Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/un7aOLvVH0DQuSmGP1vDBl9I7QA.roa
File:                     un7aOLvVH0DQuSmGP1vDBl9I7QA.roa (raw, json)
Hash identifier:          iVhFcj6hdZp2lh837gdlgVnJ4rMcKoq6PbO5cfW5HHI=
Subject key identifier:   BA:7E:DA:38:BB:D5:1F:40:D0:B9:29:86:3F:5B:C3:06:5F:48:ED:00
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01942747EBD7672E4536181DB0424E346312
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/un7aOLvVH0DQuSmGP1vDBl9I7QA.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48273
IP address blocks:        185.168.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:eb:d7:67:2e:45:36:18:1d:b0:42:4e:34:63:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba7eda38bbd51f40d0b929863f5bc3065f48ed00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:51:03:d1:ff:2a:d0:df:be:7f:7a:2f:73:
                    ce:13:71:50:36:43:87:05:c3:11:d6:a0:50:f9:25:
                    ca:69:38:d7:de:1e:2e:14:1f:77:02:12:c8:5e:81:
                    31:bc:5b:05:80:22:e6:57:b4:7f:1e:be:f2:e9:1b:
                    f7:dc:2b:08:ad:34:8f:d1:f2:87:16:30:6e:b1:f7:
                    68:08:13:da:5b:15:88:79:37:d5:11:1e:92:ac:08:
                    36:e9:0a:01:92:36:e0:9d:1e:47:36:7c:66:c1:16:
                    d1:55:fa:2d:ce:80:64:7a:a6:ae:c8:29:0d:5d:98:
                    ca:ef:57:e2:3f:36:ce:1d:e5:4a:56:bd:ff:13:df:
                    ae:8c:4e:90:d1:8a:f1:a8:b2:fd:8c:ad:15:57:a8:
                    fd:b1:ec:d5:ff:15:b3:06:53:02:03:b1:88:30:3b:
                    4d:0d:7e:4a:b8:fe:9a:b1:1b:54:aa:77:44:91:45:
                    89:28:ad:29:62:08:d4:fd:11:1b:6d:a2:d4:20:0e:
                    fd:a9:bc:a6:d3:ff:35:1e:5b:ec:d7:d8:85:ae:a8:
                    38:7b:ca:2a:67:80:b2:86:80:7d:e4:55:b9:98:e2:
                    c7:99:4d:ea:3c:12:4b:16:21:07:57:e8:42:c2:54:
                    10:93:14:42:b8:7a:77:47:bb:80:fe:77:06:d9:d7:
                    b7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7E:DA:38:BB:D5:1F:40:D0:B9:29:86:3F:5B:C3:06:5F:48:ED:00
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/un7aOLvVH0DQuSmGP1vDBl9I7QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:35:94:bf:00:44:80:ef:57:7b:82:4c:d9:1c:21:20:9d:95:
         74:f4:d8:8b:72:79:bc:c6:b6:ce:6e:f0:46:20:90:c2:bb:e9:
         4f:11:68:b8:5f:25:72:ee:be:2f:09:77:23:e2:44:59:d5:bc:
         d8:e4:0f:af:97:57:eb:52:d2:ad:91:28:57:b7:df:85:52:8d:
         bd:2e:59:1a:f6:db:7a:d5:b4:ca:d1:a2:1d:14:fa:b9:8c:fa:
         9e:0a:a3:ce:ec:99:46:fa:1b:82:5a:a4:19:20:07:28:88:0d:
         f0:d6:b2:ad:50:7d:df:37:79:6e:9f:e5:27:f4:eb:8e:f4:3a:
         cb:46:e0:11:84:d9:8d:db:d2:a2:ce:f0:c7:85:71:f5:08:67:
         36:b7:fa:fc:7d:d3:12:6b:03:a2:14:05:f5:15:63:13:34:7e:
         7a:44:40:a4:4f:0d:ca:c5:c3:f0:ff:fb:53:db:09:f2:01:28:
         0f:27:78:1d:0f:3c:e2:20:d1:3f:80:3d:98:04:24:1d:31:ab:
         ec:fd:3e:a0:88:18:09:5d:3a:0a:bc:f4:a2:5e:1e:e6:9c:12:
         47:03:07:a5:32:d2:f4:cb:4b:05:68:62:5f:57:96:36:c3:a9:
         f3:52:81:79:cf:dd:00:81:ab:9b:2e:e4:93:41:65:c7:8a:f2:
         d9:44:37:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+vXZy5FNhgdsEJONGMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdlZGEzOGJiZDUxZjQwZDBiOTI5ODYzZjViYzMwNjVmNDhlZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYhRA9H/KtDfvn96L3POE3FQNkOH
BcMR1qBQ+SXKaTjX3h4uFB93AhLIXoExvFsFgCLmV7R/Hr7y6Rv33CsIrTSP0fKH
FjBusfdoCBPaWxWIeTfVER6SrAg26QoBkjbgnR5HNnxmwRbRVfotzoBkeqauyCkN
XZjK71fiPzbOHeVKVr3/E9+ujE6Q0YrxqLL9jK0VV6j9sezV/xWzBlMCA7GIMDtN
DX5KuP6asRtUqndEkUWJKK0pYgjU/REbbaLUIA79qbym0/81Hlvs19iFrqg4e8oq
Z4CyhoB95FW5mOLHmU3qPBJLFiEHV+hCwlQQkxRCuHp3R7uA/ncG2de3HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLp+2ji71R9A0Lkphj9bwwZfSO0AMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvdW43YU9MdlZIMERRdVNtR1AxdkRCbDlJN1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQBPNZS/AESA71d7gkzZHCEgnZV09NiLcnm8xrbObvBG
IJDCu+lPEWi4XyVy7r4vCXcj4kRZ1bzY5A+vl1frUtKtkShXt9+FUo29Llka9tt6
1bTK0aIdFPq5jPqeCqPO7JlG+huCWqQZIAcoiA3w1rKtUH3fN3lun+Un9OuO9DrL
RuARhNmN29KizvDHhXH1CGc2t/r8fdMSawOiFAX1FWMTNH56RECkTw3KxcPw//tT
2wnyASgPJ3gdDzziINE/gD2YBCQdMavs/T6giBgJXToKvPSiXh7mnBJHAwelMtL0
y0sFaGJfV5Y2w6nzUoF5z90AgaubLuSTQWXHivLZRDeZ
-----END CERTIFICATE-----