Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/Ft0ZB8OyXDqdHuA2ecKptesJxaA.roa
File:                     Ft0ZB8OyXDqdHuA2ecKptesJxaA.roa (raw, json)
Hash identifier:          TiOljuv3CctqH89ZzFnB7S3NUxP1dkyAC3xa+TMiJAY=
Subject key identifier:   16:DD:19:07:C3:B2:5C:3A:9D:1E:E0:36:79:C2:A9:B5:EB:09:C5:A0
Certificate issuer:       /CN=bdb143996dfeff5f49cd2b09b941d0d5e578b3ff
Certificate serial:       0194252166A22C6CD5C831F482A0602ACB21
Authority key identifier: BD:B1:43:99:6D:FE:FF:5F:49:CD:2B:09:B9:41:D0:D5:E5:78:B3:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/Ft0ZB8OyXDqdHuA2ecKptesJxaA.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.135.128.0/24 maxlen: 24
                          195.191.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:66:a2:2c:6c:d5:c8:31:f4:82:a0:60:2a:cb:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb143996dfeff5f49cd2b09b941d0d5e578b3ff
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16dd1907c3b25c3a9d1ee03679c2a9b5eb09c5a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:62:92:a5:d7:e1:fe:f5:96:dc:c0:c3:8c:d2:
                    6d:d0:6a:d9:dd:1b:52:92:e9:11:34:08:1e:63:de:
                    5a:ce:e6:ba:bd:b6:81:a5:3f:34:4e:ad:8b:b8:05:
                    87:71:a0:66:0f:2b:5b:da:bf:62:eb:f6:d8:d3:77:
                    a7:55:ee:a0:7b:81:d4:29:50:37:df:32:18:4e:29:
                    00:8a:35:e3:64:37:c1:dc:08:f0:2c:25:cd:a1:4d:
                    8d:0e:a6:da:cb:07:67:44:97:69:6d:7d:02:40:1f:
                    b8:56:24:24:53:82:5d:d5:a3:56:6e:cd:0c:7f:f9:
                    0a:37:b8:0a:f3:ac:48:89:80:2a:88:7b:4b:71:57:
                    5f:26:d1:a1:a1:4e:4e:59:0f:49:68:17:1d:9c:eb:
                    0e:b1:68:7d:59:74:80:be:d1:ab:ae:4c:43:5b:25:
                    72:f7:85:a5:88:74:f7:67:e1:d3:29:41:0b:e4:d9:
                    ee:32:1d:b9:19:72:dc:4a:4c:8c:5c:8a:da:17:ce:
                    6f:81:49:33:ee:d7:a9:56:6f:f1:c7:71:ae:9d:88:
                    5d:12:34:3c:40:92:16:72:a1:f7:32:fa:63:69:d9:
                    ec:1c:f9:00:88:8e:8f:c5:fb:80:3d:99:ff:27:56:
                    f2:52:0d:6e:94:db:96:8d:32:31:60:09:c7:e6:6f:
                    ea:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:DD:19:07:C3:B2:5C:3A:9D:1E:E0:36:79:C2:A9:B5:EB:09:C5:A0
            X509v3 Authority Key Identifier:
                keyid:BD:B1:43:99:6D:FE:FF:5F:49:CD:2B:09:B9:41:D0:D5:E5:78:B3:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/Ft0ZB8OyXDqdHuA2ecKptesJxaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.128.0/24
                  195.191.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0f:69:45:e3:f9:f9:dd:e6:20:a5:e6:84:98:5d:a1:8e:d8:
         9d:8b:2a:e3:63:c2:5a:ba:08:0c:19:b6:74:97:f2:d1:3c:1c:
         b4:a4:6f:bc:f0:55:62:7b:96:78:f5:11:cb:83:eb:0a:2e:8c:
         18:80:30:1e:fe:ed:e0:f1:7c:39:94:49:4e:f1:b1:36:23:7f:
         5e:a8:50:39:37:6b:ea:87:02:f8:d5:32:39:5a:6f:85:c4:90:
         e6:65:8b:92:ce:e8:75:e4:77:62:16:fc:15:7c:ed:8e:e7:e5:
         30:26:fa:ea:1b:27:84:0c:3a:f4:b4:13:6d:c7:30:1d:94:29:
         04:46:b4:24:10:cb:87:88:0f:9f:c0:93:fc:a4:cc:a0:c2:4d:
         f3:5d:f5:70:ec:60:3c:61:bf:08:b7:83:7f:47:98:aa:13:ab:
         b4:2d:e8:42:78:22:fb:95:e4:6d:e3:a8:ca:16:4b:91:fe:ee:
         d5:bf:bf:35:b8:4b:ff:42:38:71:a0:16:b4:d5:9f:d1:5c:e6:
         36:2d:31:e7:3c:12:59:5c:33:53:c5:bc:c8:48:d7:44:c7:36:
         76:1e:6f:bf:4b:00:ce:82:1d:84:da:a6:a2:e2:8c:07:22:22:
         98:a1:7b:55:65:e8:81:da:b3:d6:3c:00:16:6e:5d:76:98:06:
         a8:7e:56:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIWaiLGzVyDH0gqBgKsshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjE0Mzk5NmRmZWZmNWY0OWNkMmIwOWI5NDFkMGQ1ZTU3
OGIzZmYwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmRkMTkwN2MzYjI1YzNhOWQxZWUwMzY3OWMyYTliNWViMDljNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12KSpdfh/vWW3MDDjNJt0GrZ3RtS
kukRNAgeY95azua6vbaBpT80Tq2LuAWHcaBmDytb2r9i6/bY03enVe6ge4HUKVA3
3zIYTikAijXjZDfB3AjwLCXNoU2NDqbaywdnRJdpbX0CQB+4ViQkU4Jd1aNWbs0M
f/kKN7gK86xIiYAqiHtLcVdfJtGhoU5OWQ9JaBcdnOsOsWh9WXSAvtGrrkxDWyVy
94WliHT3Z+HTKUEL5NnuMh25GXLcSkyMXIraF85vgUkz7tepVm/xx3GunYhdEjQ8
QJIWcqH3MvpjadnsHPkAiI6PxfuAPZn/J1byUg1ulNuWjTIxYAnH5m/qkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBbdGQfDslw6nR7gNnnCqbXrCcWgMB8GA1UdIwQY
MBaAFL2xQ5lt/v9fSc0rCblB0NXleLP/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJGRG1XMy1fMTlKelNzSnVVSFExZVY0c184LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mYmQ5MTEtOGQzNy00ZTNlLTk1OTkt
ZmMyOWNhYTVkYjdhLzEvRnQwWkI4T3lYRHFkSHVBMmVjS3B0ZXNKeGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mYmQ5MTEtOGQzNy00ZTNlLTk1OTktZmMyOWNhYTVkYjdh
LzEvdmJGRG1XMy1fMTlKelNzSnVVSFExZVY0c184LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYeAAwQA
w7+lMA0GCSqGSIb3DQEBCwUAA4IBAQCQD2lF4/n53eYgpeaEmF2hjtidiyrjY8Ja
uggMGbZ0l/LRPBy0pG+88FVie5Z49RHLg+sKLowYgDAe/u3g8Xw5lElO8bE2I39e
qFA5N2vqhwL41TI5Wm+FxJDmZYuSzuh15HdiFvwVfO2O5+UwJvrqGyeEDDr0tBNt
xzAdlCkERrQkEMuHiA+fwJP8pMygwk3zXfVw7GA8Yb8It4N/R5iqE6u0LehCeCL7
leRt46jKFkuR/u7Vv781uEv/QjhxoBa01Z/RXOY2LTHnPBJZXDNTxbzISNdExzZ2
Hm+/SwDOgh2E2qai4owHIiKYoXtVZeiB2rPWPAAWbl12mAaoflZ4
-----END CERTIFICATE-----