Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/e1u7bA6PuDBeHm9U9nKjSLDhACw.roa
File:                     e1u7bA6PuDBeHm9U9nKjSLDhACw.roa (raw, json)
Hash identifier:          DvBt+9eFN/dfM+tx+F5jn+yDWZNZsODtMhC5M+LFI08=
Subject key identifier:   7B:5B:BB:6C:0E:8F:B8:30:5E:1E:6F:54:F6:72:A3:48:B0:E1:00:2C
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       019421B210F766DF4FB0F26E821FCF99CD2A
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/e1u7bA6PuDBeHm9U9nKjSLDhACw.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4214120002
IP address blocks:        185.168.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:10:f7:66:df:4f:b0:f2:6e:82:1f:cf:99:cd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b5bbb6c0e8fb8305e1e6f54f672a348b0e1002c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7f:8b:24:a5:99:35:9b:cb:57:f6:b5:62:72:
                    ef:3c:da:10:fc:5a:eb:18:fc:f8:63:2a:10:1c:37:
                    b0:b4:f2:ae:6c:eb:53:dd:33:4b:81:8c:fe:d4:d9:
                    78:f1:e2:ed:a3:24:79:1a:ee:9c:ee:97:4d:8e:06:
                    1f:63:57:62:a9:44:15:a6:0b:b0:c8:f0:68:19:b2:
                    c9:3f:0b:b2:c0:fe:d9:1e:a3:f2:05:25:16:4c:f6:
                    d6:4c:e4:fb:5d:97:3f:72:27:c8:b1:f4:b5:5d:cd:
                    c0:f3:78:e3:17:8c:f9:3d:42:c2:ac:47:f4:06:f2:
                    e5:f8:68:aa:b8:03:52:d6:d2:f9:2d:0a:37:77:6a:
                    2e:b8:fa:c2:05:ef:91:b8:61:7e:b7:02:0b:9f:12:
                    51:01:1c:7d:87:b8:33:27:ca:19:d9:3d:49:5d:26:
                    e4:24:e4:4d:fe:b1:8b:3e:ae:05:f5:6c:65:31:f7:
                    8e:73:02:d0:fc:b3:90:0b:c9:31:a6:ac:50:cf:b4:
                    59:cf:40:b1:20:36:5d:17:b6:51:11:1a:93:c2:da:
                    91:8c:88:7b:9d:13:5f:35:3e:0c:90:4a:90:db:9e:
                    ab:78:d6:d6:7f:81:6a:ef:8d:5a:00:fa:61:6f:1a:
                    35:a8:44:5f:bd:d1:6c:3e:5d:02:38:aa:8a:bc:d2:
                    44:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:5B:BB:6C:0E:8F:B8:30:5E:1E:6F:54:F6:72:A3:48:B0:E1:00:2C
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/e1u7bA6PuDBeHm9U9nKjSLDhACw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b8:68:9a:bf:a3:0b:82:fe:1c:10:73:c7:ae:10:11:a1:3b:
         5a:58:3d:0d:17:b3:dc:37:c4:4c:25:98:89:1c:49:68:36:a3:
         cd:85:01:ca:cd:7e:0f:e8:52:62:eb:d9:6b:e9:96:5b:fc:49:
         79:d1:aa:2e:bb:a0:64:5b:43:85:7f:94:ec:ce:fe:13:d0:dc:
         7d:fc:75:49:e4:e6:7c:b1:b8:96:0b:4d:2c:1d:4a:29:15:9d:
         c9:cc:85:9e:5e:60:bc:2b:7a:82:d7:29:5a:72:7d:86:9b:c0:
         a2:4f:d4:3c:8a:91:d6:02:64:9c:73:9e:8e:a0:49:47:85:67:
         8b:83:1d:dd:ed:b4:97:62:5e:7a:bf:61:26:95:b1:2c:3b:e4:
         82:1a:b8:3a:8b:f2:10:68:90:0c:33:39:87:33:d5:50:0b:04:
         7d:1c:b1:18:a5:14:b6:5a:77:a8:3c:60:b3:ab:6f:c9:25:fc:
         e5:07:b8:b9:76:32:53:7f:49:5f:d9:64:75:91:6d:c5:96:34:
         30:04:2e:00:81:ff:3f:b3:9b:1e:43:d8:23:a6:67:50:b8:5e:
         31:4f:92:5d:ca:69:89:9e:b5:36:cc:09:dc:31:24:24:6c:7f:
         a4:e4:f9:60:8c:c2:f9:6d:8d:2b:5f:6c:a0:ad:5c:fc:8a:23:
         7f:d8:76:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshD3Zt9PsPJugh/Pmc0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZlYmY2NmI4MGYwODEzNTg1OGQxNDRjZWQ2Zjc4NTgz
NGY1ZjQwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjViYmI2YzBlOGZiODMwNWUxZTZmNTRmNjcyYTM0OGIwZTEwMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn+LJKWZNZvLV/a1YnLvPNoQ/Frr
GPz4YyoQHDewtPKubOtT3TNLgYz+1Nl48eLtoyR5Gu6c7pdNjgYfY1diqUQVpguw
yPBoGbLJPwuywP7ZHqPyBSUWTPbWTOT7XZc/cifIsfS1Xc3A83jjF4z5PULCrEf0
BvLl+GiquANS1tL5LQo3d2ouuPrCBe+RuGF+twILnxJRARx9h7gzJ8oZ2T1JXSbk
JORN/rGLPq4F9WxlMfeOcwLQ/LOQC8kxpqxQz7RZz0CxIDZdF7ZRERqTwtqRjIh7
nRNfNT4MkEqQ256reNbWf4Fq741aAPphbxo1qERfvdFsPl0COKqKvNJEdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtbu2wOj7gwXh5vVPZyo0iw4QAsMB8GA1UdIwQY
MBaAFJJW6/ZrgPCBNYWNFEztb3hYNPX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2Ut
NWRhOGQ2NzdkODQ3LzEvZTF1N2JBNlB1REJlSG05VTluS2pTTERoQUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2UtNWRhOGQ2NzdkODQ3
LzEva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaijMA0G
CSqGSIb3DQEBCwUAA4IBAQCGuGiav6MLgv4cEHPHrhARoTtaWD0NF7PcN8RMJZiJ
HEloNqPNhQHKzX4P6FJi69lr6ZZb/El50aouu6BkW0OFf5Tszv4T0Nx9/HVJ5OZ8
sbiWC00sHUopFZ3JzIWeXmC8K3qC1ylacn2Gm8CiT9Q8ipHWAmScc56OoElHhWeL
gx3d7bSXYl56v2EmlbEsO+SCGrg6i/IQaJAMMzmHM9VQCwR9HLEYpRS2WneoPGCz
q2/JJfzlB7i5djJTf0lf2WR1kW3FljQwBC4Agf8/s5seQ9gjpmdQuF4xT5JdymmJ
nrU2zAncMSQkbH+k5PlgjML5bY0rX2ygrVz8iiN/2Haj
-----END CERTIFICATE-----