Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/65lpN-Uplb3bqrNjye037zWQjFw.roa
File:                     65lpN-Uplb3bqrNjye037zWQjFw.roa (raw, json)
Hash identifier:          vT1vcFEqN1QYB/BEg+/BkkctLd5pZUQxgE5CnQ7xUVE=
Subject key identifier:   EB:99:69:37:E5:29:95:BD:DB:AA:B3:63:C9:ED:37:EF:35:90:8C:5C
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01942747678A279BD5E76B04130BE7693D49
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/65lpN-Uplb3bqrNjye037zWQjFw.roa
Signing time:             Thu 02 Jan 2025 13:49:38 +0000
ROA not before:           Thu 02 Jan 2025 13:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        87.254.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:67:8a:27:9b:d5:e7:6b:04:13:0b:e7:69:3d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 13:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb996937e52995bddbaab363c9ed37ef35908c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:bb:18:ef:88:0d:70:bd:a7:b4:bd:99:e1:
                    38:3d:d7:e6:64:88:13:c8:82:27:05:0a:c9:fc:58:
                    68:2e:f0:2e:a1:1e:c8:45:28:31:a6:f5:84:a2:23:
                    56:5a:c3:3f:42:67:b8:76:ac:19:9b:ef:ac:8a:00:
                    62:f3:48:0a:59:bc:cd:cb:a1:f5:21:d7:fb:0e:95:
                    19:9f:4c:1e:7f:de:50:22:13:de:a1:df:fb:be:ab:
                    78:77:0b:e4:45:9a:21:d1:db:a0:a4:42:bb:54:3d:
                    7b:64:03:00:36:03:13:87:18:04:5a:0e:81:21:ee:
                    cb:26:b0:da:3c:6a:c7:0a:80:c2:42:b8:0d:97:08:
                    c7:51:21:0d:3a:cf:34:6f:64:7e:f4:35:28:e9:d9:
                    25:1a:ad:c6:0b:ab:0e:1e:fd:c6:8b:86:46:2a:db:
                    66:8a:17:5e:a6:6c:64:88:b9:30:99:3c:e7:62:0f:
                    14:e5:4d:48:a8:1f:9b:8a:1c:11:8a:c4:ad:d1:a7:
                    ab:7d:a1:66:f2:ba:8b:a6:c6:8f:6a:bd:ba:c0:ae:
                    7a:4b:db:45:2a:cd:a8:56:23:98:7f:7d:2d:d0:80:
                    a5:f5:52:36:a4:f9:43:51:1a:bf:ae:04:41:81:33:
                    9f:88:01:3e:8c:75:a9:6a:d8:43:79:3e:58:16:9f:
                    55:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:99:69:37:E5:29:95:BD:DB:AA:B3:63:C9:ED:37:EF:35:90:8C:5C
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/65lpN-Uplb3bqrNjye037zWQjFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:dc:45:bc:18:4f:97:c2:e5:d3:d7:0e:cd:d2:87:3b:cb:21:
         1a:e4:9f:6a:92:9a:74:3d:38:e4:52:71:4f:42:6e:f1:a4:7c:
         96:d5:57:68:76:57:22:a5:23:c2:02:b1:85:32:96:2f:36:31:
         8d:df:62:8f:ae:4f:f0:01:96:0f:2c:99:a2:69:f2:90:0f:f1:
         af:bc:ab:0d:78:f7:39:51:39:a5:7d:1d:62:cc:9e:b7:59:e2:
         11:14:cf:6b:ca:7e:64:c7:fd:0c:73:52:92:e8:25:59:19:45:
         1f:bf:13:7d:0f:15:1d:64:2b:81:61:05:74:0c:95:93:d4:c0:
         ab:7c:53:bf:aa:33:01:80:ad:9c:00:8a:e9:37:fe:5d:53:73:
         ff:e3:d0:d6:77:4c:22:3a:c9:58:a4:8a:e3:4c:c8:49:08:c9:
         67:53:d7:71:e9:d3:92:37:72:49:36:71:5c:be:94:0c:f1:59:
         d1:81:2f:e0:72:3c:ea:2e:e2:00:b3:e9:fc:41:c5:23:0f:67:
         9a:1b:8e:43:5a:f3:91:8b:eb:e3:e4:26:d4:31:14:14:27:8f:
         9d:38:f7:d6:dd:a2:55:93:ba:e6:a8:5e:36:71:f2:c9:7a:a8:
         85:b2:49:8d:46:4b:00:22:b0:a7:fd:80:5f:13:48:e7:ca:0f:
         b3:4e:e1:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR2eKJ5vV52sEEwvnaT1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwMTAyMTM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk5NjkzN2U1Mjk5NWJkZGJhYWIzNjNjOWVkMzdlZjM1OTA4YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqO7GO+IDXC9p7S9meE4PdfmZIgT
yIInBQrJ/FhoLvAuoR7IRSgxpvWEoiNWWsM/Qme4dqwZm++sigBi80gKWbzNy6H1
Idf7DpUZn0wef95QIhPeod/7vqt4dwvkRZoh0dugpEK7VD17ZAMANgMThxgEWg6B
Ie7LJrDaPGrHCoDCQrgNlwjHUSENOs80b2R+9DUo6dklGq3GC6sOHv3Gi4ZGKttm
ihdepmxkiLkwmTznYg8U5U1IqB+bihwRisSt0aerfaFm8rqLpsaPar26wK56S9tF
Ks2oViOYf30t0ICl9VI2pPlDURq/rgRBgTOfiAE+jHWpathDeT5YFp9VJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuZaTflKZW926qzY8ntN+81kIxcMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvNjVscE4tVXBsYjNicXJOanllMDM3eldRakZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4dMA0G
CSqGSIb3DQEBCwUAA4IBAQAa3EW8GE+XwuXT1w7N0oc7yyEa5J9qkpp0PTjkUnFP
Qm7xpHyW1VdodlcipSPCArGFMpYvNjGN32KPrk/wAZYPLJmiafKQD/GvvKsNePc5
UTmlfR1izJ63WeIRFM9ryn5kx/0Mc1KS6CVZGUUfvxN9DxUdZCuBYQV0DJWT1MCr
fFO/qjMBgK2cAIrpN/5dU3P/49DWd0wiOslYpIrjTMhJCMlnU9dx6dOSN3JJNnFc
vpQM8VnRgS/gcjzqLuIAs+n8QcUjD2eaG45DWvORi+vj5CbUMRQUJ4+dOPfW3aJV
k7rmqF42cfLJeqiFskmNRksAIrCn/YBfE0jnyg+zTuGb
-----END CERTIFICATE-----