Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/d9T8_jMA5OOlUFBzolig6e4lFl4.roa
File:                     d9T8_jMA5OOlUFBzolig6e4lFl4.roa (raw, json)
Hash identifier:          1O/cLZtIVt/wqkV2Y55eMzx0OCuyozd0/DXaB7TJnEc=
Subject key identifier:   77:D4:FC:FE:33:00:E4:E3:A5:50:50:73:A2:58:A0:E9:EE:25:16:5E
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0194221FCCD1069DA2A689AD568B7FEDAEBA
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/d9T8_jMA5OOlUFBzolig6e4lFl4.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48763
IP address blocks:        185.162.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cc:d1:06:9d:a2:a6:89:ad:56:8b:7f:ed:ae:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77d4fcfe3300e4e3a5505073a258a0e9ee25165e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:31:79:1b:66:24:90:cd:ff:70:d6:3d:9c:
                    df:5a:84:0e:d6:87:91:2b:4a:43:84:ba:c5:2a:60:
                    b5:c4:e9:0b:6e:3f:2b:d0:23:ef:2f:da:46:24:7b:
                    4e:8f:2e:0a:1d:55:61:9e:28:27:cb:65:41:b3:cc:
                    b6:17:c8:e4:9d:d4:b0:40:d1:69:3a:68:2e:8f:22:
                    0f:d8:4f:90:85:21:8a:23:2c:41:ff:da:ea:0c:0c:
                    f2:7d:14:a5:51:90:67:08:11:16:58:17:83:c9:cd:
                    f8:67:35:5f:fd:12:c9:54:91:87:1f:cb:c6:f0:0b:
                    53:8a:63:f0:f3:f0:f8:ff:f8:94:da:1f:14:1f:f5:
                    61:6c:68:05:aa:a6:f7:ee:56:dd:4e:6d:a1:3a:21:
                    1e:a0:f9:d4:9c:bb:3b:9b:cf:f6:01:ac:eb:9c:ad:
                    cc:ee:d4:e4:11:b5:58:58:ca:fb:65:1b:80:a8:47:
                    3d:62:f2:6e:5c:10:61:f4:ad:e0:76:33:c2:35:84:
                    2b:70:fc:d1:d8:3b:96:06:c7:96:5f:81:58:5e:21:
                    8f:26:51:ce:18:74:96:1b:3f:1c:c9:48:57:4f:f4:
                    db:13:72:9c:1a:be:94:6c:83:5f:67:de:55:26:89:
                    a9:9a:75:26:53:6e:ea:85:d6:bf:8c:79:65:77:0f:
                    d9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D4:FC:FE:33:00:E4:E3:A5:50:50:73:A2:58:A0:E9:EE:25:16:5E
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/d9T8_jMA5OOlUFBzolig6e4lFl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:84:1e:d5:5c:f2:0c:61:65:ce:b5:fc:3c:98:ce:e9:c4:23:
         1e:22:7f:d4:b4:e0:bb:e4:4e:c1:50:c8:79:c9:98:d5:ed:50:
         2d:b8:03:a9:fb:46:1d:72:c9:ef:ef:23:76:0c:33:00:8a:ae:
         4c:41:04:8b:93:e8:0d:9b:ac:68:66:a8:70:84:00:48:b5:0c:
         ea:8b:1f:b4:7f:03:5e:66:6a:6b:60:e4:55:8c:17:6d:ca:09:
         0c:bf:cf:c8:89:bf:99:c4:14:c0:41:6d:b2:ff:d7:45:43:e2:
         b5:98:b0:ec:32:c9:79:57:80:ef:cb:d9:5b:da:9f:75:fe:04:
         55:e7:c9:e1:9d:5e:ab:16:fd:09:d0:11:27:57:bc:e7:c5:a4:
         94:d9:16:f3:f3:4a:b5:8b:cb:76:31:4d:fe:f8:ce:8e:36:38:
         7f:bf:09:84:28:08:c2:90:c5:cb:c3:33:8d:ce:cc:6b:fb:d4:
         eb:7c:e9:4f:fb:ed:7e:4f:72:cc:7a:ac:da:3f:e1:df:f3:c5:
         fc:7c:24:8a:ef:18:0a:fb:c4:3c:0d:da:55:bb:37:b7:6d:38:
         d3:0c:80:5e:bc:3e:28:37:c3:54:e7:62:50:e0:ea:2c:81:61:
         5c:ce:29:c9:00:7f:c9:fc:8f:a5:ae:1f:22:9e:8f:30:f9:25:
         43:99:16:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8zRBp2ipomtVot/7a66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Q0ZmNmZTMzMDBlNGUzYTU1MDUwNzNhMjU4YTBlOWVlMjUxNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuggxeRtmJJDN/3DWPZzfWoQO1oeR
K0pDhLrFKmC1xOkLbj8r0CPvL9pGJHtOjy4KHVVhnigny2VBs8y2F8jkndSwQNFp
OmgujyIP2E+QhSGKIyxB/9rqDAzyfRSlUZBnCBEWWBeDyc34ZzVf/RLJVJGHH8vG
8AtTimPw8/D4//iU2h8UH/VhbGgFqqb37lbdTm2hOiEeoPnUnLs7m8/2AazrnK3M
7tTkEbVYWMr7ZRuAqEc9YvJuXBBh9K3gdjPCNYQrcPzR2DuWBseWX4FYXiGPJlHO
GHSWGz8cyUhXT/TbE3KcGr6UbINfZ95VJompmnUmU27qhda/jHlldw/ZHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfU/P4zAOTjpVBQc6JYoOnuJRZeMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvZDlUOF9qTUE1T09sVUZCem9saWc2ZTRsRmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaLrMA0G
CSqGSIb3DQEBCwUAA4IBAQCPhB7VXPIMYWXOtfw8mM7pxCMeIn/UtOC75E7BUMh5
yZjV7VAtuAOp+0Ydcsnv7yN2DDMAiq5MQQSLk+gNm6xoZqhwhABItQzqix+0fwNe
ZmprYORVjBdtygkMv8/Iib+ZxBTAQW2y/9dFQ+K1mLDsMsl5V4Dvy9lb2p91/gRV
58nhnV6rFv0J0BEnV7znxaSU2Rbz80q1i8t2MU3++M6ONjh/vwmEKAjCkMXLwzON
zsxr+9TrfOlP++1+T3LMeqzaP+Hf88X8fCSK7xgK+8Q8DdpVuze3bTjTDIBevD4o
N8NU52JQ4OosgWFczinJAH/J/I+lrh8ino8w+SVDmRb3
-----END CERTIFICATE-----