Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fegZDjvnxgRurYo7N2dE56doPrs.roa
File:                     fegZDjvnxgRurYo7N2dE56doPrs.roa (raw, json)
Hash identifier:          G1Sc4jTNIBp0OhDx/ZdY4eKnulZIfcXzqIWbYkym44I=
Subject key identifier:   7D:E8:19:0E:3B:E7:C6:04:6E:AD:8A:3B:37:67:44:E7:A7:68:3E:BB
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0194274771205C44544320905A9FFC6AAAF5
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fegZDjvnxgRurYo7N2dE56doPrs.roa
Signing time:             Thu 02 Jan 2025 13:49:40 +0000
ROA not before:           Thu 02 Jan 2025 13:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215672
IP address blocks:        87.254.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:71:20:5c:44:54:43:20:90:5a:9f:fc:6a:aa:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 13:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7de8190e3be7c6046ead8a3b376744e7a7683ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:57:b4:ab:10:e7:25:59:be:18:a7:da:97:bc:
                    94:35:3e:50:23:48:18:ce:5f:cb:3f:f8:c5:cf:0b:
                    45:0a:a5:69:2b:47:b9:4f:c8:97:12:1f:f1:cb:8d:
                    37:10:f5:e0:d8:61:d4:49:b8:11:6b:6d:46:55:ab:
                    5c:18:51:67:9c:79:f5:53:63:e4:11:09:91:9d:92:
                    52:89:44:5c:2e:f9:a9:09:60:82:25:a3:aa:d9:96:
                    88:0b:94:0f:13:d4:8f:5e:ef:64:62:92:32:03:68:
                    4e:f4:b8:e3:98:56:e2:f7:f8:d8:ac:34:b4:26:a8:
                    c8:ab:3d:c3:b7:fa:b4:7a:b7:32:8c:5b:a5:35:6a:
                    35:4e:c2:52:d3:4a:1d:50:02:fb:f4:da:ac:26:fc:
                    55:1f:85:10:f3:c8:3a:5c:f0:31:9e:e3:f3:96:39:
                    b3:be:87:d3:0b:87:2b:2f:f2:32:77:81:b4:01:a9:
                    7c:9c:32:5c:b4:91:ce:bf:41:20:ec:9f:0e:4f:86:
                    36:3c:66:5c:c0:37:e4:e6:e5:2f:e2:ea:30:e3:f6:
                    84:ca:12:c9:5d:9e:b2:3a:a5:f0:19:73:a2:d9:ad:
                    83:0e:d9:3f:bd:48:47:7b:30:9f:18:2c:3b:cf:90:
                    6b:c7:f1:48:29:d3:e9:3f:16:d7:37:fc:79:b0:47:
                    00:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E8:19:0E:3B:E7:C6:04:6E:AD:8A:3B:37:67:44:E7:A7:68:3E:BB
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fegZDjvnxgRurYo7N2dE56doPrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c2:b5:46:f7:ff:fd:7c:2e:6e:10:62:df:38:c4:63:e9:22:
         ca:5e:80:78:6d:e0:ed:41:32:da:85:1e:ef:e4:86:25:bc:c4:
         88:4d:fc:15:d4:d3:e9:eb:7e:16:48:59:0f:c5:78:66:70:4e:
         ee:a4:56:68:1d:80:45:bb:c4:45:79:36:fd:5b:ad:1c:65:a5:
         25:b5:df:5b:93:44:2b:61:43:ba:30:c7:ff:c8:ef:a0:d6:4d:
         e3:c0:07:e3:d7:04:73:d1:22:09:59:2d:b1:fb:ba:d5:87:19:
         73:6e:4c:0b:5d:b6:5d:b6:3d:9f:a9:b6:99:14:e1:5f:f0:eb:
         50:df:4e:0a:a5:3f:c6:8a:c9:b5:aa:3e:c8:84:fb:8a:0a:b3:
         91:e7:e7:33:4b:65:40:e9:fb:94:ca:0b:ad:05:bf:67:66:08:
         8d:18:ad:53:66:19:cb:ff:59:a5:f6:8c:03:30:1c:c7:15:96:
         8b:c3:cc:e5:28:f7:f7:fe:8e:e8:ac:aa:71:2e:40:f3:f8:a5:
         a9:80:44:66:15:31:8c:2d:3e:bb:6a:9a:ba:81:63:5e:0e:57:
         0e:9a:cb:f4:55:8d:27:07:ab:8b:98:e1:00:ff:96:18:4b:05:
         c1:03:98:00:7a:11:74:b0:27:f3:ce:ef:c1:72:8e:a7:eb:5c:
         cd:4a:be:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR3EgXERUQyCQWp/8aqr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwMTAyMTM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGU4MTkwZTNiZTdjNjA0NmVhZDhhM2IzNzY3NDRlN2E3NjgzZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVe0qxDnJVm+GKfal7yUNT5QI0gY
zl/LP/jFzwtFCqVpK0e5T8iXEh/xy403EPXg2GHUSbgRa21GVatcGFFnnHn1U2Pk
EQmRnZJSiURcLvmpCWCCJaOq2ZaIC5QPE9SPXu9kYpIyA2hO9LjjmFbi9/jYrDS0
JqjIqz3Dt/q0ercyjFulNWo1TsJS00odUAL79NqsJvxVH4UQ88g6XPAxnuPzljmz
vofTC4crL/Iyd4G0Aal8nDJctJHOv0Eg7J8OT4Y2PGZcwDfk5uUv4uow4/aEyhLJ
XZ6yOqXwGXOi2a2DDtk/vUhHezCfGCw7z5Brx/FIKdPpPxbXN/x5sEcA4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3oGQ4758YEbq2KOzdnROenaD67MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvZmVnWkRqdm54Z1J1cllvN04yZEU1NmRvUHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4XMA0G
CSqGSIb3DQEBCwUAA4IBAQAXwrVG9//9fC5uEGLfOMRj6SLKXoB4beDtQTLahR7v
5IYlvMSITfwV1NPp634WSFkPxXhmcE7upFZoHYBFu8RFeTb9W60cZaUltd9bk0Qr
YUO6MMf/yO+g1k3jwAfj1wRz0SIJWS2x+7rVhxlzbkwLXbZdtj2fqbaZFOFf8OtQ
304KpT/Gism1qj7IhPuKCrOR5+czS2VA6fuUygutBb9nZgiNGK1TZhnL/1ml9owD
MBzHFZaLw8zlKPf3/o7orKpxLkDz+KWpgERmFTGMLT67apq6gWNeDlcOmsv0VY0n
B6uLmOEA/5YYSwXBA5gAehF0sCfzzu/Bco6n61zNSr6t
-----END CERTIFICATE-----