Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/h4WPx1Sgez5mjA1QOYWXTeKaf6I.roa
File:                     h4WPx1Sgez5mjA1QOYWXTeKaf6I.roa (raw, json)
Hash identifier:          j0LdK7x2Tf65HMuHIG0cj+mnli0iJ+gVK8H+vxjuT5g=
Subject key identifier:   87:85:8F:C7:54:A0:7B:3E:66:8C:0D:50:39:85:97:4D:E2:9A:7F:A2
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       01954149AFA99865FA09B6C31E42AF137C9F
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/h4WPx1Sgez5mjA1QOYWXTeKaf6I.roa
Signing time:             Wed 26 Feb 2025 08:05:02 +0000
ROA not before:           Wed 26 Feb 2025 08:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        2.59.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:49:af:a9:98:65:fa:09:b6:c3:1e:42:af:13:7c:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Feb 26 08:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87858fc754a07b3e668c0d503985974de29a7fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0e:01:1a:05:16:82:89:78:8a:b3:97:40:e0:
                    7b:0b:a2:b9:d3:3c:2a:de:09:05:2b:d0:69:d3:e1:
                    02:31:d7:18:c3:56:3e:2d:38:f4:88:32:b7:15:1a:
                    99:d6:42:0f:79:26:39:c0:74:77:ec:a0:61:c1:51:
                    91:26:86:a5:7a:e1:d1:65:d8:49:52:73:2f:cd:e7:
                    79:ec:e5:ab:d1:c6:68:56:13:9d:d4:92:88:56:35:
                    97:ce:04:51:5f:9c:7b:f6:17:d6:6f:43:cb:ad:2b:
                    0d:31:02:98:8b:e0:81:26:71:c9:dc:1e:9d:0a:c8:
                    85:7a:66:29:0d:b3:e9:bb:c0:8e:a4:78:dc:4e:52:
                    4c:4a:fe:69:ef:b0:10:aa:cc:c7:6d:7b:d6:90:cd:
                    4d:d0:86:e1:eb:47:90:f9:77:2a:b5:82:b4:5b:8a:
                    86:9c:30:fc:84:f9:99:e8:25:a7:f5:82:c2:b7:37:
                    e1:b0:2f:58:a6:58:28:7f:83:88:7c:94:ca:e6:65:
                    00:6c:7d:b5:c5:12:aa:18:55:74:5c:35:01:af:d6:
                    dc:99:52:72:27:20:59:fc:53:9b:f5:b9:4e:ef:7a:
                    3a:f8:5e:90:7a:8d:60:b9:7e:69:9e:a7:6b:80:ed:
                    a7:1c:41:cc:a5:b8:ea:97:42:e7:45:a6:19:e1:53:
                    6f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:85:8F:C7:54:A0:7B:3E:66:8C:0D:50:39:85:97:4D:E2:9A:7F:A2
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/h4WPx1Sgez5mjA1QOYWXTeKaf6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:11:85:96:f8:1e:28:87:b6:cf:44:df:f9:71:89:95:ef:c2:
         20:04:b3:00:7d:fd:13:e9:54:f7:75:ea:bc:22:98:82:51:90:
         c1:2c:86:7d:2b:90:b2:7d:0e:12:d9:81:89:40:73:05:12:29:
         41:a0:02:e3:32:a1:56:83:f4:c0:a7:3f:21:09:79:b0:dc:30:
         4d:33:54:d3:09:af:ae:53:3f:bc:6c:16:74:8e:a0:73:37:93:
         d4:c9:95:4d:74:2e:b7:53:62:ea:b6:fd:91:74:05:ff:0d:98:
         28:4a:73:e8:14:30:b6:2a:d1:3d:78:09:cb:03:62:e9:33:a1:
         fc:e1:a2:cb:46:ea:cb:1e:52:65:c1:9a:d7:bb:0b:b5:b1:b0:
         ee:6a:98:4e:a0:67:4e:61:2d:2d:d7:a8:5d:73:11:d2:33:5c:
         1a:16:c3:b8:b2:ac:68:65:9d:65:76:a4:60:c0:02:25:00:ad:
         f0:54:43:6b:9b:32:f1:85:e2:a6:db:ea:07:22:c6:df:70:d9:
         9e:3e:bf:9f:54:50:72:b6:df:d3:f7:55:07:f0:46:84:52:ff:
         ca:c3:8b:ca:59:f2:7c:19:85:cd:02:88:fb:ee:df:aa:f7:24:
         8c:59:c0:e8:15:c3:4e:4d:bb:af:84:93:72:92:05:2d:a6:97:
         46:47:9e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVBSa+pmGX6CbbDHkKvE3yfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwMjI2MDgwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg1OGZjNzU0YTA3YjNlNjY4YzBkNTAzOTg1OTc0ZGUyOWE3ZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0w4BGgUWgol4irOXQOB7C6K50zwq
3gkFK9Bp0+ECMdcYw1Y+LTj0iDK3FRqZ1kIPeSY5wHR37KBhwVGRJoaleuHRZdhJ
UnMvzed57OWr0cZoVhOd1JKIVjWXzgRRX5x79hfWb0PLrSsNMQKYi+CBJnHJ3B6d
CsiFemYpDbPpu8COpHjcTlJMSv5p77AQqszHbXvWkM1N0Ibh60eQ+XcqtYK0W4qG
nDD8hPmZ6CWn9YLCtzfhsC9Yplgof4OIfJTK5mUAbH21xRKqGFV0XDUBr9bcmVJy
JyBZ/FOb9blO73o6+F6Qeo1guX5pnqdrgO2nHEHMpbjql0LnRaYZ4VNv7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeFj8dUoHs+ZowNUDmFl03imn+iMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvaDRXUHgxU2dlejVtakExUU9ZV1hUZUthZjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAju1MA0G
CSqGSIb3DQEBCwUAA4IBAQBmEYWW+B4oh7bPRN/5cYmV78IgBLMAff0T6VT3deq8
IpiCUZDBLIZ9K5CyfQ4S2YGJQHMFEilBoALjMqFWg/TApz8hCXmw3DBNM1TTCa+u
Uz+8bBZ0jqBzN5PUyZVNdC63U2Lqtv2RdAX/DZgoSnPoFDC2KtE9eAnLA2LpM6H8
4aLLRurLHlJlwZrXuwu1sbDuaphOoGdOYS0t16hdcxHSM1waFsO4sqxoZZ1ldqRg
wAIlAK3wVENrmzLxheKm2+oHIsbfcNmePr+fVFBytt/T91UH8EaEUv/Kw4vKWfJ8
GYXNAoj77t+q9ySMWcDoFcNOTbuvhJNykgUtppdGR55A
-----END CERTIFICATE-----