Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/ryABSBgMLByw-XFfZ_8SVzjoEH4.roa
File:                     ryABSBgMLByw-XFfZ_8SVzjoEH4.roa (raw, json)
Hash identifier:          Qmf/YZ6xzpzD9CwzHR2N62ZnpRrAxDW7s9aRsiehW1o=
Subject key identifier:   AF:20:01:48:18:0C:2C:1C:B0:F9:71:5F:67:FF:12:57:38:E8:10:7E
Certificate issuer:       /CN=77b020308865c3360dab19f3a5703341864e9f50
Certificate serial:       019426D8C055BECEC9BC6B4BF8C6A8F674DB
Authority key identifier: 77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/ryABSBgMLByw-XFfZ_8SVzjoEH4.roa
Signing time:             Thu 02 Jan 2025 11:48:46 +0000
ROA not before:           Thu 02 Jan 2025 11:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8680
IP address blocks:        185.87.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 08:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:c0:55:be:ce:c9:bc:6b:4b:f8:c6:a8:f6:74:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b020308865c3360dab19f3a5703341864e9f50
        Validity
            Not Before: Jan  2 11:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af200148180c2c1cb0f9715f67ff125738e8107e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:37:c9:74:c4:02:e0:b4:27:79:6f:e7:71:00:
                    4b:61:55:87:84:dc:d0:64:5a:4d:5d:60:a1:1b:49:
                    68:ac:4f:d2:b9:06:0c:78:da:40:c6:3b:ce:2c:61:
                    37:69:38:a3:01:af:86:18:74:ad:e4:d3:c2:8e:cb:
                    9d:a6:0f:13:c2:22:15:55:17:56:95:87:ce:3e:db:
                    96:e3:dc:4c:70:20:2d:b8:7c:a0:5d:fb:61:6f:a6:
                    b2:e1:38:45:74:e8:12:d1:68:8f:71:f1:a6:01:f1:
                    62:aa:39:31:6b:cd:f5:0d:02:c4:4a:41:96:c5:82:
                    2e:e6:ce:ad:7a:1c:2c:7d:27:10:00:82:b1:04:5c:
                    3c:8d:de:01:e4:9c:27:33:3d:f3:66:8b:2a:74:e2:
                    08:8d:ee:c7:14:a2:f7:7b:93:61:ef:41:63:f8:45:
                    e9:67:d8:74:8d:65:ad:d1:8b:36:f3:c8:7d:23:01:
                    b4:46:05:d4:aa:18:76:b2:5a:55:4e:4c:c8:d5:ec:
                    a2:b8:de:12:1d:bc:26:5c:28:58:b4:74:56:11:29:
                    88:47:c9:0b:8b:48:65:88:bb:a9:1f:d8:ff:c7:0b:
                    ab:82:7c:46:76:7b:07:cb:9d:40:89:4d:21:55:4a:
                    a7:46:a1:4d:76:f1:61:5d:9a:d3:5c:57:fe:43:c4:
                    be:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:20:01:48:18:0C:2C:1C:B0:F9:71:5F:67:FF:12:57:38:E8:10:7E
            X509v3 Authority Key Identifier:
                keyid:77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/ryABSBgMLByw-XFfZ_8SVzjoEH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:65:49:9a:80:f9:6e:c6:cf:26:b3:5b:3e:f9:a0:1b:03:ee:
         cf:a7:a4:79:2b:08:16:4b:e8:ee:95:52:c7:9d:f0:b0:e5:16:
         b8:69:5f:53:86:04:42:d6:d5:94:c0:bf:d7:6a:05:0c:42:73:
         e7:f8:99:e7:e2:12:ca:40:b7:47:3a:1e:ce:d3:f7:c8:d3:13:
         43:43:fd:68:fa:ae:a6:b7:7a:52:0e:d7:94:b9:4d:5c:df:94:
         b3:72:d9:55:00:42:82:b6:f4:33:11:bf:b0:fb:dc:e0:0a:c6:
         0f:63:8a:67:55:35:67:35:8c:83:17:9b:31:30:8c:a0:04:a6:
         6d:fb:99:fe:be:14:b9:94:5a:c1:a2:33:93:e4:18:f9:82:b7:
         a7:48:7e:8b:41:de:e9:8f:d8:d1:c7:3c:49:22:b0:c4:16:fe:
         70:f8:f9:d9:86:1e:ad:9a:e3:c0:9f:3e:4e:dc:fe:b9:c5:e7:
         99:ba:77:a2:c1:dc:9d:d6:3d:cc:24:e0:88:2f:76:5e:a7:56:
         4a:16:34:78:97:60:ee:fb:bf:9a:77:ab:a9:54:e7:31:a4:34:
         78:81:73:8d:2a:8c:82:86:02:ec:8f:d0:59:1c:30:7b:3b:24:
         fe:cc:3b:4f:15:b3:70:7f:da:32:74:ed:8d:2b:33:22:6d:ea:
         68:25:30:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2MBVvs7JvGtL+Mao9nTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjAyMDMwODg2NWMzMzYwZGFiMTlmM2E1NzAzMzQxODY0
ZTlmNTAwHhcNMjUwMTAyMTE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIwMDE0ODE4MGMyYzFjYjBmOTcxNWY2N2ZmMTI1NzM4ZTgxMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzfJdMQC4LQneW/ncQBLYVWHhNzQ
ZFpNXWChG0lorE/SuQYMeNpAxjvOLGE3aTijAa+GGHSt5NPCjsudpg8TwiIVVRdW
lYfOPtuW49xMcCAtuHygXfthb6ay4ThFdOgS0WiPcfGmAfFiqjkxa831DQLESkGW
xYIu5s6tehwsfScQAIKxBFw8jd4B5JwnMz3zZosqdOIIje7HFKL3e5Nh70Fj+EXp
Z9h0jWWt0Ys288h9IwG0RgXUqhh2slpVTkzI1eyiuN4SHbwmXChYtHRWESmIR8kL
i0hliLupH9j/xwurgnxGdnsHy51AiU0hVUqnRqFNdvFhXZrTXFf+Q8S+fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8gAUgYDCwcsPlxX2f/Elc46BB+MB8GA1UdIwQY
MBaAFHewIDCIZcM2DasZ86VwM0GGTp9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzIt
YzhiYjhlYTM5ODA0LzEvcnlBQlNCZ01MQnl3LVhGZlpfOFNWempvRUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzItYzhiYjhlYTM5ODA0
LzEvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVeQMA0G
CSqGSIb3DQEBCwUAA4IBAQByZUmagPluxs8ms1s++aAbA+7Pp6R5KwgWS+julVLH
nfCw5Ra4aV9ThgRC1tWUwL/XagUMQnPn+Jnn4hLKQLdHOh7O0/fI0xNDQ/1o+q6m
t3pSDteUuU1c35SzctlVAEKCtvQzEb+w+9zgCsYPY4pnVTVnNYyDF5sxMIygBKZt
+5n+vhS5lFrBojOT5Bj5grenSH6LQd7pj9jRxzxJIrDEFv5w+PnZhh6tmuPAnz5O
3P65xeeZuneiwdyd1j3MJOCIL3Zep1ZKFjR4l2Du+7+ad6upVOcxpDR4gXONKoyC
hgLsj9BZHDB7OyT+zDtPFbNwf9oydO2NKzMibepoJTCA
-----END CERTIFICATE-----