Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/7hlWKm8vTIF0LH1H2oS6Admh1TI.roa
File:                     7hlWKm8vTIF0LH1H2oS6Admh1TI.roa (raw, json)
Hash identifier:          JGgMMA+OZIrWq67kkKcLVk/aNndkz3SnG1R5RYOVvj8=
Subject key identifier:   EE:19:56:2A:6F:2F:4C:81:74:2C:7D:47:DA:84:BA:01:D9:A1:D5:32
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       019427B590180BB8DCC000E7E34E43F42925
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/7hlWKm8vTIF0LH1H2oS6Admh1TI.roa
Signing time:             Thu 02 Jan 2025 15:49:57 +0000
ROA not before:           Thu 02 Jan 2025 15:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214728
IP address blocks:        185.170.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:90:18:0b:b8:dc:c0:00:e7:e3:4e:43:f4:29:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  2 15:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee19562a6f2f4c81742c7d47da84ba01d9a1d532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a8:89:c1:54:ca:e8:c2:24:8c:43:b4:08:0f:
                    05:65:6a:e3:7b:e8:df:4b:e8:5d:a5:78:38:07:59:
                    a5:23:ff:6f:6f:1a:f8:7a:34:39:be:4f:8b:2c:19:
                    5a:5e:58:67:63:11:ff:1b:22:b0:fb:08:e8:68:55:
                    ba:c5:07:ba:f5:fd:b4:5c:18:74:38:dd:5a:cb:67:
                    57:53:b9:98:06:02:74:5e:45:94:38:de:ba:f9:24:
                    fd:01:ad:bf:aa:c7:24:20:51:c0:46:d8:34:07:dc:
                    2f:0f:d2:39:08:17:71:53:af:32:8e:d9:0d:66:d3:
                    3b:07:4c:8e:b9:e2:b1:c5:fe:31:ae:63:4d:8e:ff:
                    bc:17:a5:c8:61:6f:9a:2d:d9:01:f2:7a:d7:18:fa:
                    6e:32:fe:7e:72:bd:63:46:0e:e6:76:23:dc:84:f1:
                    fe:e1:23:5b:23:2b:22:49:77:73:f8:32:53:96:75:
                    fd:b3:4d:93:0d:f3:dc:79:24:dd:c2:35:d8:17:60:
                    bb:98:6c:6f:13:88:33:3a:7f:00:b5:c5:de:56:09:
                    99:78:cd:75:cd:c3:65:bc:3f:49:26:9f:44:8b:d2:
                    03:7b:db:29:b5:ba:3b:6e:8c:57:0b:a6:96:94:80:
                    26:31:61:59:20:86:02:ed:14:87:52:53:1b:b4:55:
                    d1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:19:56:2A:6F:2F:4C:81:74:2C:7D:47:DA:84:BA:01:D9:A1:D5:32
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/7hlWKm8vTIF0LH1H2oS6Admh1TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:29:ed:47:6a:9e:ff:ad:44:4f:a9:70:27:cd:d1:86:ef:67:
         84:d8:5e:42:eb:f5:77:e2:05:65:85:a7:96:08:f3:b9:25:0d:
         a9:71:37:62:57:df:56:d1:ff:6e:ef:e9:6d:ad:08:98:5f:00:
         6c:e5:c6:6b:55:71:13:fa:b7:3d:aa:73:d6:82:75:6e:a1:d6:
         37:99:61:97:4a:86:93:2e:19:30:5c:97:55:b4:b6:06:0f:e7:
         27:0f:15:ac:d6:3e:d0:6a:29:8b:b9:24:4f:f0:cc:eb:ee:26:
         c0:95:c5:88:e6:4a:b6:ec:04:df:50:55:06:69:df:ed:f0:f6:
         32:8b:e0:92:65:74:0d:03:6a:5d:4e:13:94:d2:5a:90:94:97:
         1e:0d:1b:d5:c3:89:a2:17:ed:5a:b8:00:88:47:02:b4:36:e6:
         04:d2:81:da:07:5a:04:33:2e:8b:95:67:59:19:fe:fe:bb:50:
         88:0d:77:b7:f4:f7:4b:53:75:aa:7c:0f:ff:47:cc:11:a1:1a:
         43:04:b5:02:20:4e:b4:15:4a:c0:a8:07:c8:9a:29:3a:99:04:
         a1:8f:63:51:2e:0f:72:ca:83:a1:2f:4b:03:c5:cc:e8:0c:62:
         94:67:cb:c0:8b:87:35:3e:e5:ab:4d:98:77:a3:00:9c:c2:27:
         e8:14:9f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZAYC7jcwADn405D9CklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjUwMTAyMTU0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTE5NTYyYTZmMmY0YzgxNzQyYzdkNDdkYTg0YmEwMWQ5YTFkNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaiJwVTK6MIkjEO0CA8FZWrje+jf
S+hdpXg4B1mlI/9vbxr4ejQ5vk+LLBlaXlhnYxH/GyKw+wjoaFW6xQe69f20XBh0
ON1ay2dXU7mYBgJ0XkWUON66+ST9Aa2/qsckIFHARtg0B9wvD9I5CBdxU68yjtkN
ZtM7B0yOueKxxf4xrmNNjv+8F6XIYW+aLdkB8nrXGPpuMv5+cr1jRg7mdiPchPH+
4SNbIysiSXdz+DJTlnX9s02TDfPceSTdwjXYF2C7mGxvE4gzOn8AtcXeVgmZeM11
zcNlvD9JJp9Ei9IDe9sptbo7boxXC6aWlIAmMWFZIIYC7RSHUlMbtFXRuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4ZVipvL0yBdCx9R9qEugHZodUyMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvN2hsV0ttOHZUSUYwTEgxSDJvUzZBZG1oMVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqBMA0G
CSqGSIb3DQEBCwUAA4IBAQA+Ke1Hap7/rURPqXAnzdGG72eE2F5C6/V34gVlhaeW
CPO5JQ2pcTdiV99W0f9u7+ltrQiYXwBs5cZrVXET+rc9qnPWgnVuodY3mWGXSoaT
LhkwXJdVtLYGD+cnDxWs1j7QaimLuSRP8Mzr7ibAlcWI5kq27ATfUFUGad/t8PYy
i+CSZXQNA2pdThOU0lqQlJceDRvVw4miF+1auACIRwK0NuYE0oHaB1oEMy6LlWdZ
Gf7+u1CIDXe39PdLU3WqfA//R8wRoRpDBLUCIE60FUrAqAfImik6mQShj2NRLg9y
yoOhL0sDxczoDGKUZ8vAi4c1PuWrTZh3owCcwifoFJ94
-----END CERTIFICATE-----