Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/cDexNbgz65SAnilI4jNQbU6GDQA.roa
File:                     cDexNbgz65SAnilI4jNQbU6GDQA.roa (raw, json)
Hash identifier:          fm8UnKsXFZ8Kv7++bvjbjI+U2EMIi8pzLEAUXfPizog=
Subject key identifier:   70:37:B1:35:B8:33:EB:94:80:9E:29:48:E2:33:50:6D:4E:86:0D:00
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0194504A4309C717FB889B472219EF8C2820
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/cDexNbgz65SAnilI4jNQbU6GDQA.roa
Signing time:             Fri 10 Jan 2025 12:57:11 +0000
ROA not before:           Fri 10 Jan 2025 12:57:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200081
IP address blocks:        185.236.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:50:4a:43:09:c7:17:fb:88:9b:47:22:19:ef:8c:28:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan 10 12:57:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7037b135b833eb94809e2948e233506d4e860d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fc:6e:db:e5:c3:92:b0:0b:b4:17:cd:28:fa:
                    0a:37:50:d6:24:cd:18:af:de:c8:c2:d3:6c:bc:40:
                    4f:a5:9f:29:99:9d:79:40:f2:f5:8c:80:f9:92:11:
                    12:4d:7a:3e:5f:8c:a1:76:25:a0:15:bf:fd:5d:5b:
                    cb:10:71:64:08:13:76:e8:f4:96:8e:8c:35:4c:cc:
                    30:a2:ab:44:ef:78:32:6d:ef:b3:00:02:85:42:0a:
                    24:ac:aa:86:3d:d4:b2:c0:3c:ce:91:86:e5:b4:d3:
                    b5:86:a2:55:a7:8c:9b:11:b0:c0:40:28:fc:9a:8a:
                    b6:8e:72:03:25:72:12:87:ae:92:59:b9:48:5e:f8:
                    eb:6b:fe:b4:e6:00:f8:e8:45:25:9d:8b:7d:fe:46:
                    ae:02:40:3f:1e:3a:2d:9d:13:32:5c:c8:84:a2:b9:
                    6b:34:6e:00:0b:db:25:6b:19:8f:c1:5b:d5:a4:0b:
                    b0:2b:0e:85:11:e4:91:bd:db:33:29:11:bf:e2:dc:
                    af:2d:64:21:22:2a:4d:82:62:32:d9:bd:2f:f0:b5:
                    3d:3c:a7:58:5e:aa:27:ce:31:af:d3:40:07:be:4a:
                    8e:90:60:3d:d0:eb:2e:8c:bc:61:39:f6:b8:b0:7e:
                    09:d0:3e:13:0a:45:10:af:05:59:57:85:41:36:ad:
                    7f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:37:B1:35:B8:33:EB:94:80:9E:29:48:E2:33:50:6D:4E:86:0D:00
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/cDexNbgz65SAnilI4jNQbU6GDQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:e0:95:40:6c:92:8a:cc:b0:54:18:fd:b6:b7:e1:85:b5:a3:
         07:9d:55:9f:2a:1c:21:50:94:4a:f5:31:68:0c:45:cb:e4:5b:
         99:8b:ad:c6:e5:e4:44:ca:e5:b7:2c:e4:ae:b6:d7:d0:e0:26:
         51:60:94:6b:32:44:81:09:7c:32:48:f2:ac:96:f4:37:bc:0c:
         34:66:80:bf:9a:e5:66:a7:c5:f5:34:93:58:e8:1b:69:db:f5:
         12:f6:76:04:2e:aa:17:12:49:3d:ed:9f:ab:49:5b:89:71:fa:
         c1:87:cb:5e:72:85:55:3a:bb:84:3a:aa:e1:64:46:d7:b4:59:
         b8:86:ca:52:7f:c1:34:44:b3:9e:89:85:2c:bc:6b:89:26:ea:
         35:40:4f:65:9c:18:9a:55:fc:a1:5d:18:93:0a:d8:32:c1:67:
         4f:e0:f2:e4:30:b9:e5:43:87:75:18:c3:df:c0:36:e0:99:56:
         5d:08:98:f2:a5:51:3c:2e:c7:92:12:ee:92:0c:71:cb:75:08:
         d3:ba:fd:8a:ff:ba:4c:f1:49:8e:c9:5b:a3:39:5d:2a:32:ae:
         21:c5:ec:17:17:98:1f:4d:2f:90:b0:eb:7c:09:b4:01:b1:ef:
         f6:63:27:58:2d:b1:7f:4a:94:55:c4:6b:09:47:1f:9a:1f:b2:
         a2:62:49:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRQSkMJxxf7iJtHIhnvjCggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTEwMTI1NzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDM3YjEzNWI4MzNlYjk0ODA5ZTI5NDhlMjMzNTA2ZDRlODYwZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/xu2+XDkrALtBfNKPoKN1DWJM0Y
r97IwtNsvEBPpZ8pmZ15QPL1jID5khESTXo+X4yhdiWgFb/9XVvLEHFkCBN26PSW
jow1TMwwoqtE73gybe+zAAKFQgokrKqGPdSywDzOkYbltNO1hqJVp4ybEbDAQCj8
moq2jnIDJXISh66SWblIXvjra/605gD46EUlnYt9/kauAkA/HjotnRMyXMiEorlr
NG4AC9slaxmPwVvVpAuwKw6FEeSRvdszKRG/4tyvLWQhIipNgmIy2b0v8LU9PKdY
XqonzjGv00AHvkqOkGA90OsujLxhOfa4sH4J0D4TCkUQrwVZV4VBNq1/XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHA3sTW4M+uUgJ4pSOIzUG1Ohg0AMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvY0RleE5iZ3o2NVNBbmlsSTRqTlFiVTZHRFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuewJMA0G
CSqGSIb3DQEBCwUAA4IBAQAv4JVAbJKKzLBUGP22t+GFtaMHnVWfKhwhUJRK9TFo
DEXL5FuZi63G5eREyuW3LOSuttfQ4CZRYJRrMkSBCXwySPKslvQ3vAw0ZoC/muVm
p8X1NJNY6Btp2/US9nYELqoXEkk97Z+rSVuJcfrBh8tecoVVOruEOqrhZEbXtFm4
hspSf8E0RLOeiYUsvGuJJuo1QE9lnBiaVfyhXRiTCtgywWdP4PLkMLnlQ4d1GMPf
wDbgmVZdCJjypVE8LseSEu6SDHHLdQjTuv2K/7pM8UmOyVujOV0qMq4hxewXF5gf
TS+QsOt8CbQBse/2YydYLbF/SpRVxGsJRx+aH7KiYkmo
-----END CERTIFICATE-----