Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/pVnXYoxQriC-WtOLcwsA6Za2gDI.roa
File:                     pVnXYoxQriC-WtOLcwsA6Za2gDI.roa (raw, json)
Hash identifier:          1qcQ0hH+Vk55dAqX/63+B6qLf3cPHgQEfJdfgWLNx0w=
Subject key identifier:   A5:59:D7:62:8C:50:AE:20:BE:5A:D3:8B:73:0B:00:E9:96:B6:80:32
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       01942521FBC4D90D66F653E06EEDECC6A04F
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/pVnXYoxQriC-WtOLcwsA6Za2gDI.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50327
IP address blocks:        185.60.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fb:c4:d9:0d:66:f6:53:e0:6e:ed:ec:c6:a0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a559d7628c50ae20be5ad38b730b00e996b68032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:33:d9:e8:91:9f:24:cc:4a:a0:f9:f7:36:9f:
                    22:f1:33:05:e9:d0:a6:3e:f6:54:4a:39:01:6a:6b:
                    f5:84:bd:a5:38:f0:67:9b:65:ac:4f:45:0e:4b:d0:
                    0f:ae:14:7b:4d:87:0f:87:36:23:c0:9b:df:9f:2c:
                    74:1d:3e:5a:18:d0:63:46:8b:6c:f9:ec:6d:6e:bb:
                    61:db:65:97:f7:3e:f1:e0:10:d0:e7:07:47:fa:55:
                    5d:fa:ce:25:40:5a:c6:73:e4:6b:c6:93:cb:85:7e:
                    b1:ab:cb:0b:0e:34:ab:71:01:6f:e8:5d:45:c7:c0:
                    0a:90:b8:78:cf:60:45:21:b4:53:ba:f3:f4:ec:0a:
                    ff:de:67:d7:40:ed:a5:69:d8:49:06:2e:07:3e:5c:
                    35:76:64:f0:3a:1f:52:11:29:14:8c:7d:a9:35:18:
                    7e:5c:7b:e8:e3:cf:8a:e3:1f:fa:20:65:2a:14:c9:
                    06:48:af:c4:98:16:be:e6:86:75:f0:63:3c:7a:a1:
                    0e:e1:4e:95:4b:e5:5e:15:f6:46:d7:64:87:45:70:
                    3c:48:74:4a:2a:6c:fe:6e:bf:a8:e9:78:56:00:3e:
                    fd:fd:9a:68:f1:47:c8:cb:66:18:c9:c4:56:bc:19:
                    dc:75:8f:ad:e6:09:3d:9b:a9:e0:04:08:ae:38:1b:
                    6c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:59:D7:62:8C:50:AE:20:BE:5A:D3:8B:73:0B:00:E9:96:B6:80:32
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/pVnXYoxQriC-WtOLcwsA6Za2gDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:eb:91:5d:3b:4e:91:2e:10:52:0f:01:54:21:31:ce:27:26:
         e5:5c:2b:2b:2a:01:ec:2b:4f:fa:df:cc:08:b9:8e:c9:be:bd:
         3a:45:83:ff:58:2d:b9:cc:4b:68:fa:f7:7b:8d:da:9d:f7:d8:
         cf:79:e4:10:67:ce:46:4a:4f:5f:2e:5c:6d:88:c2:68:99:f1:
         07:50:2c:67:36:51:a4:e0:f1:37:09:de:b0:0d:e9:a9:56:e1:
         72:6a:de:d9:c8:27:3f:10:03:ad:74:a9:41:07:13:54:79:0f:
         69:a6:f2:ce:be:e9:97:23:f8:fe:fa:c9:60:a4:70:d5:9e:d2:
         82:0d:fa:b6:27:70:54:20:ce:06:26:5e:89:ab:4a:7b:97:11:
         80:1e:0c:2c:94:22:a8:75:e6:f4:0a:17:03:4d:df:41:3d:c4:
         b9:b0:35:5a:4b:61:31:5b:f9:3e:9f:f8:34:fc:ff:33:94:32:
         df:09:93:45:dd:c1:59:b7:e3:de:36:c0:f2:d7:81:95:b0:22:
         95:7e:ce:b0:2e:1a:c4:af:9b:6a:2e:7f:b2:fd:ef:77:b7:2c:
         37:c4:f8:de:f3:d5:fe:f9:55:60:1a:ac:ca:06:f1:ae:55:27:
         ea:82:e5:76:c7:fa:4a:cd:a5:30:bf:c3:6f:75:dd:07:17:5b:
         97:c3:c6:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIfvE2Q1m9lPgbu3sxqBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTU5ZDc2MjhjNTBhZTIwYmU1YWQzOGI3MzBiMDBlOTk2YjY4MDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DPZ6JGfJMxKoPn3Np8i8TMF6dCm
PvZUSjkBamv1hL2lOPBnm2WsT0UOS9APrhR7TYcPhzYjwJvfnyx0HT5aGNBjRots
+extbrth22WX9z7x4BDQ5wdH+lVd+s4lQFrGc+RrxpPLhX6xq8sLDjSrcQFv6F1F
x8AKkLh4z2BFIbRTuvP07Ar/3mfXQO2ladhJBi4HPlw1dmTwOh9SESkUjH2pNRh+
XHvo48+K4x/6IGUqFMkGSK/EmBa+5oZ18GM8eqEO4U6VS+VeFfZG12SHRXA8SHRK
Kmz+br+o6XhWAD79/Zpo8UfIy2YYycRWvBncdY+t5gk9m6ngBAiuOBtswwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVZ12KMUK4gvlrTi3MLAOmWtoAyMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvcFZuWFlveFFyaUMtV3RPTGN3c0E2WmEyZ0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTw0MA0G
CSqGSIb3DQEBCwUAA4IBAQAc65FdO06RLhBSDwFUITHOJyblXCsrKgHsK0/638wI
uY7Jvr06RYP/WC25zEto+vd7jdqd99jPeeQQZ85GSk9fLlxtiMJomfEHUCxnNlGk
4PE3Cd6wDempVuFyat7ZyCc/EAOtdKlBBxNUeQ9ppvLOvumXI/j++slgpHDVntKC
Dfq2J3BUIM4GJl6Jq0p7lxGAHgwslCKodeb0ChcDTd9BPcS5sDVaS2ExW/k+n/g0
/P8zlDLfCZNF3cFZt+PeNsDy14GVsCKVfs6wLhrEr5tqLn+y/e93tyw3xPje89X+
+VVgGqzKBvGuVSfqguV2x/pKzaUwv8Nvdd0HF1uXw8bR
-----END CERTIFICATE-----