Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/FF0ktv0OPoF7jCtMQNOnbF5wwXU.roa
File:                     FF0ktv0OPoF7jCtMQNOnbF5wwXU.roa (raw, json)
Hash identifier:          HLhVlsk2Unfze1/M/TFW88bBXMX8DWQaGu5Q6NyMGnM=
Subject key identifier:   14:5D:24:B6:FD:0E:3E:81:7B:8C:2B:4C:40:D3:A7:6C:5E:70:C1:75
Certificate issuer:       /CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
Certificate serial:       01961C318EDBCAC4EBEB4239EA050AEA3367
Authority key identifier: CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/FF0ktv0OPoF7jCtMQNOnbF5wwXU.roa
Signing time:             Wed 09 Apr 2025 20:15:32 +0000
ROA not before:           Wed 09 Apr 2025 20:15:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        185.171.80.0/24 maxlen: 24
                          185.171.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1c:31:8e:db:ca:c4:eb:eb:42:39:ea:05:0a:ea:33:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
        Validity
            Not Before: Apr  9 20:15:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=145d24b6fd0e3e817b8c2b4c40d3a76c5e70c175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2e:14:48:65:d9:42:89:a3:89:dd:80:b7:ce:
                    62:06:78:ce:7d:e9:76:b1:64:b6:be:6c:9a:60:65:
                    96:ce:79:90:b7:c2:17:77:64:f2:7e:93:70:b3:e4:
                    17:01:f4:61:30:4a:ec:26:03:5d:af:54:fe:82:30:
                    00:6a:bc:88:e9:b4:77:d5:5a:4a:9e:88:4d:7e:a2:
                    16:0c:2c:3b:59:94:0b:e8:d7:3b:17:19:b7:70:22:
                    5a:0b:ba:16:c1:4b:47:dc:57:37:2f:80:af:78:98:
                    8d:6b:71:16:f8:e2:bf:37:9d:6c:cf:e3:65:1e:d0:
                    e3:f1:61:b4:1c:a1:dc:64:0f:2c:23:81:12:45:8a:
                    10:14:38:9e:e7:d6:47:a4:b7:88:1f:43:69:39:37:
                    29:8a:84:4f:87:2e:7c:6b:fd:f6:d1:69:f9:7f:d4:
                    68:61:00:d8:cc:9e:34:94:d8:98:1e:7c:60:25:d9:
                    1a:e6:77:2b:37:e6:8d:38:dc:84:9d:fe:21:27:55:
                    f0:80:cc:28:c0:4d:49:ed:5f:11:ef:a4:4d:a3:6a:
                    ed:57:bb:96:15:20:6f:f4:f1:14:4c:d3:59:87:10:
                    6c:94:d7:8d:96:e7:76:36:10:28:f7:e7:55:df:3f:
                    87:44:c7:50:7d:6b:09:69:28:f3:f4:86:14:94:2b:
                    d1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5D:24:B6:FD:0E:3E:81:7B:8C:2B:4C:40:D3:A7:6C:5E:70:C1:75
            X509v3 Authority Key Identifier:
                keyid:CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/FF0ktv0OPoF7jCtMQNOnbF5wwXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.80.0/24
                  185.171.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:2c:9d:ea:20:59:09:f2:56:60:18:c6:84:84:ca:41:2d:db:
         41:49:49:93:7e:9f:fd:00:2b:9d:b9:8a:c8:43:d3:e1:dd:46:
         36:42:49:2f:dc:9a:a8:ca:39:8c:e3:f1:52:32:1a:9a:71:79:
         7c:b2:6e:eb:cf:ff:18:30:e5:9c:26:7e:38:68:e8:c1:e8:07:
         2f:52:0b:4d:53:60:3b:15:c6:b0:fc:4b:6d:cc:f0:98:d9:47:
         a5:84:36:06:d5:52:d5:81:58:01:33:69:09:98:e2:25:d7:cd:
         cf:0d:80:1e:72:3e:4d:7c:50:3f:f9:ca:0f:98:a3:3e:c5:c3:
         35:3b:3b:bd:d8:47:b8:7b:04:e9:83:68:25:71:ce:77:5d:92:
         50:e1:cc:da:b9:90:71:56:d8:5e:ed:cc:6b:30:06:72:22:51:
         de:0e:6b:cd:5d:09:03:39:20:60:a8:46:cd:a8:cb:22:19:09:
         ef:7a:de:4a:0c:e1:ed:81:01:83:3a:95:89:0c:1c:00:45:dd:
         ae:23:f9:6c:8a:38:b6:b7:76:e8:0c:f4:62:54:b5:0b:1e:dd:
         6f:56:70:35:cd:f7:2b:1c:08:be:de:82:14:c1:0a:8e:ad:61:
         81:fa:9d:47:91:17:46:29:bf:50:87:83:27:2f:96:5c:1b:bd:
         62:1f:f4:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYcMY7bysTr60I56gUK6jNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNTYzNjA2MjRjYzFiNGM0OWRhNzJiYzMyNWY1YmI2YWI0
ZDgzMDAwHhcNMjUwNDA5MjAxNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDVkMjRiNmZkMGUzZTgxN2I4YzJiNGM0MGQzYTc2YzVlNzBjMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy4USGXZQomjid2At85iBnjOfel2
sWS2vmyaYGWWznmQt8IXd2TyfpNws+QXAfRhMErsJgNdr1T+gjAAaryI6bR31VpK
nohNfqIWDCw7WZQL6Nc7Fxm3cCJaC7oWwUtH3Fc3L4CveJiNa3EW+OK/N51sz+Nl
HtDj8WG0HKHcZA8sI4ESRYoQFDie59ZHpLeIH0NpOTcpioRPhy58a/320Wn5f9Ro
YQDYzJ40lNiYHnxgJdka5ncrN+aNONyEnf4hJ1XwgMwowE1J7V8R76RNo2rtV7uW
FSBv9PEUTNNZhxBslNeNlud2NhAo9+dV3z+HRMdQfWsJaSjz9IYUlCvRFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBRdJLb9Dj6Be4wrTEDTp2xecMF1MB8GA1UdIwQY
MBaAFM5WNgYkzBtMSdpyvDJfW7arTYMAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUt
YTk4ZWYzMDA4NTgwLzEvRkYwa3R2ME9Qb0Y3akN0TVFOT25iRjV3d1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUtYTk4ZWYzMDA4NTgw
LzEvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuatQAwQA
uatTMA0GCSqGSIb3DQEBCwUAA4IBAQCTLJ3qIFkJ8lZgGMaEhMpBLdtBSUmTfp/9
ACuduYrIQ9Ph3UY2Qkkv3JqoyjmM4/FSMhqacXl8sm7rz/8YMOWcJn44aOjB6Acv
UgtNU2A7Fcaw/EttzPCY2UelhDYG1VLVgVgBM2kJmOIl183PDYAecj5NfFA/+coP
mKM+xcM1Ozu92Ee4ewTpg2glcc53XZJQ4czauZBxVthe7cxrMAZyIlHeDmvNXQkD
OSBgqEbNqMsiGQnvet5KDOHtgQGDOpWJDBwARd2uI/lsiji2t3boDPRiVLULHt1v
VnA1zfcrHAi+3oIUwQqOrWGB+p1HkRdGKb9Qh4MnL5ZcG71iH/Qu
-----END CERTIFICATE-----