Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/P_fOQuoMuGlAOPCmfzTnkjBIl1I.roa
File:                     P_fOQuoMuGlAOPCmfzTnkjBIl1I.roa (raw, json)
Hash identifier:          7StdsKvi1Pne8B1xArTjZazqt8/ZqEM0Iq/sVM/3q5k=
Subject key identifier:   3F:F7:CE:42:EA:0C:B8:69:40:38:F0:A6:7F:34:E7:92:30:48:97:52
Certificate issuer:       /CN=d2a4452602c9df977c9d5dd8dc13b6661df40136
Certificate serial:       01942827CAE69BC7CCBC2887ECC2908055EF
Authority key identifier: D2:A4:45:26:02:C9:DF:97:7C:9D:5D:D8:DC:13:B6:66:1D:F4:01:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/P_fOQuoMuGlAOPCmfzTnkjBIl1I.roa
Signing time:             Thu 02 Jan 2025 17:54:43 +0000
ROA not before:           Thu 02 Jan 2025 17:54:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200707
IP address blocks:        185.98.176.0/23 maxlen: 23
                          2a00:8000::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:ca:e6:9b:c7:cc:bc:28:87:ec:c2:90:80:55:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2a4452602c9df977c9d5dd8dc13b6661df40136
        Validity
            Not Before: Jan  2 17:54:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ff7ce42ea0cb8694038f0a67f34e79230489752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:db:86:26:63:7c:d7:77:88:17:4a:a8:1f:e7:
                    6d:73:42:1c:7e:ee:ec:82:d0:5b:8f:b0:d4:3e:85:
                    04:5b:d8:7a:d7:b3:1f:ce:b9:5c:41:8c:2e:2d:40:
                    75:58:6f:02:cf:c1:85:fb:19:4f:c1:79:4a:c8:ba:
                    e5:2c:73:80:05:db:a0:98:22:f6:c6:59:d1:11:9d:
                    c3:a9:f7:90:c7:e8:4e:28:74:e8:aa:98:9d:de:97:
                    ee:6b:0a:75:ef:cd:75:e8:8f:63:62:77:71:59:40:
                    54:73:d8:57:9f:53:e4:d3:9f:30:c7:21:bc:bc:61:
                    3a:30:f2:ff:0c:b6:26:bd:a8:6d:e4:06:2d:d8:d7:
                    22:6e:35:75:f5:91:96:0b:23:87:55:19:c2:01:06:
                    0c:05:13:bd:bc:cb:43:70:df:e2:36:31:06:b1:6b:
                    38:78:5d:77:26:68:b3:1e:58:d2:2d:15:80:0a:6a:
                    cb:69:57:b4:28:cc:b5:8d:35:a6:d7:ea:02:c4:f4:
                    fa:cf:e0:d1:fc:7e:1e:0f:c5:49:8a:b5:43:e6:81:
                    45:de:dc:b7:8b:57:3e:be:d8:cb:ea:0d:d1:a1:69:
                    38:ac:e8:97:27:7b:40:fc:d9:7a:f0:0a:49:16:1b:
                    0d:63:25:eb:0c:ce:90:f1:31:4b:c1:43:0c:d2:06:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F7:CE:42:EA:0C:B8:69:40:38:F0:A6:7F:34:E7:92:30:48:97:52
            X509v3 Authority Key Identifier:
                keyid:D2:A4:45:26:02:C9:DF:97:7C:9D:5D:D8:DC:13:B6:66:1D:F4:01:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/P_fOQuoMuGlAOPCmfzTnkjBIl1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d5fd99-8ae0-4ae0-b6b4-fe74ef7aac95/1/0qRFJgLJ35d8nV3Y3BO2Zh30ATY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.176.0/23
                IPv6:
                  2a00:8000::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:0b:3a:80:f8:04:75:27:e0:8c:80:94:10:75:04:fe:63:35:
         28:03:87:0c:76:09:c2:9a:1f:6f:65:64:97:17:35:11:39:bb:
         23:9b:fd:6d:26:ef:9a:fe:12:78:7d:4d:8a:c6:e9:5b:76:f4:
         01:04:91:a7:7d:e1:08:91:a8:f1:8c:86:0f:d9:24:df:43:a1:
         9a:23:0d:35:4f:3b:35:00:a0:33:b9:b6:17:0b:4a:5b:69:fe:
         79:8e:27:d5:4a:08:d2:f3:41:99:05:8e:7c:d3:d5:0d:6d:01:
         2e:98:85:b8:1e:ae:83:d9:57:d8:04:52:b5:26:ae:11:6c:a4:
         71:ae:ee:94:0f:51:26:5a:ac:8d:0b:e4:28:bb:9c:3e:66:1d:
         2e:72:d7:06:d7:55:aa:e0:76:47:2c:76:57:55:f4:4a:6d:73:
         25:1a:67:3f:66:fe:e1:a7:43:a2:16:f2:f5:a7:78:aa:43:63:
         8c:75:a0:0d:1a:96:06:fe:68:23:86:0e:19:e3:a2:1a:07:8a:
         2e:f8:d4:39:ba:f5:1d:02:d0:97:ee:7d:98:b5:91:bd:a3:a9:
         22:22:05:a3:de:64:ef:04:5e:5b:f0:33:c9:e7:0f:65:8a:a3:
         0d:84:1c:79:20:e1:f9:5c:87:f6:d7:56:ff:a0:55:04:3f:62:
         bc:de:22:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJ8rmm8fMvCiH7MKQgFXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYTQ0NTI2MDJjOWRmOTc3YzlkNWRkOGRjMTNiNjY2MWRm
NDAxMzYwHhcNMjUwMTAyMTc1NDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY3Y2U0MmVhMGNiODY5NDAzOGYwYTY3ZjM0ZTc5MjMwNDg5NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuduGJmN813eIF0qoH+dtc0Icfu7s
gtBbj7DUPoUEW9h617MfzrlcQYwuLUB1WG8Cz8GF+xlPwXlKyLrlLHOABdugmCL2
xlnREZ3DqfeQx+hOKHToqpid3pfuawp178116I9jYndxWUBUc9hXn1Pk058wxyG8
vGE6MPL/DLYmvaht5AYt2NcibjV19ZGWCyOHVRnCAQYMBRO9vMtDcN/iNjEGsWs4
eF13JmizHljSLRWACmrLaVe0KMy1jTWm1+oCxPT6z+DR/H4eD8VJirVD5oFF3ty3
i1c+vtjL6g3RoWk4rOiXJ3tA/Nl68ApJFhsNYyXrDM6Q8TFLwUMM0ga+0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD/3zkLqDLhpQDjwpn8055IwSJdSMB8GA1UdIwQY
MBaAFNKkRSYCyd+XfJ1d2NwTtmYd9AE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHFSRkpnTEozNWQ4blYzWTNCTzJaaDMwQVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNWZkOTktOGFlMC00YWUwLWI2YjQt
ZmU3NGVmN2FhYzk1LzEvUF9mT1F1b011R2xBT1BDbWZ6VG5rakJJbDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNWZkOTktOGFlMC00YWUwLWI2YjQtZmU3NGVmN2FhYzk1
LzEvMHFSRkpnTEozNWQ4blYzWTNCTzJaaDMwQVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuWKwMA0E
AgACMAcDBQAqAIAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnCzqA+AR1J+CMgJQQdQT+
YzUoA4cMdgnCmh9vZWSXFzURObsjm/1tJu+a/hJ4fU2KxulbdvQBBJGnfeEIkajx
jIYP2STfQ6GaIw01Tzs1AKAzubYXC0pbaf55jifVSgjS80GZBY5809UNbQEumIW4
Hq6D2VfYBFK1Jq4RbKRxru6UD1EmWqyNC+Qou5w+Zh0uctcG11Wq4HZHLHZXVfRK
bXMlGmc/Zv7hp0OiFvL1p3iqQ2OMdaANGpYG/mgjhg4Z46IaB4ou+NQ5uvUdAtCX
7n2YtZG9o6kiIgWj3mTvBF5b8DPJ5w9liqMNhBx5IOH5XIf211b/oFUEP2K83iJk
-----END CERTIFICATE-----