Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/jRyIBgdtXReJ9oHBVuw4FaEWM-0.roa
File:                     jRyIBgdtXReJ9oHBVuw4FaEWM-0.roa (raw, json)
Hash identifier:          ZszsBIs7CJREdsDcllx0N3t5IqBzFvq0JJZ2fLMu8PY=
Subject key identifier:   8D:1C:88:06:07:6D:5D:17:89:F6:81:C1:56:EC:38:15:A1:16:33:ED
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA9B1A4B9E1DB5B3C30C0321C978D
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/jRyIBgdtXReJ9oHBVuw4FaEWM-0.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198456
IP address blocks:        185.17.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a9:b1:a4:b9:e1:db:5b:3c:30:c0:32:1c:97:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d1c8806076d5d1789f681c156ec3815a11633ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d6:a5:40:90:36:f1:db:b9:85:7b:50:82:e7:
                    25:df:6a:5c:28:c7:c9:ff:02:14:c9:ae:9f:c7:5d:
                    17:df:6d:0f:90:61:7c:7b:c7:e1:77:dd:24:7f:8f:
                    33:4d:8a:3c:4c:d3:58:5f:09:66:11:83:fd:3b:87:
                    e4:2c:06:41:5f:d2:f1:68:b0:ee:ae:94:23:7f:15:
                    82:02:14:c6:d9:ca:29:85:d3:e3:51:0a:c0:a1:51:
                    d1:f0:34:5a:65:4c:ff:82:68:ae:3e:5f:75:15:26:
                    1b:52:bd:ad:f0:c9:94:bb:38:0d:b4:a0:9b:a4:90:
                    5c:78:73:d4:87:be:ad:05:14:9e:82:4e:c7:b1:38:
                    4f:f1:7e:ab:15:fa:74:ed:84:0d:19:eb:28:c8:3d:
                    3a:04:b9:8a:b4:e0:7b:37:f6:57:6f:6d:4b:00:81:
                    17:fb:97:d8:86:50:65:1c:cf:f5:64:a2:b9:25:e7:
                    d8:9f:c6:81:d1:b3:ca:18:c5:e3:2b:90:9f:17:52:
                    c5:c9:81:47:77:01:0c:53:b4:81:85:3c:64:ad:2c:
                    1d:06:a5:22:1d:5b:ff:97:8b:93:8f:df:be:40:cf:
                    6a:04:9d:3f:a7:24:de:3f:71:42:2a:de:70:af:fb:
                    df:ed:9f:29:9c:b9:ff:b8:f1:43:b5:61:7a:3c:ed:
                    a8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:1C:88:06:07:6D:5D:17:89:F6:81:C1:56:EC:38:15:A1:16:33:ED
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/jRyIBgdtXReJ9oHBVuw4FaEWM-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:95:1e:0a:c0:24:c0:49:11:ab:e4:0b:d8:50:4f:34:15:f6:
         92:eb:47:58:ac:08:8e:a0:99:9a:02:95:f8:7d:0b:36:73:00:
         1e:6a:0c:42:01:d2:46:67:a5:dc:b9:68:50:42:73:5a:15:f5:
         88:43:70:e4:04:54:fe:5d:6d:0f:cf:ad:a6:20:fa:91:b2:ed:
         48:d5:67:70:24:d8:0b:81:36:53:87:a3:77:7f:35:f9:0a:f4:
         ba:40:97:1c:cb:9c:82:72:03:be:c8:34:9e:1b:e4:c4:08:ab:
         d6:09:a2:e1:22:83:f1:d6:e1:c5:ab:07:60:09:62:04:91:35:
         f1:d7:f5:43:8a:0c:87:af:64:0f:ae:b6:a7:3c:d4:fb:b9:a9:
         24:3e:a4:08:46:15:e1:62:0e:76:e5:be:27:72:75:7e:c2:d2:
         19:05:c4:41:3e:62:a8:1b:a3:b1:8b:99:9b:ac:f3:5d:e6:c9:
         53:2e:c3:f3:80:c9:bd:39:67:d2:b1:fa:83:1a:47:6f:fa:02:
         e1:b1:77:36:e8:e2:e0:6b:1e:c5:83:05:f1:39:29:b5:b3:b3:
         8b:41:ab:0f:3a:83:ba:59:35:90:f0:ee:07:21:7f:1d:b5:0c:
         54:ae:c9:6b:7e:6a:c9:52:88:83:4f:4b:78:3f:d7:62:fb:f3:
         6c:a3:50:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijamxpLnh21s8MMAyHJeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDFjODgwNjA3NmQ1ZDE3ODlmNjgxYzE1NmVjMzgxNWExMTYzM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtalQJA28du5hXtQgucl32pcKMfJ
/wIUya6fx10X320PkGF8e8fhd90kf48zTYo8TNNYXwlmEYP9O4fkLAZBX9LxaLDu
rpQjfxWCAhTG2cophdPjUQrAoVHR8DRaZUz/gmiuPl91FSYbUr2t8MmUuzgNtKCb
pJBceHPUh76tBRSegk7HsThP8X6rFfp07YQNGesoyD06BLmKtOB7N/ZXb21LAIEX
+5fYhlBlHM/1ZKK5JefYn8aB0bPKGMXjK5CfF1LFyYFHdwEMU7SBhTxkrSwdBqUi
HVv/l4uTj9++QM9qBJ0/pyTeP3FCKt5wr/vf7Z8pnLn/uPFDtWF6PO2o+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0ciAYHbV0XifaBwVbsOBWhFjPtMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvalJ5SUJnZHRYUmVKOW9IQlZ1dzRGYUVXTS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFWMA0G
CSqGSIb3DQEBCwUAA4IBAQCrlR4KwCTASRGr5AvYUE80FfaS60dYrAiOoJmaApX4
fQs2cwAeagxCAdJGZ6XcuWhQQnNaFfWIQ3DkBFT+XW0Pz62mIPqRsu1I1WdwJNgL
gTZTh6N3fzX5CvS6QJccy5yCcgO+yDSeG+TECKvWCaLhIoPx1uHFqwdgCWIEkTXx
1/VDigyHr2QPrranPNT7uakkPqQIRhXhYg525b4ncnV+wtIZBcRBPmKoG6Oxi5mb
rPNd5slTLsPzgMm9OWfSsfqDGkdv+gLhsXc26OLgax7FgwXxOSm1s7OLQasPOoO6
WTWQ8O4HIX8dtQxUrslrfmrJUoiDT0t4P9di+/Nso1D1
-----END CERTIFICATE-----