Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/f5zZHfnsAaopf1GoZf4uBje2t0Q.roa
File:                     f5zZHfnsAaopf1GoZf4uBje2t0Q.roa (raw, json)
Hash identifier:          stYfXchqDnkN91Nt8UqXVM+bMk/Z/wzqFhIgpOKs0pk=
Subject key identifier:   7F:9C:D9:1D:F9:EC:01:AA:29:7F:51:A8:65:FE:2E:06:37:B6:B7:44
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01942747EAA4B527145473AB1C16BC916CC7
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/f5zZHfnsAaopf1GoZf4uBje2t0Q.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        185.168.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ea:a4:b5:27:14:54:73:ab:1c:16:bc:91:6c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f9cd91df9ec01aa297f51a865fe2e0637b6b744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0e:11:d0:94:46:67:d0:c4:bf:aa:a9:76:2d:
                    cc:9e:43:0f:38:20:84:f4:66:38:7b:2a:0a:80:c6:
                    1a:58:2b:05:d7:7e:53:64:72:39:35:0f:ce:fe:89:
                    76:92:68:b3:37:79:0d:69:26:d7:04:77:0a:36:41:
                    e9:1b:ba:50:d6:c3:31:4a:f8:39:73:5f:84:b1:03:
                    d2:ad:14:75:59:db:3a:9e:61:75:d9:b5:3e:8f:28:
                    d4:5c:4e:ad:d0:cb:e8:5f:eb:9d:7e:f0:57:e2:dc:
                    46:80:8f:cf:d1:91:cf:63:29:e5:a6:c6:e6:43:3c:
                    42:68:5f:5f:16:1e:c3:9a:71:2c:0b:3a:0b:27:62:
                    12:87:de:c0:d2:c5:d2:aa:72:6f:7d:86:39:5b:ec:
                    3f:64:61:2e:aa:d5:60:c7:66:7d:fc:23:b2:76:07:
                    ed:26:21:94:d4:80:04:0a:f7:ad:43:86:4a:41:3d:
                    2d:01:a0:3c:6f:af:6c:45:2a:1c:95:bf:5a:ad:38:
                    0b:7e:ee:d4:a2:48:91:6b:e2:96:39:6e:13:d8:36:
                    30:8f:59:1f:54:0c:20:3d:89:57:9b:51:57:8c:6c:
                    7c:a7:63:f3:79:bb:0c:1f:3c:5e:62:47:25:5a:5e:
                    56:1b:b8:f4:4d:0b:fe:78:0a:4c:4f:4a:2e:84:1b:
                    eb:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:9C:D9:1D:F9:EC:01:AA:29:7F:51:A8:65:FE:2E:06:37:B6:B7:44
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/f5zZHfnsAaopf1GoZf4uBje2t0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:92:18:eb:ab:49:a7:08:4f:f5:47:d0:c1:41:87:ed:12:d9:
         f9:8f:34:cf:0b:14:95:5a:e7:39:3d:bc:07:1f:16:38:24:93:
         bf:42:64:dd:ce:05:e4:11:03:25:a0:cf:9c:32:cc:b8:1d:59:
         52:15:0b:fe:71:f1:54:99:ca:2d:f0:18:01:8d:22:80:67:a0:
         d4:fe:c9:0c:0e:58:5e:df:eb:b1:cf:a8:96:fd:f8:d6:11:b8:
         55:28:cb:e9:89:45:2b:e8:26:f2:99:5e:72:82:8b:ea:03:c6:
         d5:71:b1:e6:cd:60:52:77:af:36:9d:b6:8b:b0:bb:87:ff:8f:
         f1:b5:71:86:7f:5f:e5:0c:a6:de:cd:b7:00:5d:9d:90:ff:77:
         04:69:1d:a6:67:a4:2b:de:75:38:95:ec:8f:6e:8d:08:5e:7a:
         8e:5c:1e:21:2f:c0:d9:1e:4a:f8:1b:d2:99:00:d1:70:6d:43:
         10:0d:cf:0a:ff:06:53:04:14:0e:3f:82:1d:74:93:e0:60:67:
         cd:db:7e:01:49:9a:87:69:37:98:f6:9f:60:d8:a3:5a:ce:54:
         bb:52:43:6a:43:0c:4c:74:a9:a1:49:35:e2:ff:6f:db:97:57:
         15:87:35:29:e6:f6:ee:b3:39:75:50:6f:10:f3:63:c5:ad:5f:
         62:3a:b2:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+qktScUVHOrHBa8kWzHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjljZDkxZGY5ZWMwMWFhMjk3ZjUxYTg2NWZlMmUwNjM3YjZiNzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA4R0JRGZ9DEv6qpdi3MnkMPOCCE
9GY4eyoKgMYaWCsF135TZHI5NQ/O/ol2kmizN3kNaSbXBHcKNkHpG7pQ1sMxSvg5
c1+EsQPSrRR1Wds6nmF12bU+jyjUXE6t0MvoX+udfvBX4txGgI/P0ZHPYynlpsbm
QzxCaF9fFh7DmnEsCzoLJ2ISh97A0sXSqnJvfYY5W+w/ZGEuqtVgx2Z9/COydgft
JiGU1IAECvetQ4ZKQT0tAaA8b69sRSoclb9arTgLfu7UokiRa+KWOW4T2DYwj1kf
VAwgPYlXm1FXjGx8p2PzebsMHzxeYkclWl5WG7j0TQv+eApMT0ouhBvrPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+c2R357AGqKX9RqGX+LgY3trdEMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvZjV6WkhmbnNBYW9wZjFHb1pmNHVCamUydDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQB+khjrq0mnCE/1R9DBQYftEtn5jzTPCxSVWuc5PbwH
HxY4JJO/QmTdzgXkEQMloM+cMsy4HVlSFQv+cfFUmcot8BgBjSKAZ6DU/skMDlhe
3+uxz6iW/fjWEbhVKMvpiUUr6CbymV5ygovqA8bVcbHmzWBSd682nbaLsLuH/4/x
tXGGf1/lDKbezbcAXZ2Q/3cEaR2mZ6Qr3nU4leyPbo0IXnqOXB4hL8DZHkr4G9KZ
ANFwbUMQDc8K/wZTBBQOP4IddJPgYGfN234BSZqHaTeY9p9g2KNazlS7UkNqQwxM
dKmhSTXi/2/bl1cVhzUp5vbuszl1UG8Q82PFrV9iOrLt
-----END CERTIFICATE-----