:ba:
                    09:66:90:46:f6:ab:f8:f5:27:f2:49:96:89:4e:2b:
                    83:58:44:f9:cb:30:de:48:00:7a:3a:fa:4a:bd:94:
                    c6:11:43:44:93:9d:aa:ca:99:94:8d:a8:a5:d1:e7:
                    00:ff:fb:f6:4c:07:5b:4d:d3:d5:7b:ee:6b:93:09:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A6:3C:23:34:36:B2:47:4E:DA:3E:9B:FB:D3:63:7B:F3:F8:D9:93
            X509v3 Authority Key Identifier:
                keyid:FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/xKY8IzQ2skdO2j6b-9Nje_P42ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:9f:72:73:c5:2f:a9:6e:42:b7:9c:71:c2:b3:9d:cd:53:ee:
         88:ac:51:04:29:24:97:58:34:fe:f6:5c:3c:b7:a5:b7:bf:63:
         55:52:65:d0:77:25:0f:50:5f:dc:06:38:76:0f:8b:38:94:3c:
         09:6d:0b:89:18:f2:70:eb:ff:dc:5a:9e:bb:b8:d7:60:e4:50:
         24:91:26:c1:46:96:31:af:e8:f5:60:cf:8d:4b:6c:51:a1:63:
         23:94:b0:13:20:82:c5:6d:0f:d1:d7:21:df:30:ed:a6:d5:77:
         85:ec:ce:f4:a4:2e:ba:d7:aa:2f:6a:5f:5e:b4:06:34:d3:6e:
         02:0d:86:89:ec:4b:71:e4:cb:d7:ca:cb:5b:56:e8:77:48:dd:
         55:64:c3:7a:5e:13:e8:ab:fd:c4:17:f4:df:22:27:ae:82:38:
         d6:eb:b9:4a:75:bc:a3:18:84:7e:4b:59:fb:ae:4a:c7:d7:d5:
         aa:db:f5:0d:e8:28:51:2a:aa:43:8e:0a:ba:a9:dc:19:0d:85:
         23:2c:61:f3:e3:5b:91:99:46:85:85:e4:75:0f:5e:98:0f:04:
         84:04:9c:da:e8:51:cb:00:5b:1b:03:43:bc:04:e9:a2:be:57:
         6d:a8:ff:12:a4:b5:20:4c:33:7f:78:bb:f7:74:77:b8:cb:e4:
         4a:af:f9:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Q+1qCqRcf06uMzG3/mwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMzU4NzdjYzAzOGJmZmRiOTdiYjNkNmVhMjE2YWI1MmIz
YTA1ODIwHhcNMjUwMTAyMTE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE2M2MyMzM0MzZiMjQ3NGVkYTNlOWJmYmQzNjM3YmYzZjhkOTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktAy3FI4YnxXzCxjEYpmX0IrQlYK
OjXU6zQplH3F0JHzteOQ/KU7C3JdGw9vqkBg1KbkRkKPoq9uPxhfT/Ceux+R94MO
beisdp5HSNQSbmjppI+6BMy1/GPzZZq7tpYiGE1AHS06Z5Wlih7FYL5Hc5GFUdR5
y7HnlZ8CVGW8kpKIXoCIXQq+QV26DRdaEE78BnAc9cJLfGhDav4+sjKiHIjPNLnE
uc/huDpLd2iWRxN4awZjDen9rXEKhPxzRr1PC7oJZpBG9qv49SfySZaJTiuDWET5
yzDeSAB6OvpKvZTGEUNEk52qypmUjail0ecA//v2TAdbTdPVe+5rkwmU9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSmPCM0NrJHTto+m/vTY3vz+NmTMB8GA1UdIwQY
MBaAFPw1h3zAOL/9uXuz1uoharUrOgWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMt
OGU2NWIzNDdmMjE4LzEveEtZOEl6UTJza2RPMmo2Yi05TmplX1A0MlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMtOGU2NWIzNDdmMjE4
LzEvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSo7MA0G
CSqGSIb3DQEBCwUAA4IBAQBan3JzxS+pbkK3nHHCs53NU+6IrFEEKSSXWDT+9lw8
t6W3v2NVUmXQdyUPUF/cBjh2D4s4lDwJbQuJGPJw6//cWp67uNdg5FAkkSbBRpYx
r+j1YM+NS2xRoWMjlLATIILFbQ/R1yHfMO2m1XeF7M70pC6616oval9etAY0024C
DYaJ7Etx5MvXystbVuh3SN1VZMN6XhPoq/3EF/TfIieugjjW67lKdbyjGIR+S1n7
rkrH19Wq2/UN6ChRKqpDjgq6qdwZDYUjLGHz41uRmUaFheR1D16YDwSEBJza6FHL
AFsbA0O8BOmivldtqP8SpLUgTDN/eLv3dHe4y+RKr/nS
-----END CERTIFICATE-----