Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/CY3YIBeeXy7d304leRk_84B6aOw.roa
File:                     CY3YIBeeXy7d304leRk_84B6aOw.roa (raw, json)
Hash identifier:          a5cqctkZKmbgtiXrSitwhHqbpFExqVK4hQecaTEUPK8=
Subject key identifier:   09:8D:D8:20:17:9E:5F:2E:DD:DF:4E:25:79:19:3F:F3:80:7A:68:EC
Certificate issuer:       /CN=afb00b29396e78033edbacafef9850b1b0e35323
Certificate serial:       0194252230D0D7D848169246E4DB4205088D
Authority key identifier: AF:B0:0B:29:39:6E:78:03:3E:DB:AC:AF:EF:98:50:B1:B0:E3:53:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7ALKTlueAM-26yv75hQsbDjUyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/CY3YIBeeXy7d304leRk_84B6aOw.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206911
IP address blocks:        185.171.108.0/24 maxlen: 24
                          185.171.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/r7ALKTlueAM-26yv75hQsbDjUyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/r7ALKTlueAM-26yv75hQsbDjUyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r7ALKTlueAM-26yv75hQsbDjUyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:30:d0:d7:d8:48:16:92:46:e4:db:42:05:08:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afb00b29396e78033edbacafef9850b1b0e35323
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=098dd820179e5f2edddf4e2579193ff3807a68ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:57:24:82:f9:28:65:75:34:40:13:2e:53:45:
                    2e:be:7a:92:c2:63:7c:dc:85:6e:d5:87:3c:da:30:
                    bf:d7:ea:86:b2:16:6a:f3:d4:56:df:86:4c:f1:f3:
                    a6:5c:b6:47:12:a3:5c:d7:5f:81:3a:24:65:be:45:
                    e3:d5:ff:00:af:39:8c:7e:0b:fa:01:0b:5c:d9:6f:
                    3c:72:99:1a:84:26:0e:0e:ed:6b:e8:80:b6:0f:0d:
                    48:c4:5e:68:c7:85:c7:eb:a5:39:5f:90:70:bd:10:
                    7c:31:d6:d5:55:27:db:54:72:00:ac:18:c9:54:36:
                    25:b9:9f:ac:c7:53:51:0f:be:0c:b2:5a:a5:57:af:
                    ec:39:c7:4b:c8:16:69:a1:2e:01:be:cd:50:57:91:
                    5a:4e:7a:44:fd:0c:d6:d0:76:3b:37:dc:57:a6:ee:
                    02:35:a5:a3:37:94:4b:23:27:e9:e2:45:98:9b:29:
                    25:f8:da:b5:04:e9:4e:45:86:b2:1f:04:57:95:68:
                    c3:8e:3d:df:8b:a2:eb:f7:2a:2a:4b:65:5a:3d:02:
                    c0:80:94:a9:b3:2b:e3:84:fb:38:27:bd:61:55:ff:
                    93:7f:5a:1e:6e:76:78:4c:74:e7:20:78:a6:74:28:
                    e4:4f:3b:53:91:5a:c0:6f:87:5d:62:0c:8e:d2:35:
                    08:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8D:D8:20:17:9E:5F:2E:DD:DF:4E:25:79:19:3F:F3:80:7A:68:EC
            X509v3 Authority Key Identifier:
                keyid:AF:B0:0B:29:39:6E:78:03:3E:DB:AC:AF:EF:98:50:B1:B0:E3:53:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7ALKTlueAM-26yv75hQsbDjUyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/CY3YIBeeXy7d304leRk_84B6aOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/e4ca56-1386-432c-96cb-65a9a4dfad9e/1/r7ALKTlueAM-26yv75hQsbDjUyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:a3:67:b9:33:42:1c:a9:41:8d:67:58:b2:8a:84:36:8a:cb:
         e9:84:b0:e0:0a:88:1e:e6:a9:b4:f6:9f:c2:26:fe:d8:0b:5d:
         ff:a8:07:7a:bd:ae:eb:82:84:78:8e:1a:1f:c5:72:3e:71:41:
         27:eb:c7:48:4e:53:11:f1:be:e7:0e:ec:25:60:0b:13:d7:2c:
         6b:07:b5:38:db:b3:7d:ed:61:5e:41:90:06:31:e6:9e:82:76:
         04:ec:21:a7:97:31:cf:53:90:e8:25:0c:43:ef:e5:60:9f:6b:
         7c:f1:eb:28:df:3d:4f:fd:b7:2b:ed:b8:e8:b9:00:2f:21:a7:
         61:a8:29:f9:a6:05:68:bc:ac:b1:d1:b1:ea:3f:02:ea:d3:ad:
         98:04:bc:81:5b:09:87:5d:90:3d:c7:77:dd:9f:55:e1:ad:9a:
         fd:d5:b4:dd:4b:c1:64:4b:9c:65:ba:13:15:e9:69:e2:68:a8:
         e6:cc:ab:6a:78:c5:b9:23:cb:74:cc:02:d3:08:56:3e:4b:94:
         d0:45:27:53:e9:ff:a0:3f:d5:e9:30:7f:b2:f5:52:a8:5b:11:
         a8:dd:07:14:ca:38:94:98:19:78:21:ff:18:9c:b6:78:d6:9c:
         e4:8d:1a:7d:8f:d2:a2:f5:b0:ff:80:80:54:60:8e:ff:2d:3a:
         10:88:1f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIjDQ19hIFpJG5NtCBQiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjAwYjI5Mzk2ZTc4MDMzZWRiYWNhZmVmOTg1MGIxYjBl
MzUzMjMwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThkZDgyMDE3OWU1ZjJlZGRkZjRlMjU3OTE5M2ZmMzgwN2E2OGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1ckgvkoZXU0QBMuU0UuvnqSwmN8
3IVu1Yc82jC/1+qGshZq89RW34ZM8fOmXLZHEqNc11+BOiRlvkXj1f8ArzmMfgv6
AQtc2W88cpkahCYODu1r6IC2Dw1IxF5ox4XH66U5X5BwvRB8MdbVVSfbVHIArBjJ
VDYluZ+sx1NRD74MslqlV6/sOcdLyBZpoS4Bvs1QV5FaTnpE/QzW0HY7N9xXpu4C
NaWjN5RLIyfp4kWYmykl+Nq1BOlORYayHwRXlWjDjj3fi6Lr9yoqS2VaPQLAgJSp
syvjhPs4J71hVf+Tf1oebnZ4THTnIHimdCjkTztTkVrAb4ddYgyO0jUIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmN2CAXnl8u3d9OJXkZP/OAemjsMB8GA1UdIwQY
MBaAFK+wCyk5bngDPtusr++YULGw41MjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdBTEtUbHVlQU0tMjZ5djc1aFFzYkRqVXlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9lNGNhNTYtMTM4Ni00MzJjLTk2Y2It
NjVhOWE0ZGZhZDllLzEvQ1kzWUlCZWVYeTdkMzA0bGVSa184NEI2YU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9lNGNhNTYtMTM4Ni00MzJjLTk2Y2ItNjVhOWE0ZGZhZDll
LzEvcjdBTEtUbHVlQU0tMjZ5djc1aFFzYkRqVXlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuatsMA0G
CSqGSIb3DQEBCwUAA4IBAQAGo2e5M0IcqUGNZ1iyioQ2isvphLDgCoge5qm09p/C
Jv7YC13/qAd6va7rgoR4jhofxXI+cUEn68dITlMR8b7nDuwlYAsT1yxrB7U427N9
7WFeQZAGMeaegnYE7CGnlzHPU5DoJQxD7+Vgn2t88eso3z1P/bcr7bjouQAvIadh
qCn5pgVovKyx0bHqPwLq062YBLyBWwmHXZA9x3fdn1XhrZr91bTdS8FkS5xluhMV
6WniaKjmzKtqeMW5I8t0zALTCFY+S5TQRSdT6f+gP9XpMH+y9VKoWxGo3QcUyjiU
mBl4If8YnLZ41pzkjRp9j9Ki9bD/gIBUYI7/LToQiB90
-----END CERTIFICATE-----